6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
Size

184KB
MD5

9b14c4ba5432236bc68974a6e5ec47c3
SHA1

bcc711ed2c7ba03fe451417ea48f320f7d6d2396
SHA256

6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225
SHA512

430055303660a8ccdc74577bf12bf4b8122403c5293ce3bfd73512615735e0073723089b0c3f0cc7f4c63b218276a17a5f7b2ba9aafe27c7d1931d13ca6916db
SSDEEP

3072:NyJaHkoq7JOTjeaWePgL+KsEhlnViFNn3:Ny7onHeaCL9sEhlnViFN

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-57062.exeUnicorn-18251.exeUnicorn-2277.exeUnicorn-52952.exeUnicorn-52952.exeUnicorn-2360.exeUnicorn-39714.exeUnicorn-13263.exeUnicorn-28208.exeUnicorn-63019.exeUnicorn-48074.exeUnicorn-23617.exeUnicorn-16003.exeUnicorn-22055.exeUnicorn-26139.exeUnicorn-30223.exeUnicorn-10357.exeUnicorn-45168.exeUnicorn-50342.exeUnicorn-65287.exeUnicorn-27784.exeUnicorn-24830.exeUnicorn-61032.exeUnicorn-10440.exeUnicorn-34582.exeUnicorn-49527.exeUnicorn-7939.exeUnicorn-42750.exeUnicorn-57695.exeUnicorn-12023.exeUnicorn-33596.exeUnicorn-33596.exeUnicorn-52625.exeUnicorn-11037.exeUnicorn-25982.exeUnicorn-19206.exeUnicorn-17260.exeUnicorn-56154.exeUnicorn-13538.exeUnicorn-10845.exeUnicorn-49740.exeUnicorn-14929.exeUnicorn-64685.exeUnicorn-33958.exeUnicorn-23098.exeUnicorn-38042.exeUnicorn-29595.exeUnicorn-48624.exeUnicorn-58375.exeUnicorn-13258.exeUnicorn-17151.exeUnicorn-62822.exeUnicorn-36179.exeUnicorn-13621.exeUnicorn-2760.exeUnicorn-21789.exeUnicorn-62267.exeUnicorn-15759.exeUnicorn-39709.exeUnicorn-58738.exeUnicorn-17727.exeUnicorn-25895.exeUnicorn-10113.exeUnicorn-3336.exe

pid	process
1724	Unicorn-57062.exe
1892	Unicorn-18251.exe
2628	Unicorn-2277.exe
2852	Unicorn-52952.exe
2648	Unicorn-52952.exe
2624	Unicorn-2360.exe
2412	Unicorn-39714.exe
2788	Unicorn-13263.exe
2556	Unicorn-28208.exe
2912	Unicorn-63019.exe
2944	Unicorn-48074.exe
1348	Unicorn-23617.exe
1652	Unicorn-16003.exe
1124	Unicorn-22055.exe
1756	Unicorn-26139.exe
1928	Unicorn-30223.exe
2268	Unicorn-10357.exe
2308	Unicorn-45168.exe
1400	Unicorn-50342.exe
1040	Unicorn-65287.exe
1740	Unicorn-27784.exe
1968	Unicorn-24830.exe
1000	Unicorn-61032.exe
2252	Unicorn-10440.exe
736	Unicorn-34582.exe
1956	Unicorn-49527.exe
2084	Unicorn-7939.exe
2196	Unicorn-42750.exe
2572	Unicorn-57695.exe
1516	Unicorn-12023.exe
1060	Unicorn-33596.exe
2036	Unicorn-33596.exe
2404	Unicorn-52625.exe
2360	Unicorn-11037.exe
2712	Unicorn-25982.exe
2532	Unicorn-19206.exe
968	Unicorn-17260.exe
2104	Unicorn-56154.exe
2784	Unicorn-13538.exe
2812	Unicorn-10845.exe
2828	Unicorn-49740.exe
2204	Unicorn-14929.exe
1084	Unicorn-64685.exe
1572	Unicorn-33958.exe
2224	Unicorn-23098.exe
344	Unicorn-38042.exe
2040	Unicorn-29595.exe
2372	Unicorn-48624.exe
1896	Unicorn-58375.exe
1260	Unicorn-13258.exe
2172	Unicorn-17151.exe
548	Unicorn-62822.exe
676	Unicorn-36179.exe
2296	Unicorn-13621.exe
2568	Unicorn-2760.exe
1548	Unicorn-21789.exe
1556	Unicorn-62267.exe
2676	Unicorn-15759.exe
1568	Unicorn-39709.exe
2692	Unicorn-58738.exe
2708	Unicorn-17727.exe
2536	Unicorn-25895.exe
1804	Unicorn-10113.exe
2832	Unicorn-3336.exe

Loads dropped DLL 64 IoCs

Processes:

6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exeUnicorn-57062.exeUnicorn-2277.exeUnicorn-18251.exeWerFault.exeUnicorn-2360.exeUnicorn-52952.exeUnicorn-52952.exeWerFault.exeWerFault.exeUnicorn-39714.exeUnicorn-63019.exeUnicorn-28208.exeUnicorn-13263.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
1724	Unicorn-57062.exe
1724	Unicorn-57062.exe
1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
2628	Unicorn-2277.exe
1892	Unicorn-18251.exe
1892	Unicorn-18251.exe
2628	Unicorn-2277.exe
1724	Unicorn-57062.exe
1724	Unicorn-57062.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2608	WerFault.exe
2624	Unicorn-2360.exe
2624	Unicorn-2360.exe
2852	Unicorn-52952.exe
2852	Unicorn-52952.exe
2628	Unicorn-2277.exe
2648	Unicorn-52952.exe
2628	Unicorn-2277.exe
2648	Unicorn-52952.exe
1892	Unicorn-18251.exe
1892	Unicorn-18251.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
740	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
1944	WerFault.exe
740	WerFault.exe
2412	Unicorn-39714.exe
2412	Unicorn-39714.exe
2624	Unicorn-2360.exe
2624	Unicorn-2360.exe
2912	Unicorn-63019.exe
2912	Unicorn-63019.exe
2556	Unicorn-28208.exe
2556	Unicorn-28208.exe
2648	Unicorn-52952.exe
2648	Unicorn-52952.exe
2788	Unicorn-13263.exe
2788	Unicorn-13263.exe
2852	Unicorn-52952.exe
2852	Unicorn-52952.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
824	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
2528	WerFault.exe
900	WerFault.exe
900	WerFault.exe
900	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2644	1708	WerFault.exe	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
2608	1724	WerFault.exe	Unicorn-57062.exe
1944	1892	WerFault.exe	Unicorn-18251.exe
740	2628	WerFault.exe	Unicorn-2277.exe
824	2624	WerFault.exe	Unicorn-2360.exe
2528	2852	WerFault.exe	Unicorn-52952.exe
900	2648	WerFault.exe	Unicorn-52952.exe
1428	2412	WerFault.exe	Unicorn-39714.exe
1748	2912	WerFault.exe	Unicorn-63019.exe
2596	2556	WerFault.exe	Unicorn-28208.exe
2592	2944	WerFault.exe	Unicorn-48074.exe
2640	2788	WerFault.exe	Unicorn-13263.exe
2220	1348	WerFault.exe	Unicorn-23617.exe
2348	1652	WerFault.exe	Unicorn-16003.exe
2092	1756	WerFault.exe	Unicorn-26139.exe
2876	1124	WerFault.exe	Unicorn-22055.exe
2284	2268	WerFault.exe	Unicorn-10357.exe
2356	1928	WerFault.exe	Unicorn-30223.exe
764	2308	WerFault.exe	Unicorn-45168.exe
1100	1572	WerFault.exe	Unicorn-33958.exe
1536	1400	WerFault.exe	Unicorn-50342.exe
1416	1040	WerFault.exe	Unicorn-65287.exe
884	1740	WerFault.exe	Unicorn-27784.exe
596	1968	WerFault.exe	Unicorn-24830.exe
2460	1000	WerFault.exe	Unicorn-61032.exe
564	2252	WerFault.exe	Unicorn-10440.exe
3044	1956	WerFault.exe	Unicorn-49527.exe
1152	736	WerFault.exe	Unicorn-34582.exe
2760	2196	WerFault.exe	Unicorn-42750.exe
3016	2572	WerFault.exe	Unicorn-57695.exe
2476	2084	WerFault.exe	Unicorn-7939.exe
2804	1516	WerFault.exe	Unicorn-12023.exe
1476	2036	WerFault.exe	Unicorn-33596.exe
1280	2360	WerFault.exe	Unicorn-11037.exe
1672	1060	WerFault.exe	Unicorn-33596.exe
3080	2712	WerFault.exe	Unicorn-25982.exe
3300	2224	WerFault.exe	Unicorn-23098.exe
3308	1084	WerFault.exe	Unicorn-64685.exe
3520	968	WerFault.exe	Unicorn-17260.exe
3576	2784	WerFault.exe	Unicorn-13538.exe
3844	2828	WerFault.exe	Unicorn-49740.exe
3932	2532	WerFault.exe	Unicorn-19206.exe
3196	2040	WerFault.exe	Unicorn-29595.exe
3388	344	WerFault.exe	Unicorn-38042.exe
3592	2204	WerFault.exe	Unicorn-14929.exe
4048	2708	WerFault.exe	Unicorn-17727.exe
4064	1856	WerFault.exe	Unicorn-15588.exe
4092	2676	WerFault.exe	Unicorn-15759.exe
3128	2812	WerFault.exe	Unicorn-10845.exe
3136	2692	WerFault.exe	Unicorn-58738.exe
3168	2564	WerFault.exe	Unicorn-46315.exe
3236	2424	WerFault.exe	Unicorn-53092.exe
3284	2740	WerFault.exe	Unicorn-11504.exe
3316	2104	WerFault.exe	Unicorn-56154.exe
3344	1180	WerFault.exe	Unicorn-58759.exe
3516	2372	WerFault.exe	Unicorn-48624.exe
3808	1568	WerFault.exe	Unicorn-39709.exe
3988	2836	WerFault.exe	Unicorn-42999.exe
3996	2000	WerFault.exe	Unicorn-47083.exe
4028	2364	WerFault.exe	Unicorn-40538.exe
3924	2780	WerFault.exe	Unicorn-1452.exe
3276	1548	WerFault.exe	Unicorn-21789.exe
4228	268	WerFault.exe	Unicorn-23456.exe
4276	676	WerFault.exe	Unicorn-36179.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exeUnicorn-57062.exeUnicorn-18251.exeUnicorn-2277.exeUnicorn-52952.exeUnicorn-52952.exeUnicorn-2360.exeUnicorn-39714.exeUnicorn-13263.exeUnicorn-63019.exeUnicorn-48074.exeUnicorn-28208.exeUnicorn-23617.exeUnicorn-16003.exeUnicorn-26139.exeUnicorn-22055.exeUnicorn-10357.exeUnicorn-45168.exeUnicorn-30223.exeUnicorn-65287.exeUnicorn-50342.exeUnicorn-27784.exeUnicorn-24830.exeUnicorn-61032.exeUnicorn-10440.exeUnicorn-34582.exeUnicorn-49527.exeUnicorn-42750.exeUnicorn-7939.exeUnicorn-57695.exeUnicorn-12023.exeUnicorn-33596.exeUnicorn-33596.exeUnicorn-52625.exeUnicorn-11037.exeUnicorn-25982.exeUnicorn-19206.exeUnicorn-17260.exeUnicorn-56154.exeUnicorn-13538.exeUnicorn-10845.exeUnicorn-49740.exeUnicorn-33958.exeUnicorn-14929.exeUnicorn-64685.exeUnicorn-23098.exeUnicorn-38042.exeUnicorn-29595.exeUnicorn-48624.exeUnicorn-58375.exeUnicorn-13258.exeUnicorn-62822.exeUnicorn-17151.exeUnicorn-36179.exeUnicorn-13621.exeUnicorn-2760.exeUnicorn-21789.exeUnicorn-62267.exeUnicorn-15759.exeUnicorn-39709.exeUnicorn-58738.exeUnicorn-17727.exeUnicorn-10113.exeUnicorn-25895.exe

pid	process
1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
1724	Unicorn-57062.exe
1892	Unicorn-18251.exe
2628	Unicorn-2277.exe
2852	Unicorn-52952.exe
2648	Unicorn-52952.exe
2624	Unicorn-2360.exe
2412	Unicorn-39714.exe
2788	Unicorn-13263.exe
2912	Unicorn-63019.exe
2944	Unicorn-48074.exe
2556	Unicorn-28208.exe
1348	Unicorn-23617.exe
1652	Unicorn-16003.exe
1756	Unicorn-26139.exe
1124	Unicorn-22055.exe
2268	Unicorn-10357.exe
2308	Unicorn-45168.exe
1928	Unicorn-30223.exe
1040	Unicorn-65287.exe
1400	Unicorn-50342.exe
1740	Unicorn-27784.exe
1968	Unicorn-24830.exe
1000	Unicorn-61032.exe
2252	Unicorn-10440.exe
736	Unicorn-34582.exe
1956	Unicorn-49527.exe
2196	Unicorn-42750.exe
2084	Unicorn-7939.exe
2572	Unicorn-57695.exe
1516	Unicorn-12023.exe
1060	Unicorn-33596.exe
2036	Unicorn-33596.exe
2404	Unicorn-52625.exe
2360	Unicorn-11037.exe
2712	Unicorn-25982.exe
2532	Unicorn-19206.exe
968	Unicorn-17260.exe
2104	Unicorn-56154.exe
2784	Unicorn-13538.exe
2812	Unicorn-10845.exe
2828	Unicorn-49740.exe
1572	Unicorn-33958.exe
2204	Unicorn-14929.exe
1084	Unicorn-64685.exe
2224	Unicorn-23098.exe
344	Unicorn-38042.exe
2040	Unicorn-29595.exe
2372	Unicorn-48624.exe
1896	Unicorn-58375.exe
1260	Unicorn-13258.exe
548	Unicorn-62822.exe
2172	Unicorn-17151.exe
676	Unicorn-36179.exe
2296	Unicorn-13621.exe
2568	Unicorn-2760.exe
1548	Unicorn-21789.exe
1556	Unicorn-62267.exe
2676	Unicorn-15759.exe
1568	Unicorn-39709.exe
2692	Unicorn-58738.exe
2708	Unicorn-17727.exe
1804	Unicorn-10113.exe
2536	Unicorn-25895.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exeUnicorn-57062.exeUnicorn-18251.exeUnicorn-2277.exeUnicorn-2360.exeUnicorn-52952.exeUnicorn-52952.exeUnicorn-39714.exe

description	pid	process	target process
PID 1708 wrote to memory of 1724	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-57062.exe
PID 1708 wrote to memory of 1724	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-57062.exe
PID 1708 wrote to memory of 1724	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-57062.exe
PID 1708 wrote to memory of 1724	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-57062.exe
PID 1724 wrote to memory of 1892	1724	Unicorn-57062.exe	Unicorn-18251.exe
PID 1724 wrote to memory of 1892	1724	Unicorn-57062.exe	Unicorn-18251.exe
PID 1724 wrote to memory of 1892	1724	Unicorn-57062.exe	Unicorn-18251.exe
PID 1724 wrote to memory of 1892	1724	Unicorn-57062.exe	Unicorn-18251.exe
PID 1708 wrote to memory of 2628	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-2277.exe
PID 1708 wrote to memory of 2628	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-2277.exe
PID 1708 wrote to memory of 2628	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-2277.exe
PID 1708 wrote to memory of 2628	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	Unicorn-2277.exe
PID 1708 wrote to memory of 2644	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	WerFault.exe
PID 1708 wrote to memory of 2644	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	WerFault.exe
PID 1708 wrote to memory of 2644	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	WerFault.exe
PID 1708 wrote to memory of 2644	1708	6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe	WerFault.exe
PID 1892 wrote to memory of 2852	1892	Unicorn-18251.exe	Unicorn-52952.exe
PID 1892 wrote to memory of 2852	1892	Unicorn-18251.exe	Unicorn-52952.exe
PID 1892 wrote to memory of 2852	1892	Unicorn-18251.exe	Unicorn-52952.exe
PID 1892 wrote to memory of 2852	1892	Unicorn-18251.exe	Unicorn-52952.exe
PID 2628 wrote to memory of 2648	2628	Unicorn-2277.exe	Unicorn-52952.exe
PID 2628 wrote to memory of 2648	2628	Unicorn-2277.exe	Unicorn-52952.exe
PID 2628 wrote to memory of 2648	2628	Unicorn-2277.exe	Unicorn-52952.exe
PID 2628 wrote to memory of 2648	2628	Unicorn-2277.exe	Unicorn-52952.exe
PID 1724 wrote to memory of 2624	1724	Unicorn-57062.exe	Unicorn-2360.exe
PID 1724 wrote to memory of 2624	1724	Unicorn-57062.exe	Unicorn-2360.exe
PID 1724 wrote to memory of 2624	1724	Unicorn-57062.exe	Unicorn-2360.exe
PID 1724 wrote to memory of 2624	1724	Unicorn-57062.exe	Unicorn-2360.exe
PID 1724 wrote to memory of 2608	1724	Unicorn-57062.exe	WerFault.exe
PID 1724 wrote to memory of 2608	1724	Unicorn-57062.exe	WerFault.exe
PID 1724 wrote to memory of 2608	1724	Unicorn-57062.exe	WerFault.exe
PID 1724 wrote to memory of 2608	1724	Unicorn-57062.exe	WerFault.exe
PID 2624 wrote to memory of 2412	2624	Unicorn-2360.exe	Unicorn-39714.exe
PID 2624 wrote to memory of 2412	2624	Unicorn-2360.exe	Unicorn-39714.exe
PID 2624 wrote to memory of 2412	2624	Unicorn-2360.exe	Unicorn-39714.exe
PID 2624 wrote to memory of 2412	2624	Unicorn-2360.exe	Unicorn-39714.exe
PID 2852 wrote to memory of 2788	2852	Unicorn-52952.exe	Unicorn-13263.exe
PID 2852 wrote to memory of 2788	2852	Unicorn-52952.exe	Unicorn-13263.exe
PID 2852 wrote to memory of 2788	2852	Unicorn-52952.exe	Unicorn-13263.exe
PID 2852 wrote to memory of 2788	2852	Unicorn-52952.exe	Unicorn-13263.exe
PID 2628 wrote to memory of 2912	2628	Unicorn-2277.exe	Unicorn-63019.exe
PID 2628 wrote to memory of 2912	2628	Unicorn-2277.exe	Unicorn-63019.exe
PID 2628 wrote to memory of 2912	2628	Unicorn-2277.exe	Unicorn-63019.exe
PID 2628 wrote to memory of 2912	2628	Unicorn-2277.exe	Unicorn-63019.exe
PID 2648 wrote to memory of 2944	2648	Unicorn-52952.exe	Unicorn-48074.exe
PID 2648 wrote to memory of 2944	2648	Unicorn-52952.exe	Unicorn-48074.exe
PID 2648 wrote to memory of 2944	2648	Unicorn-52952.exe	Unicorn-48074.exe
PID 2648 wrote to memory of 2944	2648	Unicorn-52952.exe	Unicorn-48074.exe
PID 1892 wrote to memory of 2556	1892	Unicorn-18251.exe	Unicorn-28208.exe
PID 1892 wrote to memory of 2556	1892	Unicorn-18251.exe	Unicorn-28208.exe
PID 1892 wrote to memory of 2556	1892	Unicorn-18251.exe	Unicorn-28208.exe
PID 1892 wrote to memory of 2556	1892	Unicorn-18251.exe	Unicorn-28208.exe
PID 1892 wrote to memory of 1944	1892	Unicorn-18251.exe	WerFault.exe
PID 1892 wrote to memory of 1944	1892	Unicorn-18251.exe	WerFault.exe
PID 1892 wrote to memory of 1944	1892	Unicorn-18251.exe	WerFault.exe
PID 1892 wrote to memory of 1944	1892	Unicorn-18251.exe	WerFault.exe
PID 2628 wrote to memory of 740	2628	Unicorn-2277.exe	WerFault.exe
PID 2628 wrote to memory of 740	2628	Unicorn-2277.exe	WerFault.exe
PID 2628 wrote to memory of 740	2628	Unicorn-2277.exe	WerFault.exe
PID 2628 wrote to memory of 740	2628	Unicorn-2277.exe	WerFault.exe
PID 2412 wrote to memory of 1348	2412	Unicorn-39714.exe	Unicorn-23617.exe
PID 2412 wrote to memory of 1348	2412	Unicorn-39714.exe	Unicorn-23617.exe
PID 2412 wrote to memory of 1348	2412	Unicorn-39714.exe	Unicorn-23617.exe
PID 2412 wrote to memory of 1348	2412	Unicorn-39714.exe	Unicorn-23617.exe

C:\Users\Admin\AppData\Local\Temp\6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe
"C:\Users\Admin\AppData\Local\Temp\6ca712fa97527c9338b45870aa746cc16cfe17187628d7d4668707155e795225.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30223.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49740.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
9⤵
- Executes dropped EXE
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
10⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12594.exe
11⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6128.exe
12⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
13⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
14⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
15⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4985.exe
16⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
15⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
14⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
13⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
12⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
11⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31623.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14296.exe
11⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-861.exe
12⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24025.exe
13⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
14⤵
PID:11692

C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17321.exe
15⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
14⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
13⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
12⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
11⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2412.exe
9⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59849.exe
10⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63544.exe
11⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37844.exe
12⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
13⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45893.exe
14⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
14⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
13⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
12⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
11⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
10⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
9⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53092.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
9⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6948.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13697.exe
12⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41866.exe
13⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
14⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
14⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
13⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
12⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
11⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
10⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
9⤵
- Program crash
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
8⤵
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33958.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
8⤵
- Program crash
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
7⤵
- Program crash
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13621.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46014.exe
8⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8567.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7192.exe
11⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8710.exe
12⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
13⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
14⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
14⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
13⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21618.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-54128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54128.exe
11⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44964.exe
12⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4025.exe
13⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
10⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
8⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
7⤵
- Program crash
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
6⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23098.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15588.exe
8⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
9⤵
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
10⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
11⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31814.exe
12⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7947.exe
12⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42769.exe
13⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
14⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 236
14⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
13⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 220
12⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
11⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 236
10⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
9⤵
- Program crash
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55697.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55573.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28687.exe
10⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
11⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
12⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64808.exe
13⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
14⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
14⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
13⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
12⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
11⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
9⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
8⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34809.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
8⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24847.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17390.exe
11⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-33755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33755.exe
12⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
13⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54154.exe
13⤵
PID:11868

C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
14⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 220
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 220
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
10⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
11⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9577.exe
12⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38213.exe
13⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
7⤵
- Program crash
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
8⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10404.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
11⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
12⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28135.exe
13⤵
PID:11396

C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
14⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 220
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
12⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 236
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-39948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39948.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
11⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56531.exe
12⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50081.exe
13⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 236
13⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
12⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
10⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51613.exe
7⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35729.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62750.exe
9⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23838.exe
10⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7335.exe
11⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34373.exe
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
8⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
6⤵
- Program crash
PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26139.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17260.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15672.exe
9⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe
10⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18381.exe
11⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45594.exe
12⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11388.exe
13⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16267.exe
14⤵
PID:11664

C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13236.exe
15⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
14⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 220
13⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
12⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
11⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 236
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42885.exe
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60368.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
12⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
13⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 236
13⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
12⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3974.exe
8⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4787.exe
11⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
12⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17305.exe
13⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 236
13⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
12⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
9⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
8⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15759.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
8⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5386.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65080.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51430.exe
12⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 216
13⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 236
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 236
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
8⤵
- Program crash
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 220
7⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13538.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17727.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58650.exe
8⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53168.exe
11⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51980.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35883.exe
13⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
13⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 236
11⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
8⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46953.exe
7⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2672.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15670.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
11⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
12⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
8⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
6⤵
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10440.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56154.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25895.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39045.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52169.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14709.exe
11⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28057.exe
12⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17222.exe
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
13⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 236
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
10⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36091.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2091.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
10⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51129.exe
11⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63236.exe
12⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 236
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
11⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
7⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49818.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
9⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
10⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21638.exe
11⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44243.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
12⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
10⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
8⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
7⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46398.exe
7⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13912.exe
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29066.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25779.exe
11⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
12⤵
PID:11288

C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
13⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
11⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
10⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14711.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15859.exe
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53331.exe
9⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14185.exe
10⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 236
10⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 236
9⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
8⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
7⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
5⤵
- Program crash
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29595.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42999.exe
9⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
10⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
11⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
12⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
13⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
14⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
15⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 236
15⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
14⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
13⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
12⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
11⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
10⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
9⤵
- Program crash
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe
8⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43238.exe
9⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23368.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11494.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7127.exe
12⤵
PID:8472

C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
13⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe
14⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 216
13⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
12⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
10⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
9⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
8⤵
- Program crash
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48624.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
9⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9361.exe
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21801.exe
11⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
12⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
13⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
14⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
13⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
12⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
11⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
10⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
9⤵
- Program crash
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54099.exe
8⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17530.exe
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-48443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48443.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14657.exe
11⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62094.exe
12⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1648.exe
13⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
8⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
7⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58375.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17234.exe
8⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14841.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21697.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8214.exe
11⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
12⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21934.exe
13⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 236
12⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
10⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29786.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23529.exe
10⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2296.exe
11⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1300.exe
12⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
11⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
9⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1452.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10757.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1956.exe
10⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41492.exe
11⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
12⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34944.exe
13⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
12⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 236
11⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
8⤵
- Program crash
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
6⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65287.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17151.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23456.exe
8⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
11⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56266.exe
12⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54694.exe
13⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16470.exe
14⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
13⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
12⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
10⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
9⤵
- Program crash
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52345.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52994.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17263.exe
11⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24352.exe
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 220
13⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
12⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11758.exe
7⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-23010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23010.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61660.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23293.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20268.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
13⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
10⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
7⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36179.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27264.exe
7⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
8⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
9⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49551.exe
10⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
11⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8000.exe
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
9⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
8⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
7⤵
- Program crash
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 220
6⤵
- Program crash
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
5⤵
- Program crash
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13258.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60788.exe
8⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62096.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
11⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43329.exe
12⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44663.exe
13⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
14⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
13⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
12⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 236
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46777.exe
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24982.exe
10⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60049.exe
11⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36303.exe
12⤵
PID:11432

C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8960.exe
13⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 220
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
7⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32880.exe
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34821.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62488.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25530.exe
12⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-36843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36843.exe
13⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 236
12⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 220
7⤵
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62822.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40176.exe
7⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14649.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5744.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
11⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
12⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
13⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 236
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64405.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60352.exe
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
9⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40169.exe
10⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe
11⤵
PID:11716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64959.exe
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
11⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
10⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
9⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
8⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
7⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
6⤵
- Program crash
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25982.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2760.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19943.exe
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
10⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21503.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
12⤵
PID:11808

C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23906.exe
13⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 240
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
8⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
7⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20135.exe
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
9⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33900.exe
10⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63282.exe
10⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34933.exe
11⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29765.exe
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 220
10⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
9⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
8⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
7⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
6⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31178.exe
7⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 240
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
7⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
6⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
5⤵
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24830.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39709.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47576.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22377.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2213.exe
11⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
12⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17300.exe
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
8⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14664.exe
7⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21339.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
11⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
12⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 216
12⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
11⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
8⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
7⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58738.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
7⤵
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25423.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15688.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-42011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42011.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4751.exe
11⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33003.exe
12⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 236
12⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 236
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 216
8⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
7⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
6⤵
- Program crash
PID:596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
5⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7939.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21789.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25786.exe
7⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
8⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-38059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38059.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
10⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33651.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
12⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50600.exe
13⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
13⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
10⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3995.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34546.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54372.exe
10⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
11⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38265.exe
12⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 236
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
8⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50207.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
8⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
9⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45768.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
11⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63184.exe
12⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
10⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
9⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
6⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
5⤵
- Program crash
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34582.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:736

C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14929.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
7⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
8⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54094.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14081.exe
11⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64616.exe
12⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-60662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60662.exe
13⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
12⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
8⤵
- Program crash
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
7⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7332.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
11⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7730.exe
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
8⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
7⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8167.exe
6⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-61172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61172.exe
7⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64125.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45070.exe
9⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49904.exe
10⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58482.exe
11⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6806.exe
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
12⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 236
11⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
9⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe
7⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37862.exe
8⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
9⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
10⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52271.exe
11⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
11⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
10⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
9⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
8⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
7⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 220
6⤵
- Program crash
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64685.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
6⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
7⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38137.exe
9⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37853.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53132.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10823.exe
12⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
11⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
10⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
9⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 216
8⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
7⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49667.exe
6⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57135.exe
7⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-4182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4182.exe
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
9⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2680.exe
10⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
11⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56023.exe
12⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
11⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
10⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
9⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
8⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
7⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
6⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
5⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10845.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46315.exe
6⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
7⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50010.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44551.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
10⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58010.exe
11⤵
PID:10520

C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
12⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
10⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
9⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 216
8⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
7⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37222.exe
6⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
7⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54473.exe
8⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
9⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
10⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29661.exe
11⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 236
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
10⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
9⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
8⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
7⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
6⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
5⤵
- Program crash
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
4⤵
- Program crash
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
2⤵
- Program crash
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe

Filesize
184KB

MD5
f51e0a6584b00b8aa9d177fd3bead631

SHA1
dc504c016a197fa059ad4b9bba98a78cac601d6a

SHA256
73c91696f15deae9a7f8c0bb899e71b96d709ae2e25d4969604a886d7089d33d

SHA512
aa95727e1eb6fafdb0a73de28559c9b1a434fb110b89bf87996ba12eeb3fc8f35a147eca973324b966018407ca389b578fb3987a296e99d8b846c95424a9fd01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe

Filesize
184KB

MD5
e8b1c9b81812088d03dc9a6d74742c82

SHA1
603fefd26063e6dd12144baa77bafc553e3c5c32

SHA256
7e24d8f4273295b6961ce57dcb9cd1d66a39076a1e2c0f714a81982ddeba0731

SHA512
02ffc7a55e23dcb0a9a5d5d5ccbddce75453f4572a8bd5aa4c0e21e5e67d3daad0f24c0049938d57962fd16ee0d0528dc93e3bfadb84c404de52344c56a95fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe

Filesize
184KB

MD5
b2c78a1abcfac086008430d0f3b8547b

SHA1
22356e7c26fa10571ed092d80ee24d5fa946b6c2

SHA256
b27c003d88d83bb6a0a0227ef763df605e060ae960a93bad8f5cd1bb9493ab2f

SHA512
1e268e09b3165524808ef06f1a082f20aa397a02fae0f1140e8ee10248f19e9f9d811115d20fbf6ba63844f1c49a7ee94a28ab8e1bff64a4e624ba9af845e62c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe

Filesize
184KB

MD5
5ed7e328c05b7d7db2f842a0a0f86816

SHA1
a9b72a4fd0bd465affa8c49fc723ff2068f4903f

SHA256
71041c2e25355e641c5f8166445bf52033c5697ed5e9bff49b0adb13b30c5b0b

SHA512
06598bf1b24991a6804bbb87a8223d1086bfea56a1a455454d7761b7fd7fabcdc4efd4b1e6c63b3b93a7f6cd6ba728281f4d8b803c46f049c68bd2e0ff950f41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36855.exe

Filesize
184KB

MD5
ce6015d8fc985a374dbd4589bec4805d

SHA1
425698866c33716dd18cfe11a13eebee842a96d3

SHA256
b3da299507bcafdd694168e08a3670d652e094924bdab20cb9a12cbe8c1f1649

SHA512
c8a14ac2dba8355f4f29fe0c003630fdfa2b13d846130b88c818c842371100fe7a0673cf3a2c7ec262684020216627c61dbe5aaec10f7ddaa93186df2f00ea0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37099.exe

Filesize
184KB

MD5
62ce1ba9897c1d6f6bda3cceb145ed27

SHA1
ac0013c2fea01e8c8af34b97a2ec2499b837bee2

SHA256
1e3312c5e16e448da2607c94dccbabd851f10fe61214ba4fb0680bf44bddb93c

SHA512
affc74e3fa2d3a6cb9c9156561f1b63887c3f24ecfd629fa346b24dbe734836a6493c63d6b334c0e5d70cb792554c0b7f18fb94a4e616462a29077ea607fba3d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37274.exe

Filesize
184KB

MD5
83c617f830eda74619f990036aa253fd

SHA1
576b6259b9dc7d132002793d550ebceb07c020ff

SHA256
95edfd7658e6a5c661a197ba86fba04411ebb14c1a070d115dc1f10a1a0eaa02

SHA512
6bf66aba771b8b49b7fa8b8ccdc02c2760d02504d3c0769f7aea7c6e74e9a75e7560f359ccece579908531ecfc53c3a318fec52e77afd901004659475ed1fe64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39983.exe

Filesize
184KB

MD5
16e363d5ca6ce01a53caf41ea63e8e69

SHA1
88623be3c7c46d274973af8092212961a43a6ddd

SHA256
c15a6b27ecaf96b2aee62eff84a82e71e4e7f948ea16aa8a097daeb358f7a93a

SHA512
67282e1ab03ae20251b2feca57e41480a997cf6e5e05ad243feb9341ef555afc50306b28006e12a9cc2f8ac78960c9f259d35ce436f425f420d3e7cd341edadc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40538.exe

Filesize
184KB

MD5
00dffbaa66ba758dfb59eb9e9bebfb65

SHA1
845dcb366032637991a06552140d02a7e855732e

SHA256
5e84ddfd2ca943b55e482e59ca5cde1a595cc2123afa128344010976bef1b7ed

SHA512
629250119b23668396e90acfef42f8ce5feb2b22e24286155ae179d6a5615102c7b4ea54f26a9e746d38dc8de326764688dd603c16d2ad485fb4eda8f6e2eb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48074.exe

Filesize
184KB

MD5
e49f2fa723d96b98e5350f6f1e0f4d75

SHA1
2c3844dc96293187ccc1c263a27e75d3559ac506

SHA256
b0620d32c657a35053edb127bc1449009338e086dee123b4d1155fc853835a2a

SHA512
33b19a1e5762c20a03f49a29d5f71c285865ca52c5fbe03859621c3e3b3d6c3cefce807adebe44afea144d066dda3ee4167beeef74905ab0f862110e29eef619

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe

Filesize
184KB

MD5
23708f1601d603271343500e6416727a

SHA1
6228455dce7fe365e66727192ba8213c66f4a721

SHA256
0910e069ad57134987369d2bef6ab1f8e74f52ed4baef874fa0ded4c537ad168

SHA512
c0f9150a23ef1a81a5e86eca1de89d2aaa5032d404a5314a7a317c95e542effc12e5b9b8f6a100aa1bb060b0214dc98560ff4d256a743200fb544a28a7329b58

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63019.exe

Filesize
184KB

MD5
5404fa17310ed7685728fa537d690613

SHA1
333877d47c349be492986a5642af5e194e4436be

SHA256
f6a6b271ce809acdaaccbcc43fd3edd09b91876b7c5a5543af598aadafcdad38

SHA512
e9e46635446fe40e4129634bc5a2161c6e88d6bc21c6ed5e6697788f8fd80fbf1f10af12858acea48697ccbad9906e99d5daa0bc901a770186c369ceaa9e7637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63905.exe

Filesize
184KB

MD5
60a050470ace347975ec5afa0bc36454

SHA1
3e86d9a308010675fe3ddc921419706397b13350

SHA256
1f009dfb36b9910bd8100fb7474710248ded59123449884c740db871a6c27660

SHA512
1e5838288174ba415dd50d5e6c4c56099dee10bd72c1551c8eb523dbb8da0b84cc0d30bf17aa3ab550e45c4856bd4fb40ef13311659b44fcecdf655a0144973b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6673.exe

Filesize
184KB

MD5
3447df957e318fc5c041eab5191ff2df

SHA1
f6080144841351eda832ab412ecd9e5990ab0b88

SHA256
a69af2651be9c1f4fbf81670c54c72ed471632dd68bf05f97f716023023f7f28

SHA512
163646a204277b7b0142625c97fc99970e0c3321ebc8f5362bf0b2e99f62b33e6b201f8ae6d1dbaa81df0ac087485e2918f1f5eaf1f5c088dff382d5fc174bd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe

Filesize
184KB

MD5
0ac7b689fc5803561abdc05d5067224f

SHA1
b91b506058772d8f13e7a43af8f7f35382e47d15

SHA256
ff594baca9169ce171e3f1716f132c90bd1ebee63afccd0e455d0efb7ea0b362

SHA512
ea19fefe412bdad18622d2bb8f3459a3d44a7598cec7c9104cf68339b6617ff8ed52fa7ac6eaa610397e6a5d0e350dade5cdd9cbf5ff229e35ddbdd38c7852f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16003.exe

Filesize
184KB

MD5
f0c5fe5570c0e374af5869354d0a93d0

SHA1
45a51c158b4e8d27fbbfb3501d08d16fc3629073

SHA256
f845b023a9aa129dc57704d8a1b593b0aa77a3fdb079738538b37b48895ddb7b

SHA512
1873c44613a7d4a0dc354c34c6d93d28a49df9ad2ba79ceace4bf17b9fabe88bacdcb66b63e62706a01c38ba671f537d054f8b48f0f960676533b9a074e119ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22055.exe

Filesize
184KB

MD5
665ae9fc8cb20c2dacb36f1c334d3ce9

SHA1
e6186a70e1d4aa82be58975883f44d3883fd0dda

SHA256
90efe4aee0e31a1763e8f5ab290fed7f3d70eb66f0065f2c625ec6650f1c71ee

SHA512
51ca0aa0b16117cb129d5756b5631c8f6a49d63b75eccfa44357b96357bc8a70903647feaf944e82a11cfbc523f26695942d7915175e878703ca1506f433e183

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe

Filesize
184KB

MD5
0bab62651cb18920bc3dcfe0c079e6f9

SHA1
f93a78d0e07e99d377372a80ed020c0e351ecc65

SHA256
e131381e917a330e17b0954ac55761cbf879be0a3b17103b1a4faca63ebb31bd

SHA512
600e5bac052b1dd9c9ca3d94eaa4f285a470493d823696a2b19dc3a9f5956765794ca64a8defbf493ee2f12794d8e9d95a928c5c756a1108a0ffb1ea9db6b903

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2360.exe

Filesize
184KB

MD5
861fb9027d2d4040611950115f85790f

SHA1
23b429a77c0b53d1a4815d80cb809927ed46ddf1

SHA256
8dbe3a79f00b66b69001e51ca8f23de60247359f53f626d63945dfab4cfbf70e

SHA512
4b8b1001ecf4e47c44f5c181336992d01392e3a5d47b4d0c47295c799164cbd40813846dec902e35a954825f587d052f7f0252cf2cc190630c9aa55b57439d68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23617.exe

Filesize
184KB

MD5
3aab4e3ecff87e403cdfadc658162650

SHA1
4df2cee66636c0d2a458269ceaf35c02541d9e61

SHA256
5d1b3186a6c06d9bb52b52d3db3ca4cdc4b60c08a2f0a7f54157cbcd71e5bc3c

SHA512
53ff730fd3aad7fbfd2f918e616fdcee5e2d8368e0aeac1278e93b2e255346c5570ce20f8024e9ee5c3084785488b3e7dfaf38c735db1782266bdbcb39d27759

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe

Filesize
184KB

MD5
7e33ed2275371105d112f7ab2e9b0a06

SHA1
2f7a023ce202f69bef3d5537afc4af76f99c35e2

SHA256
5714db3471e537f270e160b08212943ab59d9a86e29124c00e0dc000fe6e78b0

SHA512
3e18aed8cd8774eda6bd5fd882ed40340c8c667b30f8c3009d200ba4f31ca1fa2d00c06069766bc96c4e9feaef3272a226954377d6eb679bb743509e850bbc77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39714.exe

Filesize
184KB

MD5
b7f708799b9485da87b0537fc3735bc7

SHA1
4271b492144dd048c06b6b3038361a74d3e649cf

SHA256
f743608d9a27c6385657ddaaab7d9ec0ab4f54dede3d00d6fadaefc5644e455a

SHA512
11078af57eb0ce6cabfb8fe7c7d4dfc11c156b432c902e63ff5f2f112712c40b6c913cdaf7c01e98ea1db24a1c80ecccfa96690588818823b78cfbc58bfebc9b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52952.exe

Filesize
184KB

MD5
75256468467e46e5818e96fc5d00ebeb

SHA1
b4f6aaaee0bb9948f391a8a664901835135bd8c9

SHA256
a27c8f3681ef728d4a0f2f0fb1ecb417ec548adbeef66ffb537830ec4b53e103

SHA512
57a74cbac538687cbed59cd755702146ccee4f1bc6b4f656c19ca9ed20e4698d38820396ef02d6097e54d1bfb666e65c426f0dfbe24745cc368384016513eb37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe

Filesize
184KB

MD5
4680670605051fd1b682eead0c70a57f

SHA1
78384a8e2fbeded7834b48127d017434d11af6da

SHA256
7564b73c655b0a75b5e9e9574f248116ba7d2f6d8ff289540e1fe0d8a6a5986c

SHA512
6ea2b7d39e60ebca11df8a059d0ae8c245215ac6b08d1c3b1a6ff3d032a78ee9645e73aaf090227436879c58c497055aa551f79eca9915de248c9c607c4e14da

Download Submit