6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
Size

184KB
MD5

20f40cf449516fb4f20ffb51bdd2e402
SHA1

f0f97f97076e8662b4e75536791e74bb844849ae
SHA256

6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28
SHA512

8db769db11b2a2a2c222555b97fa26a9e7ff49f893649f46cfc99edad650e36fdedebf707eea2aea36d0d51de952411a553c7cb17d00741dccfbbcea913895fa
SSDEEP

3072:9d3+SRoTfPiKdGtdW7S89rEUhlnViFGnh:9dxoGGGtl8FEUhlnViFG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-61524.exeUnicorn-9199.exeUnicorn-54871.exeUnicorn-40009.exeUnicorn-54954.exeUnicorn-9282.exeUnicorn-48452.exeUnicorn-52536.exeUnicorn-1944.exeUnicorn-21810.exeUnicorn-36754.exeUnicorn-47526.exeUnicorn-31744.exeUnicorn-5102.exeUnicorn-24968.exeUnicorn-24968.exeUnicorn-37796.exeUnicorn-41880.exeUnicorn-22014.exeUnicorn-48185.exeUnicorn-25627.exeUnicorn-13929.exeUnicorn-11236.exeUnicorn-15512.exeUnicorn-61184.exeUnicorn-23681.exeUnicorn-23681.exeUnicorn-38625.exeUnicorn-7899.exeUnicorn-62575.exeUnicorn-31849.exeUnicorn-46794.exeUnicorn-22695.exeUnicorn-55045.exeUnicorn-52352.exeUnicorn-49892.exeUnicorn-25710.exeUnicorn-20749.exeUnicorn-39777.exeUnicorn-50406.exeUnicorn-65351.exeUnicorn-23764.exeUnicorn-17350.exeUnicorn-32294.exeUnicorn-52160.exeUnicorn-56244.exeUnicorn-60328.exeUnicorn-9736.exeUnicorn-29602.exeUnicorn-44739.exeUnicorn-64604.exeUnicorn-48823.exeUnicorn-3151.exeUnicorn-61672.exeUnicorn-4495.exeUnicorn-19440.exeUnicorn-12663.exeUnicorn-51558.exeUnicorn-966.exeUnicorn-55642.exeUnicorn-5050.exeUnicorn-2165.exeUnicorn-17110.exeUnicorn-41060.exe

pid	process
620	Unicorn-61524.exe
3020	Unicorn-9199.exe
2984	Unicorn-54871.exe
2588	Unicorn-40009.exe
2796	Unicorn-54954.exe
2696	Unicorn-9282.exe
2128	Unicorn-48452.exe
2568	Unicorn-52536.exe
2816	Unicorn-1944.exe
1952	Unicorn-21810.exe
1948	Unicorn-36754.exe
2392	Unicorn-47526.exe
1592	Unicorn-31744.exe
2848	Unicorn-5102.exe
2324	Unicorn-24968.exe
2316	Unicorn-24968.exe
2228	Unicorn-37796.exe
1604	Unicorn-41880.exe
1472	Unicorn-22014.exe
2320	Unicorn-48185.exe
1928	Unicorn-25627.exe
1784	Unicorn-13929.exe
1856	Unicorn-11236.exe
2452	Unicorn-15512.exe
868	Unicorn-61184.exe
1716	Unicorn-23681.exe
2372	Unicorn-23681.exe
2092	Unicorn-38625.exe
2868	Unicorn-7899.exe
2508	Unicorn-62575.exe
2432	Unicorn-31849.exe
1792	Unicorn-46794.exe
2336	Unicorn-22695.exe
2728	Unicorn-55045.exe
2504	Unicorn-52352.exe
2480	Unicorn-49892.exe
2692	Unicorn-25710.exe
2540	Unicorn-20749.exe
2104	Unicorn-39777.exe
872	Unicorn-50406.exe
2776	Unicorn-65351.exe
2032	Unicorn-23764.exe
1996	Unicorn-17350.exe
2008	Unicorn-32294.exe
1964	Unicorn-52160.exe
1188	Unicorn-56244.exe
320	Unicorn-60328.exe
1808	Unicorn-9736.exe
1756	Unicorn-29602.exe
2236	Unicorn-44739.exe
2068	Unicorn-64604.exe
2296	Unicorn-48823.exe
1316	Unicorn-3151.exe
1524	Unicorn-61672.exe
1920	Unicorn-4495.exe
708	Unicorn-19440.exe
2968	Unicorn-12663.exe
1620	Unicorn-51558.exe
1284	Unicorn-966.exe
2020	Unicorn-55642.exe
2628	Unicorn-5050.exe
2820	Unicorn-2165.exe
2516	Unicorn-17110.exe
2512	Unicorn-41060.exe

Loads dropped DLL 64 IoCs

Processes:

6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exeUnicorn-61524.exeUnicorn-54871.exeUnicorn-9199.exeWerFault.exeUnicorn-9282.exeUnicorn-54954.exeUnicorn-40009.exeWerFault.exeWerFault.exeUnicorn-48452.exeUnicorn-1944.exeUnicorn-52536.exeUnicorn-21810.exeUnicorn-36754.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
620	Unicorn-61524.exe
620	Unicorn-61524.exe
2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
2984	Unicorn-54871.exe
2984	Unicorn-54871.exe
620	Unicorn-61524.exe
620	Unicorn-61524.exe
3020	Unicorn-9199.exe
3020	Unicorn-9199.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
2696	Unicorn-9282.exe
2696	Unicorn-9282.exe
2796	Unicorn-54954.exe
2796	Unicorn-54954.exe
3020	Unicorn-9199.exe
3020	Unicorn-9199.exe
2984	Unicorn-54871.exe
2984	Unicorn-54871.exe
2588	Unicorn-40009.exe
2588	Unicorn-40009.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2168	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
2356	WerFault.exe
2168	WerFault.exe
2128	Unicorn-48452.exe
2128	Unicorn-48452.exe
2696	Unicorn-9282.exe
2696	Unicorn-9282.exe
2816	Unicorn-1944.exe
2568	Unicorn-52536.exe
2568	Unicorn-52536.exe
2796	Unicorn-54954.exe
2796	Unicorn-54954.exe
2816	Unicorn-1944.exe
1952	Unicorn-21810.exe
1952	Unicorn-21810.exe
1948	Unicorn-36754.exe
1948	Unicorn-36754.exe
2588	Unicorn-40009.exe
2588	Unicorn-40009.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
1848	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
2300	WerFault.exe
1132	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2832	2056	WerFault.exe	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
3040	620	WerFault.exe	Unicorn-61524.exe
2168	2984	WerFault.exe	Unicorn-54871.exe
2356	3020	WerFault.exe	Unicorn-9199.exe
1848	2696	WerFault.exe	Unicorn-9282.exe
2300	2796	WerFault.exe	Unicorn-54954.exe
1132	2588	WerFault.exe	Unicorn-40009.exe
2952	2128	WerFault.exe	Unicorn-48452.exe
1584	2568	WerFault.exe	Unicorn-52536.exe
1744	1952	WerFault.exe	Unicorn-21810.exe
2688	1948	WerFault.exe	Unicorn-36754.exe
448	1592	WerFault.exe	Unicorn-31744.exe
2352	2392	WerFault.exe	Unicorn-47526.exe
1336	2324	WerFault.exe	Unicorn-24968.exe
1912	2848	WerFault.exe	Unicorn-5102.exe
1800	2316	WerFault.exe	Unicorn-24968.exe
2824	2228	WerFault.exe	Unicorn-37796.exe
1688	1472	WerFault.exe	Unicorn-22014.exe
352	1604	WerFault.exe	Unicorn-41880.exe
2760	2320	WerFault.exe	Unicorn-48185.exe
1972	1928	WerFault.exe	Unicorn-25627.exe
2532	1784	WerFault.exe	Unicorn-13929.exe
1040	1856	WerFault.exe	Unicorn-11236.exe
2780	2452	WerFault.exe	Unicorn-15512.exe
1936	868	WerFault.exe	Unicorn-61184.exe
2052	1716	WerFault.exe	Unicorn-23681.exe
556	2868	WerFault.exe	Unicorn-7899.exe
2112	2092	WerFault.exe	Unicorn-38625.exe
2240	2508	WerFault.exe	Unicorn-62575.exe
1288	2372	WerFault.exe	Unicorn-23681.exe
2220	1792	WerFault.exe	Unicorn-46794.exe
584	2432	WerFault.exe	Unicorn-31849.exe
3388	2728	WerFault.exe	Unicorn-55045.exe
3412	2540	WerFault.exe	Unicorn-20749.exe
3420	872	WerFault.exe	Unicorn-50406.exe
3440	2032	WerFault.exe	Unicorn-23764.exe
3548	2008	WerFault.exe	Unicorn-32294.exe
3616	1188	WerFault.exe	Unicorn-56244.exe
3640	2236	WerFault.exe	Unicorn-44739.exe
3632	1756	WerFault.exe	Unicorn-29602.exe
3756	2336	WerFault.exe	Unicorn-22695.exe
3888	320	WerFault.exe	Unicorn-60328.exe
3960	1316	WerFault.exe	Unicorn-3151.exe
3264	2068	WerFault.exe	Unicorn-64604.exe
3336	1996	WerFault.exe	Unicorn-17350.exe
3536	1808	WerFault.exe	Unicorn-9736.exe
3732	2692	WerFault.exe	Unicorn-25710.exe
4092	2296	WerFault.exe	Unicorn-48823.exe
3156	2504	WerFault.exe	Unicorn-52352.exe
2396	2480	WerFault.exe	Unicorn-49892.exe
3716	2572	WerFault.exe	Unicorn-3296.exe
3708	1284	WerFault.exe	Unicorn-966.exe
3800	2968	WerFault.exe	Unicorn-12663.exe
3824	1620	WerFault.exe	Unicorn-51558.exe
3880	2020	WerFault.exe	Unicorn-55642.exe
3920	2776	WerFault.exe	Unicorn-65351.exe
4012	2512	WerFault.exe	Unicorn-41060.exe
4028	856	WerFault.exe	Unicorn-15740.exe
3316	284	WerFault.exe	Unicorn-49804.exe
3364	2520	WerFault.exe	Unicorn-54059.exe
3204	2964	WerFault.exe	Unicorn-56005.exe
3288	3068	WerFault.exe	Unicorn-19824.exe
3304	1348	WerFault.exe	Unicorn-15740.exe
3804	344	WerFault.exe	Unicorn-39690.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exeUnicorn-61524.exeUnicorn-9199.exeUnicorn-54871.exeUnicorn-54954.exeUnicorn-40009.exeUnicorn-9282.exeUnicorn-48452.exeUnicorn-52536.exeUnicorn-1944.exeUnicorn-21810.exeUnicorn-36754.exeUnicorn-47526.exeUnicorn-31744.exeUnicorn-5102.exeUnicorn-24968.exeUnicorn-24968.exeUnicorn-37796.exeUnicorn-22014.exeUnicorn-41880.exeUnicorn-48185.exeUnicorn-25627.exeUnicorn-13929.exeUnicorn-11236.exeUnicorn-15512.exeUnicorn-61184.exeUnicorn-7899.exeUnicorn-23681.exeUnicorn-62575.exeUnicorn-23681.exeUnicorn-31849.exeUnicorn-38625.exeUnicorn-46794.exeUnicorn-22695.exeUnicorn-55045.exeUnicorn-52352.exeUnicorn-49892.exeUnicorn-25710.exeUnicorn-20749.exeUnicorn-50406.exeUnicorn-65351.exeUnicorn-23764.exeUnicorn-17350.exeUnicorn-32294.exeUnicorn-52160.exeUnicorn-56244.exeUnicorn-9736.exeUnicorn-29602.exeUnicorn-60328.exeUnicorn-44739.exeUnicorn-64604.exeUnicorn-48823.exeUnicorn-3151.exeUnicorn-61672.exeUnicorn-4495.exeUnicorn-19440.exeUnicorn-12663.exeUnicorn-51558.exeUnicorn-966.exeUnicorn-55642.exeUnicorn-5050.exeUnicorn-2165.exeUnicorn-17110.exeUnicorn-41060.exe

pid	process
2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
620	Unicorn-61524.exe
3020	Unicorn-9199.exe
2984	Unicorn-54871.exe
2796	Unicorn-54954.exe
2588	Unicorn-40009.exe
2696	Unicorn-9282.exe
2128	Unicorn-48452.exe
2568	Unicorn-52536.exe
2816	Unicorn-1944.exe
1952	Unicorn-21810.exe
1948	Unicorn-36754.exe
2392	Unicorn-47526.exe
1592	Unicorn-31744.exe
2848	Unicorn-5102.exe
2324	Unicorn-24968.exe
2316	Unicorn-24968.exe
2228	Unicorn-37796.exe
1472	Unicorn-22014.exe
1604	Unicorn-41880.exe
2320	Unicorn-48185.exe
1928	Unicorn-25627.exe
1784	Unicorn-13929.exe
1856	Unicorn-11236.exe
2452	Unicorn-15512.exe
868	Unicorn-61184.exe
2868	Unicorn-7899.exe
1716	Unicorn-23681.exe
2508	Unicorn-62575.exe
2372	Unicorn-23681.exe
2432	Unicorn-31849.exe
2092	Unicorn-38625.exe
1792	Unicorn-46794.exe
2336	Unicorn-22695.exe
2728	Unicorn-55045.exe
2504	Unicorn-52352.exe
2480	Unicorn-49892.exe
2692	Unicorn-25710.exe
2540	Unicorn-20749.exe
872	Unicorn-50406.exe
2776	Unicorn-65351.exe
2032	Unicorn-23764.exe
1996	Unicorn-17350.exe
2008	Unicorn-32294.exe
1964	Unicorn-52160.exe
1188	Unicorn-56244.exe
1808	Unicorn-9736.exe
1756	Unicorn-29602.exe
320	Unicorn-60328.exe
2236	Unicorn-44739.exe
2068	Unicorn-64604.exe
2296	Unicorn-48823.exe
1316	Unicorn-3151.exe
1524	Unicorn-61672.exe
1920	Unicorn-4495.exe
708	Unicorn-19440.exe
2968	Unicorn-12663.exe
1620	Unicorn-51558.exe
1284	Unicorn-966.exe
2020	Unicorn-55642.exe
2628	Unicorn-5050.exe
2820	Unicorn-2165.exe
2516	Unicorn-17110.exe
2512	Unicorn-41060.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exeUnicorn-61524.exeUnicorn-54871.exeUnicorn-9199.exeUnicorn-9282.exeUnicorn-54954.exeUnicorn-40009.exeUnicorn-48452.exe

description	pid	process	target process
PID 2056 wrote to memory of 620	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-61524.exe
PID 2056 wrote to memory of 620	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-61524.exe
PID 2056 wrote to memory of 620	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-61524.exe
PID 2056 wrote to memory of 620	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-61524.exe
PID 620 wrote to memory of 3020	620	Unicorn-61524.exe	Unicorn-9199.exe
PID 620 wrote to memory of 3020	620	Unicorn-61524.exe	Unicorn-9199.exe
PID 620 wrote to memory of 3020	620	Unicorn-61524.exe	Unicorn-9199.exe
PID 620 wrote to memory of 3020	620	Unicorn-61524.exe	Unicorn-9199.exe
PID 2056 wrote to memory of 2984	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-54871.exe
PID 2056 wrote to memory of 2984	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-54871.exe
PID 2056 wrote to memory of 2984	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-54871.exe
PID 2056 wrote to memory of 2984	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	Unicorn-54871.exe
PID 2056 wrote to memory of 2832	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	WerFault.exe
PID 2056 wrote to memory of 2832	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	WerFault.exe
PID 2056 wrote to memory of 2832	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	WerFault.exe
PID 2056 wrote to memory of 2832	2056	6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe	WerFault.exe
PID 2984 wrote to memory of 2588	2984	Unicorn-54871.exe	Unicorn-40009.exe
PID 2984 wrote to memory of 2588	2984	Unicorn-54871.exe	Unicorn-40009.exe
PID 2984 wrote to memory of 2588	2984	Unicorn-54871.exe	Unicorn-40009.exe
PID 2984 wrote to memory of 2588	2984	Unicorn-54871.exe	Unicorn-40009.exe
PID 620 wrote to memory of 2796	620	Unicorn-61524.exe	Unicorn-54954.exe
PID 620 wrote to memory of 2796	620	Unicorn-61524.exe	Unicorn-54954.exe
PID 620 wrote to memory of 2796	620	Unicorn-61524.exe	Unicorn-54954.exe
PID 620 wrote to memory of 2796	620	Unicorn-61524.exe	Unicorn-54954.exe
PID 3020 wrote to memory of 2696	3020	Unicorn-9199.exe	Unicorn-9282.exe
PID 3020 wrote to memory of 2696	3020	Unicorn-9199.exe	Unicorn-9282.exe
PID 3020 wrote to memory of 2696	3020	Unicorn-9199.exe	Unicorn-9282.exe
PID 3020 wrote to memory of 2696	3020	Unicorn-9199.exe	Unicorn-9282.exe
PID 620 wrote to memory of 3040	620	Unicorn-61524.exe	WerFault.exe
PID 620 wrote to memory of 3040	620	Unicorn-61524.exe	WerFault.exe
PID 620 wrote to memory of 3040	620	Unicorn-61524.exe	WerFault.exe
PID 620 wrote to memory of 3040	620	Unicorn-61524.exe	WerFault.exe
PID 2696 wrote to memory of 2128	2696	Unicorn-9282.exe	Unicorn-48452.exe
PID 2696 wrote to memory of 2128	2696	Unicorn-9282.exe	Unicorn-48452.exe
PID 2696 wrote to memory of 2128	2696	Unicorn-9282.exe	Unicorn-48452.exe
PID 2696 wrote to memory of 2128	2696	Unicorn-9282.exe	Unicorn-48452.exe
PID 2796 wrote to memory of 2568	2796	Unicorn-54954.exe	Unicorn-52536.exe
PID 2796 wrote to memory of 2568	2796	Unicorn-54954.exe	Unicorn-52536.exe
PID 2796 wrote to memory of 2568	2796	Unicorn-54954.exe	Unicorn-52536.exe
PID 2796 wrote to memory of 2568	2796	Unicorn-54954.exe	Unicorn-52536.exe
PID 3020 wrote to memory of 2816	3020	Unicorn-9199.exe	Unicorn-1944.exe
PID 3020 wrote to memory of 2816	3020	Unicorn-9199.exe	Unicorn-1944.exe
PID 3020 wrote to memory of 2816	3020	Unicorn-9199.exe	Unicorn-1944.exe
PID 3020 wrote to memory of 2816	3020	Unicorn-9199.exe	Unicorn-1944.exe
PID 2984 wrote to memory of 1948	2984	Unicorn-54871.exe	Unicorn-36754.exe
PID 2984 wrote to memory of 1948	2984	Unicorn-54871.exe	Unicorn-36754.exe
PID 2984 wrote to memory of 1948	2984	Unicorn-54871.exe	Unicorn-36754.exe
PID 2984 wrote to memory of 1948	2984	Unicorn-54871.exe	Unicorn-36754.exe
PID 2588 wrote to memory of 1952	2588	Unicorn-40009.exe	Unicorn-21810.exe
PID 2588 wrote to memory of 1952	2588	Unicorn-40009.exe	Unicorn-21810.exe
PID 2588 wrote to memory of 1952	2588	Unicorn-40009.exe	Unicorn-21810.exe
PID 2588 wrote to memory of 1952	2588	Unicorn-40009.exe	Unicorn-21810.exe
PID 2984 wrote to memory of 2168	2984	Unicorn-54871.exe	WerFault.exe
PID 2984 wrote to memory of 2168	2984	Unicorn-54871.exe	WerFault.exe
PID 2984 wrote to memory of 2168	2984	Unicorn-54871.exe	WerFault.exe
PID 2984 wrote to memory of 2168	2984	Unicorn-54871.exe	WerFault.exe
PID 3020 wrote to memory of 2356	3020	Unicorn-9199.exe	WerFault.exe
PID 3020 wrote to memory of 2356	3020	Unicorn-9199.exe	WerFault.exe
PID 3020 wrote to memory of 2356	3020	Unicorn-9199.exe	WerFault.exe
PID 3020 wrote to memory of 2356	3020	Unicorn-9199.exe	WerFault.exe
PID 2128 wrote to memory of 2392	2128	Unicorn-48452.exe	Unicorn-47526.exe
PID 2128 wrote to memory of 2392	2128	Unicorn-48452.exe	Unicorn-47526.exe
PID 2128 wrote to memory of 2392	2128	Unicorn-48452.exe	Unicorn-47526.exe
PID 2128 wrote to memory of 2392	2128	Unicorn-48452.exe	Unicorn-47526.exe

C:\Users\Admin\AppData\Local\Temp\6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe
"C:\Users\Admin\AppData\Local\Temp\6dbc0d15f848b7df7787d8c5fa49aff66613747c328281447b4945a2317b3e28.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25627.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52352.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51558.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
10⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8190.exe
11⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28715.exe
12⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1164.exe
13⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
14⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
14⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
13⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 236
12⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
11⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
10⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
9⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3722.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55549.exe
11⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
12⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40625.exe
13⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
13⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
12⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
10⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
9⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-966.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
9⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30941.exe
10⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
11⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7002.exe
12⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe
13⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46383.exe
14⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
13⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
12⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
11⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
10⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
9⤵
- Program crash
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
8⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49892.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12663.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40121.exe
9⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18689.exe
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26961.exe
11⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37921.exe
12⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24865.exe
13⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
12⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
10⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
9⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1781.exe
8⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33261.exe
11⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7952.exe
12⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
13⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
8⤵
- Program crash
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
7⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25710.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55642.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12938.exe
9⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10328.exe
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
11⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38113.exe
12⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27771.exe
13⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
11⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 216
10⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
9⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63234.exe
8⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5580.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65129.exe
12⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55838.exe
13⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
8⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54210.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
11⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15118.exe
12⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44849.exe
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
13⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
12⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33458.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40355.exe
11⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64522.exe
12⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 236
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
11⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
8⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
- Program crash
PID:2532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
6⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48185.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4495.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27869.exe
9⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
10⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16847.exe
11⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30905.exe
12⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62280.exe
13⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 236
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 236
12⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
11⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
10⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50790.exe
8⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24740.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
11⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52939.exe
12⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
13⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 220
13⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
9⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
8⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19440.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
8⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45850.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6903.exe
10⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3691.exe
11⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
12⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
13⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
12⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 236
11⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10987.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
10⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
11⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-34647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34647.exe
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 236
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
8⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
7⤵
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20723.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25923.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35409.exe
10⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
11⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57355.exe
12⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37885.exe
13⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
13⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 236
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
11⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10141.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39981.exe
10⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
11⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52166.exe
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
9⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 220
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64448.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61309.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31517.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56016.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42301.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56992.exe
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
6⤵
- Program crash
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
5⤵
- Loads dropped DLL
- Program crash
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21853.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19265.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16930.exe
11⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63105.exe
12⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2638.exe
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 216
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
12⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
9⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
8⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
7⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
8⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-63976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63976.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62757.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56120.exe
11⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60853.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
13⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
10⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 216
8⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
7⤵
- Program crash
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-44739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44739.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
7⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
8⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10245.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16572.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42752.exe
11⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
12⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3012.exe
13⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 236
13⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23244.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 240
11⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 236
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 220
8⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
7⤵
- Program crash
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
6⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7899.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4879.exe
7⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46151.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10136.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45051.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
11⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
12⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
13⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
11⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44480.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59197.exe
10⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
11⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
12⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
11⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19824.exe
6⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
7⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47578.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46390.exe
10⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
11⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7371.exe
12⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 236
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
10⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
8⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
7⤵
- Program crash
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
6⤵
- Program crash
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20749.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2165.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37443.exe
9⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56156.exe
10⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15564.exe
11⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
12⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
13⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6660.exe
14⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
14⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
13⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
12⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
11⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45222.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32280.exe
11⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34216.exe
12⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55861.exe
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
11⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-56472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56472.exe
8⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30334.exe
11⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 200
12⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
9⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53971.exe
8⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39576.exe
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9721.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62996.exe
12⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44185.exe
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
13⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
12⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
11⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34152.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12933.exe
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
10⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14371.exe
11⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42431.exe
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 220
8⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
7⤵
- Program crash
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe
6⤵
- Executes dropped EXE
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
6⤵
- Program crash
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61184.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23764.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45144.exe
7⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9913.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
11⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11128.exe
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
12⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 236
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
9⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
7⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50645.exe
10⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
11⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64169.exe
12⤵
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 216
12⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
10⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
8⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
7⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25278.exe
6⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8854.exe
7⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45606.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61818.exe
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 220
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
10⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46182.exe
8⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
9⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9109.exe
10⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
11⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
11⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
10⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
9⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
8⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
7⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
6⤵
- Program crash
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
5⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15512.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50406.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe
7⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
8⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31133.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe
10⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53162.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24346.exe
12⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 236
11⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
8⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
7⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-56005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56005.exe
6⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27345.exe
9⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46281.exe
10⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37672.exe
11⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61476.exe
12⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 236
12⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
11⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
10⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
8⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
7⤵
- Program crash
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
6⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65351.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43665.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57391.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3478.exe
9⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20765.exe
10⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22483.exe
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
11⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
10⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
9⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
7⤵
- Program crash
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
6⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
7⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
8⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
9⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37501.exe
10⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
10⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
9⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
8⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
7⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
6⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
5⤵
- Program crash
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-54871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54871.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-40009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40009.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37796.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23681.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-219.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
9⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-510.exe
11⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28383.exe
12⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 236
13⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
12⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
10⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
8⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11652.exe
12⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45615.exe
13⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
11⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
9⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
8⤵
- Program crash
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54059.exe
7⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33899.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30749.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14516.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
11⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20973.exe
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
12⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
7⤵
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
7⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12658.exe
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
10⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13992.exe
11⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33692.exe
12⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
12⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
10⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
9⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
8⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24147.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32228.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
10⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
11⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46043.exe
12⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 216
12⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
10⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
8⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
7⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
6⤵
- Program crash
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38625.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1188

C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19078.exe
7⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17402.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60183.exe
10⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28954.exe
11⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe
12⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
12⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
11⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
9⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
8⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
7⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
6⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46421.exe
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
11⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-54167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54167.exe
12⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
11⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 236
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
8⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
7⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
6⤵
- Program crash
PID:2112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
5⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22014.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62575.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60328.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
7⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
8⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42534.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35269.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
12⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14330.exe
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 216
13⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 236
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 236
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47749.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
10⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12783.exe
11⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24253.exe
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
12⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 236
10⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
8⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63042.exe
7⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32612.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22602.exe
9⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10619.exe
10⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26728.exe
11⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
12⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
7⤵
- Program crash
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
6⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29623.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-42726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42726.exe
8⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48320.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46561.exe
10⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10946.exe
11⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5202.exe
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 216
12⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35112.exe
7⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
8⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20495.exe
9⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56447.exe
10⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2078.exe
11⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 220
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 236
10⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 236
9⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
8⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
7⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9736.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49804.exe
6⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23785.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
8⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61579.exe
9⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28191.exe
10⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
11⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
9⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
8⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 236
7⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16171.exe
6⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-323.exe
7⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2072.exe
8⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38030.exe
9⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
10⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56004.exe
11⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
10⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
9⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
8⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
7⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
6⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
5⤵
- Program crash
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41880.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31849.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57972.exe
7⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62705.exe
10⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23308.exe
11⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
8⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
7⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10053.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61496.exe
9⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26956.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16074.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 236
12⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
10⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
8⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 220
7⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
6⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38175.exe
7⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45243.exe
9⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11086.exe
10⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41585.exe
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
10⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
9⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
8⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
7⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
6⤵
- Program crash
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39690.exe
6⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61283.exe
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
10⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16697.exe
11⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8749.exe
12⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
10⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
8⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
7⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26285.exe
6⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
7⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-47381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47381.exe
8⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13032.exe
9⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
10⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10420.exe
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
10⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
9⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 236
8⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
7⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
6⤵
- Program crash
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
5⤵
- Program crash
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46794.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64604.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27246.exe
6⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7256.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40531.exe
10⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15606.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37526.exe
12⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
10⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
7⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25762.exe
8⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60951.exe
9⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
10⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19977.exe
11⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
10⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
9⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
8⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
7⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
6⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61003.exe
8⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11579.exe
9⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17875.exe
10⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20151.exe
11⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
10⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
9⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
8⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
7⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 220
6⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15740.exe
5⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59041.exe
6⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23624.exe
7⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52591.exe
8⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52773.exe
9⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45721.exe
10⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 236
9⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
8⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
7⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
6⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
5⤵
- Program crash
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
4⤵
- Program crash
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
2⤵
- Program crash
PID:2832

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe

Filesize
184KB

MD5
84a26358f7ee767e16b28ee176289293

SHA1
6b333ac628bcafa4518166074cb568a313dd4966

SHA256
32b1337b04beafb6364e372f176a2ca9ba0c6d693f42f17bf064c8ec6d8f2b5d

SHA512
3cdf7df755a1cdf21441bec8e2a0e9fbed639cdd0631d385624ffa80881d1843c9bb40a0a6d55b63f0bcdba3a6f976a27b251fce8464c998039c454d101fd819

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31744.exe

Filesize
184KB

MD5
639c53664ff0e0b8c079a47e5633c5e5

SHA1
43d55e55091c8382219fce4505910690da9845cd

SHA256
c2c819defdb8dd401c005de49102ae4c152454c633a766b0868a1ba026b77465

SHA512
5a676ec7dddf1d543925eb84026afcf6c58ea531085cf901f9614fb59758d04a54e0bfffa1999f4c73ca286f937612e0a211b195a738903259c401f1ea3ede2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32457.exe

Filesize
184KB

MD5
4aebdc0e85b9a19f6cde9cf6cac45c98

SHA1
a7f9e3ff6b24bc14cbd6def6ae23a138b261ddae

SHA256
e7b32074c7b4e29d144239869526ea322167a0fea7716e24903b86498179ff26

SHA512
6384d7d7979f90712e92cef84d0bdf958c957904d2bcef192698b3177db7b98a1d1bb84f20d5c12f3aa586580c6ea3b5c7524ba888f460441c45a347d61949b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32701.exe

Filesize
184KB

MD5
e0356484332e17226705ced576b1d316

SHA1
20b5a6fa6ece3770846fd4d75f3193381d374e72

SHA256
63e26c748687bdc36815b9269261d8c63d5ffdfee204f5053c0bc72c69565c44

SHA512
b3c4ee418596a1a5a05fdeaf1023c73ed9c49df18f45dae07a3d388882dead63f69c941101eef85ae56e355ffe9c5d8bcd41956a8ce64baa6e628b1d56c97204

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe

Filesize
184KB

MD5
5b3420883c71fb42c8c2d5b1f43aa89f

SHA1
9547c0d48c189c10bc70301f47c183fc25d65116

SHA256
cb178c2459eb8226a3be0e3173be1fa4db55fa284d40b6bd6c27df2627b4a0c4

SHA512
662191faeb0cbcdf6514981074b206fe5278f2fd6adcd2cc24dd3fa6373f0df2c2c1dab1fda624eafe160267447bf9f6812f741012388002a0c9457300886d03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37163.exe

Filesize
184KB

MD5
ebac537bd45dc7ff44a9452d3269cedc

SHA1
e62f6128beffda50649feac4f2e49e59c6acb127

SHA256
e5d367b53393c979ae323e04dbd2dc2ca4d9975675193e99a0bcbd103a07e8d5

SHA512
c27cff7a6093967a77f55eaca9a8c48bb929f8d1027efe486d2efdc974f4365afaa8164170a6066c4cc2b385ff96119cfe494a05686bdf271f3fe338b21365d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37355.exe

Filesize
184KB

MD5
46864c21d7423ea8734eeade131f411a

SHA1
cca2f10a0a1bf32c801f729f3da2fe752001a5c0

SHA256
982a4b65d5ab7d972e1c69463f707075dd1e6dc481e196981beb6a3b19a1a4ed

SHA512
9714922b201b448d98cafe9e7fb717dbf24ff81e0eb2b437f242efb10614ec315bb494a94d72a72844abbcea23f2e561a939edc421aacb804aacb357af8b8537

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39751.exe

Filesize
184KB

MD5
669c3cd0fa6ca1781bbf5e1786141158

SHA1
12948ce162230d1ae1bad939265ded2fe112c89f

SHA256
9b0bd3207dcb419cd7fcc85d3d22b02cbfe2952be75f08705498688acb3492c8

SHA512
87e525829da20ff62723c8154ca631199d7b14e18f4fd9521b74dc4a411032b20160eff693bdff1f362a4b488dce17c87fa8b79890c04825ba634a3bdc4a516a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39777.exe

Filesize
184KB

MD5
01e40af359d28c85839413113d53e6c3

SHA1
e0af5908ca88e9a53303678439a8be149cf65106

SHA256
7d52a97dd63c2f79cf0a3bfe4919a3982ff9c6c3d5f8dd3d973d56721491f41e

SHA512
bd3ff3feb59fb1d3fa3ab751b1598af0502e24dd7bed34e5e36ab0347006c7e71c387cb835a4ad1209254a6f460a55ee67975546f8135e95bd0f76849a28d1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40374.exe

Filesize
184KB

MD5
346602455cf2f162d44767f3477d34a1

SHA1
b825c3b86a7cb9c3ba67352d28469de5356f6da7

SHA256
1c89f0f0ee8b28da3dbe5eeb81ff51e383f48b42158904e077b3b356d932436e

SHA512
1da88c486e4fddd64ee7e4f80849e03c1eebd6d177ea6420d983f1d740273c0516c11cf96272677ae57ece5816a058e739f31b1d43b3af49fe4b57c8dff0343e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40950.exe

Filesize
184KB

MD5
916a9d3c9d9677a559bc7e8ebf9286a0

SHA1
526a861f94d27ca54d5c837415314df5b58db517

SHA256
6a3d9466ddedb322168e18d6b4fe7ccb8369680ddf8a9e61d42bbd4d6c2070eb

SHA512
3723d44e24dbb8d4f2bebddc54e32219ca49168b79e77e9249d4d25b7f54f5d66c40448fe35d0c90ea14ed861a9dfa3249efee395b605116e5a4fc7c7e37f899

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe

Filesize
184KB

MD5
51db4483ce8ad9ad61822448cd58f1da

SHA1
9285eaddcd07235584b13eae7cf9310d56d01d3f

SHA256
4aa76d7a1b0f778fbf2bedabd27ba871bd307aacd25099616abbdb065c106bb9

SHA512
3eca4e0fd849ff7995fd2131adf975745d112bddaac76f22135d4ed1ad362165069f6ebaa9a11b95c339a5082508aee9a9a02d8d60db6e24bb31854c88fabb6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6239.exe

Filesize
184KB

MD5
15b5a28b9d5fdbd8f4ddf18fb202855f

SHA1
ea9447e04c16ddaef31d66914de7872fc3b6bf1b

SHA256
c69062abaa0c9d2a272d30bb6cabd407bf04de9edfcaacb013b86efe5b119841

SHA512
8a3b58bbfaa60558fabd935379691ec3d94e0420f3b92df6cde9aec2c1910ead82ebbc43e2462ba0252234af2dfc1783ee65aea6a3b4061c9429f210b79017c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9282.exe

Filesize
184KB

MD5
96e1cd46f2eb0026eda39c0cae3ae06d

SHA1
a3f65b2ad5ccf85646d3ba83ad39ffb4afadff11

SHA256
613f5f8e91c502307ad6894c3c97cc1ace89e30ade3f865dddd680e5b8079c22

SHA512
fd49ab671295db7f15826cac34a88c055be554204e821ab525d8a41620e507b156850e774c9e38aceefdc0b296a1ee724425ed9c1a84a028a9eb01f94cb4bc73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1944.exe

Filesize
184KB

MD5
531dd6763cb3dd03769f961192afb8c6

SHA1
420436ea39cea89d78e2dc2ab55eae0039b38596

SHA256
3557d666cec6c4d202dd6f8805fcdb8e189e5d5abc51623314d77a5575657cdb

SHA512
5f980b6721a3ae1fef43f5be9631d8028a256dc31cf35b27e2e376fe738184ac3c4fc3bdaaa1381b84db7141ea3e8d542c9973e54e1c33a223de66eca84f445b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe

Filesize
184KB

MD5
9d4d14377c639b47f06df05737ee80a9

SHA1
5cde104529050d400a6883211e5b5729734824e4

SHA256
f480389065128c296ee0d5816a20ddbfdc5893ce4baeadd1dc894f89adc0a55a

SHA512
9e617ec6c70b3cb16b68f684998e7b5a2857ab343fbb5245f686ef058b72bcb29b7beea2f1b416e112710d7970dd95a5fe7532e5a5064dde70e57f3c8ad0f305

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24968.exe

Filesize
184KB

MD5
88a20bef7f25b887d0af7ea274daf173

SHA1
e9e288a144cf39cc6221a2c33f6d2bdc6fb27c2f

SHA256
6e548d46f6ab4e8ef20ae47d58b0e4de70e4aab062ebbfb4a4cfaa01ccb248b7

SHA512
7f1123a3712ff7844d7fc79eee6d2ac8d7cdd1bb90994fb2b6b7bf5319addb0bc7f5fd7fcef0d25fbf92fab8784ba858e37cad397ccf7c1c2e34a06d15b7e01d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36754.exe

Filesize
184KB

MD5
f74cae224001f0fdd0aef5ecac8596db

SHA1
9b84e4096f85c3317b260c5dd0dd56a4d7e1a467

SHA256
8e2a472c20f10524ec8e6c78775941c89efdd9a899d1cffbcaf1066cfefabc20

SHA512
4bab0025d9773ad7780bd53b1b30af3bccdb31cd354efda69b6cee542c5df8914b8cbd93244cb2b5a84697699a9d4dcba8a15dcb64d5176e7f0f6942f7073928

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40009.exe

Filesize
184KB

MD5
8d16daa08e9acf21bdb60fa7169973cf

SHA1
c1730e2a2c742d76201a38080b387925d25995a0

SHA256
b2778a9c809ca0080a1187adf0172760e3ab901625c92890c533cd1ca4921e08

SHA512
46591e67e9ab5b5e1bf8cf4edd68417de8153ea65cfc7c546c969fb22663bf58c7306992540610dc526ec7ac10d868b946a514c6cfc68a74a1a727881aee5ff1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe

Filesize
184KB

MD5
569ad4a6a336676223d84bade07fcc78

SHA1
a8e44ce6c490fed76ed650560134f44d203b77bc

SHA256
2215517dbadb41d17cd79ba36a158a4e8c5f2ee86e0b5abb131b99a79ece82e1

SHA512
3fa20e0e4953a64db7b51b9798ca351d5c82c86f145d5cb159c6895400736f9f8089d36eb8b5baa6b0e7c9acbf64719c2ff61383bc9aee69b13f69ac972c8d2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48452.exe

Filesize
184KB

MD5
88e0c3a0b2d895e2495c3d7ebae49165

SHA1
b1bc1ea953f75b3310543cf789ba234a0e282660

SHA256
a873f0af52ef0e6e7d295170b83558186172c79cef0647d24d3bc909774bb0c7

SHA512
dd17813f4a481a1e3a23f67262b4441485697e56355c3c0cd67f33982ed01244cce7a0c7679c08adf834a33c5a049cc4c245a12b78c84540b0bb505eb26f9f80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe

Filesize
184KB

MD5
f8998ebbf54543c8c212a51a72ec0ed6

SHA1
dc033e50daaa186a4f2bb6ca0ff51e3a974c9192

SHA256
8626c3a486db8403e5091591963243c3fc037782e9bf1ef67a5bc97c16924082

SHA512
d5bb3422af2626ddd4c27b69d7bf2e7d58a0be718b2735a42d367dd451349665235b0506b5336d04bad18c49372c96a111c166d4dd7006195aea2a43af7a3d41

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54871.exe

Filesize
184KB

MD5
cb05563d1cb229e1a769e1c082c98a28

SHA1
7a093c417382f0ba88d7d3855007296f4cfa041a

SHA256
27c47b7cbe1c2be1a6581ba338a10ce7535b98027509683485c7d407329ac065

SHA512
6838183d2f4451018ef5dc7dfa209497244f9a2d4709e8a4253778af7126d305335f9df2ef7d377aaf0eea296752d0eb982cc4e010ed70dad6d13d9bde25a667

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe

Filesize
184KB

MD5
5491ba8f6f90acdc0530704249b9cac4

SHA1
0d43cc86c6bcd94adf04eb5f44b496cabacfde8d

SHA256
4e5aa537694976034f7c2e5a7dcec6b3872a84c99dc9498dbc5ca4ecb80d55fc

SHA512
907092632f42623e7b5b077be2c4fb058167dcd9799db6808873e2f647609c29ee8a61abf768eb2c4357a1c6ea476749784f2d5b2b18ee8b45e80bbcd9d4122e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61524.exe

Filesize
184KB

MD5
923b2d238342ef93d62c60d4bbf353bf

SHA1
65da73bcd9999491370b0f28bfcec7c6631f046d

SHA256
b4577c885bac851059494bf26fe8199fd636b035387f98645b9e7e477d495132

SHA512
b9efa22f3d09e80fdd6e05fdf9875bba438d2aa2e3149f9867fd0b35d65c1cb2d560cbb7f1de4a160752373386970754b0a77d9c5ce32899aa9e1e492a8af0b3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9199.exe

Filesize
184KB

MD5
88e3d7a863baba4ffeb50d4dbd0212fe

SHA1
5ba398ae2b7660f97a30a9cc036d63cc797f1fbb

SHA256
36718f3ecfbe69043fd9b722247c79599cc1e3c84cb30932cb5a9821351313f7

SHA512
23cf1456202d602f2e3152c59a077ba2d295553bad8e7e97b80311e92fba9a6772a9f7b7c1a25f912aded4b212c21ad09c4f9c5c2711fe90a40d2b8e232877a5

Download Submit