7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
Size

184KB
MD5

499a063959b9e2e782b7908f18ddd11f
SHA1

52021758e1c2d9f643a68e8f42d955f4a85dbc91
SHA256

7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1
SHA512

9183a1f1a2cac97ca8f2e0d0c287f1d9ef2cb04963e40a3f366cb714f454a2f0566f7c8078ffb659676b6c60e16b03504fcb25f03511bdf11bef3b7183b9a6bb
SSDEEP

3072:uRfn/MolLpEAD21YeUqpGXjACY4xsiKE+Ola5qTUnIhlnVOFvnr:uR8oUq21TYXjAZ7AHhlnVOFv

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-26202.exeUnicorn-48843.exeUnicorn-63788.exeUnicorn-53887.exeUnicorn-46274.exeUnicorn-23161.exeUnicorn-2787.exeUnicorn-17732.exeUnicorn-45766.exeUnicorn-58018.exeUnicorn-38152.exeUnicorn-6954.exeUnicorn-26175.exeUnicorn-924.exeUnicorn-62377.exeUnicorn-54764.exeUnicorn-54764.exeUnicorn-9092.exeUnicorn-20551.exeUnicorn-40971.exeUnicorn-21105.exeUnicorn-17021.exeUnicorn-6160.exeUnicorn-60576.exeUnicorn-23073.exeUnicorn-514.exeUnicorn-15459.exeUnicorn-35325.exeUnicorn-20634.exeUnicorn-27410.exeUnicorn-45714.exeUnicorn-6819.exeUnicorn-64743.exeUnicorn-23156.exeUnicorn-46461.exeUnicorn-43768.exeUnicorn-39684.exeUnicorn-51936.exeUnicorn-1344.exeUnicorn-17126.exeUnicorn-36154.exeUnicorn-56020.exeUnicorn-5428.exeUnicorn-60680.exeUnicorn-40814.exeUnicorn-39191.exeUnicorn-37629.exeUnicorn-13679.exeUnicorn-45797.exeUnicorn-52574.exeUnicorn-6902.exeUnicorn-54157.exeUnicorn-60934.exeUnicorn-35683.exeUnicorn-9040.exeUnicorn-62688.exeUnicorn-59995.exeUnicorn-9403.exeUnicorn-45605.exeUnicorn-41521.exeUnicorn-21655.exeUnicorn-53965.exeUnicorn-15070.exeUnicorn-30015.exe

pid	process
844	Unicorn-26202.exe
2380	Unicorn-48843.exe
2744	Unicorn-63788.exe
2572	Unicorn-53887.exe
2592	Unicorn-46274.exe
2824	Unicorn-23161.exe
2524	Unicorn-2787.exe
2852	Unicorn-17732.exe
2996	Unicorn-45766.exe
1200	Unicorn-58018.exe
2012	Unicorn-38152.exe
2632	Unicorn-6954.exe
2916	Unicorn-26175.exe
2372	Unicorn-924.exe
2460	Unicorn-62377.exe
744	Unicorn-54764.exe
1168	Unicorn-54764.exe
1316	Unicorn-9092.exe
2500	Unicorn-20551.exe
2400	Unicorn-40971.exe
2376	Unicorn-21105.exe
2040	Unicorn-17021.exe
284	Unicorn-6160.exe
3036	Unicorn-60576.exe
920	Unicorn-23073.exe
1836	Unicorn-514.exe
1768	Unicorn-15459.exe
3016	Unicorn-35325.exe
2960	Unicorn-20634.exe
1612	Unicorn-27410.exe
2640	Unicorn-45714.exe
2736	Unicorn-6819.exe
2772	Unicorn-64743.exe
2712	Unicorn-23156.exe
2588	Unicorn-46461.exe
2536	Unicorn-43768.exe
2984	Unicorn-39684.exe
1624	Unicorn-51936.exe
2788	Unicorn-1344.exe
2880	Unicorn-17126.exe
2008	Unicorn-36154.exe
1068	Unicorn-56020.exe
1036	Unicorn-5428.exe
1264	Unicorn-60680.exe
1640	Unicorn-40814.exe
1536	Unicorn-39191.exe
2052	Unicorn-37629.exe
1136	Unicorn-13679.exe
956	Unicorn-45797.exe
1600	Unicorn-52574.exe
1784	Unicorn-6902.exe
1908	Unicorn-54157.exe
2080	Unicorn-60934.exe
1180	Unicorn-35683.exe
1580	Unicorn-9040.exe
1608	Unicorn-62688.exe
3056	Unicorn-59995.exe
2732	Unicorn-9403.exe
2896	Unicorn-45605.exe
2720	Unicorn-41521.exe
2396	Unicorn-21655.exe
2568	Unicorn-53965.exe
2452	Unicorn-15070.exe
2596	Unicorn-30015.exe

Loads dropped DLL 64 IoCs

Processes:

7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exeUnicorn-26202.exeUnicorn-63788.exeUnicorn-48843.exeWerFault.exeUnicorn-53887.exeUnicorn-46274.exeUnicorn-23161.exeWerFault.exeWerFault.exeUnicorn-2787.exeWerFault.exeUnicorn-38152.exeUnicorn-45766.exeUnicorn-17732.exeWerFault.exeWerFault.exe

pid	process
2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
844	Unicorn-26202.exe
844	Unicorn-26202.exe
2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
2744	Unicorn-63788.exe
2744	Unicorn-63788.exe
2380	Unicorn-48843.exe
844	Unicorn-26202.exe
2380	Unicorn-48843.exe
844	Unicorn-26202.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2572	Unicorn-53887.exe
2572	Unicorn-53887.exe
2744	Unicorn-63788.exe
2744	Unicorn-63788.exe
2592	Unicorn-46274.exe
2592	Unicorn-46274.exe
2380	Unicorn-48843.exe
2824	Unicorn-23161.exe
2824	Unicorn-23161.exe
2380	Unicorn-48843.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
300	WerFault.exe
1764	WerFault.exe
1764	WerFault.exe
1764	WerFault.exe
1764	WerFault.exe
300	WerFault.exe
1764	WerFault.exe
2524	Unicorn-2787.exe
2524	Unicorn-2787.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2136	WerFault.exe
2572	Unicorn-53887.exe
2572	Unicorn-53887.exe
2012	Unicorn-38152.exe
2012	Unicorn-38152.exe
2996	Unicorn-45766.exe
2996	Unicorn-45766.exe
2592	Unicorn-46274.exe
2824	Unicorn-23161.exe
2824	Unicorn-23161.exe
2592	Unicorn-46274.exe
2852	Unicorn-17732.exe
2852	Unicorn-17732.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe
1792	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2288	2432	WerFault.exe	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
2988	844	WerFault.exe	Unicorn-26202.exe
300	2744	WerFault.exe	Unicorn-63788.exe
1764	2380	WerFault.exe	Unicorn-48843.exe
2136	2632	WerFault.exe	Unicorn-6954.exe
1924	2572	WerFault.exe	Unicorn-53887.exe
1792	2592	WerFault.exe	Unicorn-46274.exe
1540	2824	WerFault.exe	Unicorn-23161.exe
2084	2012	WerFault.exe	Unicorn-38152.exe
2072	1200	WerFault.exe	Unicorn-58018.exe
2724	2996	WerFault.exe	Unicorn-45766.exe
2476	2852	WerFault.exe	Unicorn-17732.exe
2956	1836	WerFault.exe	Unicorn-514.exe
324	2916	WerFault.exe	Unicorn-26175.exe
2212	2372	WerFault.exe	Unicorn-924.exe
2928	2460	WerFault.exe	Unicorn-62377.exe
1980	1168	WerFault.exe	Unicorn-54764.exe
1292	1316	WerFault.exe	Unicorn-9092.exe
1500	744	WerFault.exe	Unicorn-54764.exe
1636	2524	WerFault.exe	Unicorn-2787.exe
1272	2500	WerFault.exe	Unicorn-20551.exe
2868	2400	WerFault.exe	Unicorn-40971.exe
1988	2376	WerFault.exe	Unicorn-21105.exe
1788	284	WerFault.exe	Unicorn-6160.exe
3020	2040	WerFault.exe	Unicorn-17021.exe
1100	3036	WerFault.exe	Unicorn-60576.exe
2428	920	WerFault.exe	Unicorn-23073.exe
1244	1768	WerFault.exe	Unicorn-15459.exe
2488	3016	WerFault.exe	Unicorn-35325.exe
2284	2960	WerFault.exe	Unicorn-20634.exe
668	1612	WerFault.exe	Unicorn-27410.exe
1568	2640	WerFault.exe	Unicorn-45714.exe
2564	2736	WerFault.exe	Unicorn-6819.exe
868	2772	WerFault.exe	Unicorn-64743.exe
1864	2712	WerFault.exe	Unicorn-23156.exe
2860	2588	WerFault.exe	Unicorn-46461.exe
1064	2536	WerFault.exe	Unicorn-43768.exe
3084	2984	WerFault.exe	Unicorn-39684.exe
3132	1068	WerFault.exe	Unicorn-56020.exe
3148	2788	WerFault.exe	Unicorn-1344.exe
3208	2880	WerFault.exe	Unicorn-17126.exe
3200	2008	WerFault.exe	Unicorn-36154.exe
3192	1624	WerFault.exe	Unicorn-51936.exe
3272	1036	WerFault.exe	Unicorn-5428.exe
3656	1264	WerFault.exe	Unicorn-60680.exe
3660	1536	WerFault.exe	Unicorn-39191.exe
3264	1640	WerFault.exe	Unicorn-40814.exe
3772	1908	WerFault.exe	Unicorn-54157.exe
3956	1784	WerFault.exe	Unicorn-6902.exe
4020	1180	WerFault.exe	Unicorn-35683.exe
4040	2720	WerFault.exe	Unicorn-41521.exe
4088	2896	WerFault.exe	Unicorn-45605.exe
3188	2596	WerFault.exe	Unicorn-30015.exe
3784	2780	WerFault.exe	Unicorn-49881.exe
3932	2920	WerFault.exe	Unicorn-10711.exe
4120	2396	WerFault.exe	Unicorn-21655.exe
4156	1860	WerFault.exe	Unicorn-44775.exe
4196	1032	WerFault.exe	Unicorn-234.exe
4296	3972	WerFault.exe	Unicorn-33928.exe
4312	2864	WerFault.exe	Unicorn-51936.exe
4340	904	WerFault.exe	Unicorn-5195.exe
4332	2120	WerFault.exe	Unicorn-32392.exe
4376	1408	WerFault.exe	Unicorn-5195.exe
4400	2224	WerFault.exe	Unicorn-37545.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exeUnicorn-26202.exeUnicorn-48843.exeUnicorn-63788.exeUnicorn-53887.exeUnicorn-23161.exeUnicorn-46274.exeUnicorn-2787.exeUnicorn-17732.exeUnicorn-45766.exeUnicorn-38152.exeUnicorn-58018.exeUnicorn-6954.exeUnicorn-26175.exeUnicorn-924.exeUnicorn-62377.exeUnicorn-54764.exeUnicorn-9092.exeUnicorn-54764.exeUnicorn-20551.exeUnicorn-21105.exeUnicorn-40971.exeUnicorn-6160.exeUnicorn-17021.exeUnicorn-60576.exeUnicorn-23073.exeUnicorn-15459.exeUnicorn-35325.exeUnicorn-514.exeUnicorn-20634.exeUnicorn-27410.exeUnicorn-45714.exeUnicorn-6819.exeUnicorn-64743.exeUnicorn-23156.exeUnicorn-46461.exeUnicorn-43768.exeUnicorn-39684.exeUnicorn-51936.exeUnicorn-1344.exeUnicorn-17126.exeUnicorn-36154.exeUnicorn-5428.exeUnicorn-56020.exeUnicorn-60680.exeUnicorn-40814.exeUnicorn-39191.exeUnicorn-37629.exeUnicorn-13679.exeUnicorn-45797.exeUnicorn-52574.exeUnicorn-6902.exeUnicorn-54157.exeUnicorn-60934.exeUnicorn-35683.exeUnicorn-9040.exeUnicorn-62688.exeUnicorn-59995.exeUnicorn-9403.exeUnicorn-45605.exeUnicorn-41521.exeUnicorn-21655.exeUnicorn-53965.exeUnicorn-30015.exe

pid	process
2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
844	Unicorn-26202.exe
2380	Unicorn-48843.exe
2744	Unicorn-63788.exe
2572	Unicorn-53887.exe
2824	Unicorn-23161.exe
2592	Unicorn-46274.exe
2524	Unicorn-2787.exe
2852	Unicorn-17732.exe
2996	Unicorn-45766.exe
2012	Unicorn-38152.exe
1200	Unicorn-58018.exe
2632	Unicorn-6954.exe
2916	Unicorn-26175.exe
2372	Unicorn-924.exe
2460	Unicorn-62377.exe
1168	Unicorn-54764.exe
1316	Unicorn-9092.exe
744	Unicorn-54764.exe
2500	Unicorn-20551.exe
2376	Unicorn-21105.exe
2400	Unicorn-40971.exe
284	Unicorn-6160.exe
2040	Unicorn-17021.exe
3036	Unicorn-60576.exe
920	Unicorn-23073.exe
1768	Unicorn-15459.exe
3016	Unicorn-35325.exe
1836	Unicorn-514.exe
2960	Unicorn-20634.exe
1612	Unicorn-27410.exe
2640	Unicorn-45714.exe
2736	Unicorn-6819.exe
2772	Unicorn-64743.exe
2712	Unicorn-23156.exe
2588	Unicorn-46461.exe
2536	Unicorn-43768.exe
2984	Unicorn-39684.exe
1624	Unicorn-51936.exe
2788	Unicorn-1344.exe
2880	Unicorn-17126.exe
2008	Unicorn-36154.exe
1036	Unicorn-5428.exe
1068	Unicorn-56020.exe
1264	Unicorn-60680.exe
1640	Unicorn-40814.exe
1536	Unicorn-39191.exe
2052	Unicorn-37629.exe
1136	Unicorn-13679.exe
956	Unicorn-45797.exe
1600	Unicorn-52574.exe
1784	Unicorn-6902.exe
1908	Unicorn-54157.exe
2080	Unicorn-60934.exe
1180	Unicorn-35683.exe
1580	Unicorn-9040.exe
1608	Unicorn-62688.exe
3056	Unicorn-59995.exe
2732	Unicorn-9403.exe
2896	Unicorn-45605.exe
2720	Unicorn-41521.exe
2396	Unicorn-21655.exe
2568	Unicorn-53965.exe
2596	Unicorn-30015.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exeUnicorn-26202.exeUnicorn-63788.exeUnicorn-48843.exeUnicorn-53887.exeUnicorn-46274.exeUnicorn-23161.exeUnicorn-2787.exe

description	pid	process	target process
PID 2432 wrote to memory of 844	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-26202.exe
PID 2432 wrote to memory of 844	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-26202.exe
PID 2432 wrote to memory of 844	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-26202.exe
PID 2432 wrote to memory of 844	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-26202.exe
PID 844 wrote to memory of 2380	844	Unicorn-26202.exe	Unicorn-48843.exe
PID 844 wrote to memory of 2380	844	Unicorn-26202.exe	Unicorn-48843.exe
PID 844 wrote to memory of 2380	844	Unicorn-26202.exe	Unicorn-48843.exe
PID 844 wrote to memory of 2380	844	Unicorn-26202.exe	Unicorn-48843.exe
PID 2432 wrote to memory of 2744	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-63788.exe
PID 2432 wrote to memory of 2744	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-63788.exe
PID 2432 wrote to memory of 2744	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-63788.exe
PID 2432 wrote to memory of 2744	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	Unicorn-63788.exe
PID 2432 wrote to memory of 2288	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	WerFault.exe
PID 2432 wrote to memory of 2288	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	WerFault.exe
PID 2432 wrote to memory of 2288	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	WerFault.exe
PID 2432 wrote to memory of 2288	2432	7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe	WerFault.exe
PID 2744 wrote to memory of 2572	2744	Unicorn-63788.exe	Unicorn-53887.exe
PID 2744 wrote to memory of 2572	2744	Unicorn-63788.exe	Unicorn-53887.exe
PID 2744 wrote to memory of 2572	2744	Unicorn-63788.exe	Unicorn-53887.exe
PID 2744 wrote to memory of 2572	2744	Unicorn-63788.exe	Unicorn-53887.exe
PID 2380 wrote to memory of 2824	2380	Unicorn-48843.exe	Unicorn-23161.exe
PID 2380 wrote to memory of 2824	2380	Unicorn-48843.exe	Unicorn-23161.exe
PID 2380 wrote to memory of 2824	2380	Unicorn-48843.exe	Unicorn-23161.exe
PID 2380 wrote to memory of 2824	2380	Unicorn-48843.exe	Unicorn-23161.exe
PID 844 wrote to memory of 2592	844	Unicorn-26202.exe	Unicorn-46274.exe
PID 844 wrote to memory of 2592	844	Unicorn-26202.exe	Unicorn-46274.exe
PID 844 wrote to memory of 2592	844	Unicorn-26202.exe	Unicorn-46274.exe
PID 844 wrote to memory of 2592	844	Unicorn-26202.exe	Unicorn-46274.exe
PID 844 wrote to memory of 2988	844	Unicorn-26202.exe	WerFault.exe
PID 844 wrote to memory of 2988	844	Unicorn-26202.exe	WerFault.exe
PID 844 wrote to memory of 2988	844	Unicorn-26202.exe	WerFault.exe
PID 844 wrote to memory of 2988	844	Unicorn-26202.exe	WerFault.exe
PID 2572 wrote to memory of 2524	2572	Unicorn-53887.exe	Unicorn-2787.exe
PID 2572 wrote to memory of 2524	2572	Unicorn-53887.exe	Unicorn-2787.exe
PID 2572 wrote to memory of 2524	2572	Unicorn-53887.exe	Unicorn-2787.exe
PID 2572 wrote to memory of 2524	2572	Unicorn-53887.exe	Unicorn-2787.exe
PID 2744 wrote to memory of 2852	2744	Unicorn-63788.exe	Unicorn-17732.exe
PID 2744 wrote to memory of 2852	2744	Unicorn-63788.exe	Unicorn-17732.exe
PID 2744 wrote to memory of 2852	2744	Unicorn-63788.exe	Unicorn-17732.exe
PID 2744 wrote to memory of 2852	2744	Unicorn-63788.exe	Unicorn-17732.exe
PID 2592 wrote to memory of 2996	2592	Unicorn-46274.exe	Unicorn-45766.exe
PID 2592 wrote to memory of 2996	2592	Unicorn-46274.exe	Unicorn-45766.exe
PID 2592 wrote to memory of 2996	2592	Unicorn-46274.exe	Unicorn-45766.exe
PID 2592 wrote to memory of 2996	2592	Unicorn-46274.exe	Unicorn-45766.exe
PID 2824 wrote to memory of 1200	2824	Unicorn-23161.exe	Unicorn-58018.exe
PID 2824 wrote to memory of 1200	2824	Unicorn-23161.exe	Unicorn-58018.exe
PID 2824 wrote to memory of 1200	2824	Unicorn-23161.exe	Unicorn-58018.exe
PID 2824 wrote to memory of 1200	2824	Unicorn-23161.exe	Unicorn-58018.exe
PID 2380 wrote to memory of 2012	2380	Unicorn-48843.exe	Unicorn-38152.exe
PID 2380 wrote to memory of 2012	2380	Unicorn-48843.exe	Unicorn-38152.exe
PID 2380 wrote to memory of 2012	2380	Unicorn-48843.exe	Unicorn-38152.exe
PID 2380 wrote to memory of 2012	2380	Unicorn-48843.exe	Unicorn-38152.exe
PID 2744 wrote to memory of 300	2744	Unicorn-63788.exe	WerFault.exe
PID 2744 wrote to memory of 300	2744	Unicorn-63788.exe	WerFault.exe
PID 2744 wrote to memory of 300	2744	Unicorn-63788.exe	WerFault.exe
PID 2744 wrote to memory of 300	2744	Unicorn-63788.exe	WerFault.exe
PID 2380 wrote to memory of 1764	2380	Unicorn-48843.exe	WerFault.exe
PID 2380 wrote to memory of 1764	2380	Unicorn-48843.exe	WerFault.exe
PID 2380 wrote to memory of 1764	2380	Unicorn-48843.exe	WerFault.exe
PID 2380 wrote to memory of 1764	2380	Unicorn-48843.exe	WerFault.exe
PID 2524 wrote to memory of 2632	2524	Unicorn-2787.exe	Unicorn-6954.exe
PID 2524 wrote to memory of 2632	2524	Unicorn-2787.exe	Unicorn-6954.exe
PID 2524 wrote to memory of 2632	2524	Unicorn-2787.exe	Unicorn-6954.exe
PID 2524 wrote to memory of 2632	2524	Unicorn-2787.exe	Unicorn-6954.exe

C:\Users\Admin\AppData\Local\Temp\7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe
"C:\Users\Admin\AppData\Local\Temp\7d860e49f99bcfbafd0cef7e09d5737c77a4a7cca5ee5325c12b1ff99f2a84e1.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45797.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24931.exe
9⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
10⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
11⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23390.exe
12⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13657.exe
13⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
13⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
12⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
11⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
10⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34504.exe
9⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-17303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17303.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52256.exe
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 220
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
8⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 212
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
9⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52574.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
8⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16353.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
12⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7181.exe
13⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 204
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 204
11⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
10⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53408.exe
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 220
11⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
8⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
7⤵
- Program crash
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
6⤵
- Program crash
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
9⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55932.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
11⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56882.exe
12⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21639.exe
13⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
14⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
12⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
11⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
10⤵
- Program crash
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe
10⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53374.exe
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 220
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
11⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 220
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
8⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9061.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35886.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55489.exe
12⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38126.exe
13⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
10⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
9⤵
- Program crash
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30015.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
8⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56015.exe
10⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52071.exe
11⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64664.exe
13⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 236
13⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
12⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
11⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7561.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18323.exe
12⤵
PID:10320

C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63673.exe
13⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21973.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
10⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43154.exe
11⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
12⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 236
12⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
11⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
8⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
7⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1344.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41521.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14432.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43208.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-17303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17303.exe
11⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
13⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 220
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
9⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
8⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37545.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
9⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24594.exe
10⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3164.exe
11⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42101.exe
12⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
11⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
10⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
8⤵
- Program crash
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
7⤵
- Program crash
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
6⤵
- Program crash
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40971.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33099.exe
9⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6731.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
11⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
12⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50995.exe
13⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-274.exe
14⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 220
13⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
12⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
11⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33928.exe
9⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 200
10⤵
- Program crash
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21122.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29010.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
11⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 220
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
11⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
8⤵
- Program crash
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13679.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
8⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46944.exe
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7873.exe
11⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54119.exe
12⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57238.exe
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 236
13⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 204
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
11⤵
PID:1420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
9⤵
- Program crash
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38204.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1542.exe
10⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53133.exe
11⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62988.exe
12⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 204
10⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
8⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
7⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64743.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6902.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45351.exe
8⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53602.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
10⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46088.exe
11⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37116.exe
12⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2251.exe
13⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
12⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
10⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
11⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56942.exe
12⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
11⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29652.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7198.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22056.exe
10⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
12⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
13⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22802.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-38408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38408.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60533.exe
11⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20446.exe
12⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 220
9⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
8⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37737.exe
7⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20738.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54453.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28766.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50411.exe
11⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
12⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
12⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
11⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
9⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
10⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
11⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 216
11⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
10⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
9⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
8⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
7⤵
- Program crash
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
6⤵
- Program crash
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17021.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43768.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9040.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37370.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
11⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11005.exe
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 236
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 220
11⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44811.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
10⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29890.exe
11⤵
PID:11300

C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
12⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 204
11⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50182.exe
7⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7857.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13903.exe
10⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29807.exe
11⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1068.exe
12⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
7⤵
- Program crash
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62688.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33950.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33094.exe
9⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62995.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
11⤵
PID:11500

C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
12⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 204
11⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
10⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22252.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35485.exe
8⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33120.exe
9⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21551.exe
10⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
10⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
9⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
8⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
7⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
6⤵
- Program crash
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
5⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-23156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23156.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54157.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
9⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29098.exe
10⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
11⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
12⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26461.exe
13⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60388.exe
14⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
14⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
13⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
12⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
11⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28173.exe
10⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
11⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65325.exe
12⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44472.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 220
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
12⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42009.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
11⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
12⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
13⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 204
13⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
12⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
11⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
10⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
9⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56212.exe
8⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
10⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24106.exe
11⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63758.exe
12⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
13⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
13⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 236
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
11⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44510.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35424.exe
10⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
11⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22215.exe
12⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
13⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 204
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
9⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
8⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
8⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45538.exe
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
11⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
12⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31987.exe
13⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
11⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60955.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25502.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
10⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5769.exe
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 204
11⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
9⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
8⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
7⤵
- Program crash
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35683.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
8⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7307.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39124.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
11⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
12⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
13⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
9⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
8⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51936.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43872.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5735.exe
10⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
11⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59999.exe
12⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
8⤵
- Program crash
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
6⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60576.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39684.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59995.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
8⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48506.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
11⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17358.exe
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 216
12⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
11⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53706.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
10⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13361.exe
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 220
11⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
8⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45714.exe
7⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23452.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34417.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53353.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
11⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51317.exe
12⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 236
12⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 236
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31079.exe
8⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24957.exe
9⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
10⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6392.exe
11⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 236
11⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
10⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
9⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
8⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
7⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9403.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
8⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47676.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16810.exe
10⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
11⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
10⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
8⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14084.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
8⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61350.exe
9⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3932.exe
10⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2028.exe
11⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
10⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
9⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
7⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
5⤵
- Program crash
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54764.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:744

C:\Users\Admin\AppData\Local\Temp\Unicorn-35325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35325.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56020.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45605.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17038.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22648.exe
11⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
12⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64851.exe
13⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 216
9⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
8⤵
- Program crash
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47764.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54344.exe
9⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45948.exe
10⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
11⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
10⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
8⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
7⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
7⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53794.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11941.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3597.exe
10⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
11⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
12⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 220
11⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
7⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22248.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
9⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
10⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 236
10⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
9⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
8⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
7⤵
- Program crash
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
6⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5428.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27323.exe
6⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
7⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23836.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32554.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10011.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47897.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-48240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48240.exe
12⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
8⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13794.exe
9⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1685.exe
10⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24670.exe
11⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 204
10⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
9⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
8⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
7⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43960.exe
6⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-208.exe
7⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46368.exe
8⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
9⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
10⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32179.exe
11⤵
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
10⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
9⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
8⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
7⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
6⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 240
5⤵
- Program crash
PID:1500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 200
6⤵
- Loads dropped DLL
- Program crash
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
5⤵
- Program crash
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60680.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26493.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
9⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
10⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
11⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39171.exe
12⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
13⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
13⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
11⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3093.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59352.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63488.exe
11⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44773.exe
12⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
13⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
12⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
11⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
8⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57769.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3301.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18751.exe
11⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30134.exe
12⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
12⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
9⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 220
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41437.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
8⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4484.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5631.exe
10⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8911.exe
11⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15079.exe
12⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
12⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
11⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3986.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52601.exe
10⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35780.exe
11⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
11⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
10⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
7⤵
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44775.exe
7⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22492.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37733.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-38496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38496.exe
10⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
11⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31032.exe
12⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 236
12⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
11⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52974.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30432.exe
10⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64617.exe
11⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 240
8⤵
- Program crash
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17313.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52398.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
11⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43855.exe
12⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24210.exe
9⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43621.exe
10⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
11⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
10⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
9⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 240
8⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
7⤵
- Program crash
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
6⤵
- Program crash
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27410.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39191.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53135.exe
7⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30852.exe
8⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31127.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42196.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6498.exe
11⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
12⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 236
11⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1531.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44526.exe
9⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60058.exe
10⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19356.exe
11⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 236
11⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
10⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 240
8⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23238.exe
7⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43955.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42004.exe
9⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12611.exe
10⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18396.exe
11⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
11⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
10⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
8⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
7⤵
- Program crash
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10711.exe
6⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26576.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60291.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58532.exe
9⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13706.exe
10⤵
PID:9556

C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
11⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
10⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
7⤵
- Program crash
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
6⤵
- Program crash
PID:668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
5⤵
- Program crash
PID:324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9092.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-514.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
6⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49881.exe
6⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
7⤵
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31978.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61796.exe
10⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5385.exe
11⤵
PID:11268

C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
12⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 204
11⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
8⤵
- Program crash
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
7⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40146.exe
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16042.exe
9⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
10⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
11⤵
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
10⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
9⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32392.exe
6⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50286.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
8⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
9⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49049.exe
10⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51421.exe
11⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
10⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
9⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
7⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
- Program crash
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
5⤵
- Program crash
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17126.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-15070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15070.exe
6⤵
- Executes dropped EXE
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52258.exe
7⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63415.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54536.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28294.exe
10⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60149.exe
11⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20913.exe
12⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37519.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48314.exe
8⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35642.exe
9⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63242.exe
10⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 236
10⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 236
9⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
8⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
7⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28308.exe
6⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
7⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
8⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23909.exe
9⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
9⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
8⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
7⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
6⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
5⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57411.exe
6⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62730.exe
7⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32902.exe
8⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
9⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43102.exe
10⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 220
10⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
9⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
8⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 216
7⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
6⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26872.exe
7⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
8⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
9⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32563.exe
10⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
9⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
8⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
7⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
6⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
5⤵
- Program crash
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
4⤵
- Program crash
PID:2476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
2⤵
- Program crash
PID:2288

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28470.exe

Filesize
184KB

MD5
c70d0bdbf18ccd81054155653b7d8df9

SHA1
a63dd5aeafd43c55703d70a7251d62cd629091fa

SHA256
9b04a82e9fe07d67b07a74f4723b0810d8bd4f3e2ce402509ea2609e768202b4

SHA512
ca81b658a52cb97de287ec44369b6d6be9d35bddd02ebb4874ef616a8990807018f54bea0cdb0ca547d13489c3b04f36c069540ee64477c6a1e3e1aca3592ba6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28920.exe

Filesize
184KB

MD5
3722c07443f64ca7331c589dc763fdd1

SHA1
abf72cfe867bc0321cbdb7853ed8f6b939d0e5ee

SHA256
7979fed25f3f28dce4232afab2bee2cc3a140747e745cb99ad36b2b75477a971

SHA512
c63c78ca1585f6e6f0d4d080c466bb8f5ad003426e5c7e953e16a5cd76fbd95915c619374f51554f4bd2d53c9791a5f5425787ff6270a1419abf2f243ec5d161

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40814.exe

Filesize
184KB

MD5
c69cb2ae795d3080e4728adfaf69fdd4

SHA1
01e791cb52e082a9b06566c6cf47945ca2364a1a

SHA256
be57e082b36f524330b434a0c69c598ba820d8282aa9220b2f28dac8cf73e52f

SHA512
b775aaf46f78375c9ff520346e6aba57a1c1721782828a4be3b80d19b0c4b342292e6e44b9144c55026f26019ad9fe3cab06410a784b845d2ef01d101219b084

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45154.exe

Filesize
184KB

MD5
daed958f046b3c8442757d528ecd56bc

SHA1
14a308e6613ced4301c168be842afed4a7cfb257

SHA256
5c42fbe57a6b89ac2c7726c659c995d0ede121701ce79efc735bad8a7ca10575

SHA512
64b7efdf8df2b1419c86a0d14d117aa2484b3a559008ac45d93478dd811ebab9051ce1f1edb87e190b4e0d10cbbb1030562bfcb41c3f5c12cdb8a8d2c82f5d02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46274.exe

Filesize
184KB

MD5
ec1b3b2d7d0b9d8cd9d867805bb1983d

SHA1
10fa36f3e0b8ab2fb00e1fa455b5ed32c1f6cb59

SHA256
08d4f2da8f1740ac631104edf84eee6aa7913f65f1bbbbd53ee1b379bd2c51e4

SHA512
20eabd6b12fba40d8845f27694bbd10da843087a737ae4e30eb331127a6fff644bd987ef727ad42bdda2eb7fecd14f727a258613b0073efa2a21ca06ffc49aea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe

Filesize
184KB

MD5
2c00f2bfcf3135a139b07d5af3c1e93d

SHA1
80a32529154d689884b46978e3fdd54ec7825202

SHA256
a9d7e916a32f03f985ecd2b1abda72c91a3b43d4189e701e7fc5d36edf3c9de9

SHA512
4773ee080006722ceefc72b465fe9bc0da68a570d2b0e1d48404779dcfd74c66751895c01cbe6a02599f8a6b75545e702848e17da1bcbfaf38b929201c644ebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53887.exe

Filesize
184KB

MD5
0c3459e249c508a2fe2594b179290a55

SHA1
722ba0de347768a7b2a7755693a4dcc075e9b4d7

SHA256
9e97d5cc78460c0db9377dee3c70990457275c2c99236b4a4b06d0ec8b263f47

SHA512
596b26aa360e3338977b63400e76bd776404697c32c2ebeff511cfc66f0228c0990b34dc6a874a087bb0dcf85294686ecd9f2e0857a9b91e91c2901580272086

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6160.exe

Filesize
184KB

MD5
e9f340abf6936f45db495a3ebc2e1f64

SHA1
cfb4a6f490d38de2733f8fb5662c78ed54cc0399

SHA256
e89d34f58783534f6c91f821fcdb47b66712e0bf72cd55bf72960544b3d1a77c

SHA512
dd29c373a2aee76c9851ebf737336485a6787b95a7afeadd5117fe06daff5421d08f8be6ca8848db6f48527bd05781de9d52b269e30da7daedb940cb1a0788b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6819.exe

Filesize
184KB

MD5
04123e11559a2c1fdf3a727d1398a71f

SHA1
e4369b11d3fc0831c5a29319c97af5663d84b5a1

SHA256
3360198e96feda4ac91932ae8cc9923d667dbee3faebb6bdb81d8465e98c1c9c

SHA512
dd042f069fedcb8d2c8cbcc45a911e3e434831e59f961764d2e8585006d6c654ddc1cecc727a09d9ea5021ddcda8a0620a6c3944379ea11b26c8ce54d163b292

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe

Filesize
184KB

MD5
1bccdab60aa7a8f808d6cc08a887f8a4

SHA1
9cc1511d998fb85d6736e3c06581336c9ce5f1fd

SHA256
02b080a23ce64f099029fc752431582581149682fc2d9fd95c997dcfc5e076ff

SHA512
418cf6eb09d8f3ed0675998ea5707795c55350154f41063116bf7987596280912929e88b058a71862b365edf89f829e1a1c0cfaba4e55cf7c2c8f038625a0827

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23161.exe

Filesize
184KB

MD5
8470ca0e54ffc9822c064643e8a246ee

SHA1
1ea30ea5949abed3ac3cf474f1801ad7b85b268e

SHA256
4a509dd05988f56ae58def8de851e3248855b6ff7cfac093ff1750dc8d97dbde

SHA512
37a0b6ec58cf039361a09655145571eb16113ec0844e49c37a50d7f613936ca4dac343f2386c7bececb8f5426b5171b39502899bd854e963819ec02bda2cffdb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe

Filesize
184KB

MD5
0fcd8161df4e5cbdde21138cd2946306

SHA1
9eafac9bf80fdd61c36537e02f4918f04dcb30e9

SHA256
9bb9bc72403d1ddc847c71624a7428ea631ff900aa0377023e2bd0859c9f378a

SHA512
7f275234d3cec6065de1efba80d8cc7ae8591d04cdcd6e15d4005f57feeb7afd6d3931e679f12eb8e5d740e399cb9c3d20d45a341da94b72858293373b3a36c1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe

Filesize
184KB

MD5
aa463069ef31755aa3278a9f74b565ed

SHA1
4777c911c7ab191f1e0ce3f759369217884ad209

SHA256
8445c3a738f3f4a70e64e8b49161ca5430daf15869fe7f06b78e164727942b2d

SHA512
8f5fba2674a1581ec6460fd22f7a7e235a562eec2f83a4771297136d4de8207cdf85a0de752a5dc89b1b77f5d236687a97ac1784f370b0058ac3f0fe54986629

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2787.exe

Filesize
184KB

MD5
384082704e4fb8b9672dc57df1e95701

SHA1
edd4ff47b8b424563d0b40256c6cc46631a8550f

SHA256
eab6838da01765ca89ced747432ed9b3c06af56a673fc01f712668992ce1cbc0

SHA512
ad55d549ad960f34e64bc8973cb753e0e191db73e2111f3bdbe2adf8c7d63a0023f00e3a18bed31488367ecd22fe276e861897d63b53adee893c563ff8e6e6f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe

Filesize
184KB

MD5
5458cc07da8d5f51c2afd178f059b0bd

SHA1
14482be9467ea4014e0cc01819b83f6d764a44e6

SHA256
1cf4e63d766564db0c09e4d17a153a3fbca39ef9c64f6a009b448cd7a071f83c

SHA512
7ace065b4bb2b2edf4bdab62b0a0af5fdf9e9cde5de65687fe07457931269d77e05f2efbc65ec60359204434980c86c1c1de2aea3edbe3dadcd2c5b5c3ae087b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45766.exe

Filesize
184KB

MD5
8dfdfb2bcacd3b075b1971824358a156

SHA1
0d8772188529b6b219c2ef6d52fb98d29b9f132e

SHA256
8a78fd7b706db0c30037a283e07f76803213b7353418c2bacaccacdf32886dc0

SHA512
a87cea104de5c6a6686fcf10c0d60f1b72e771c644c40aedd181798906e70ff823c6b7fcad0cafc0a8a9e628f1d1188e56b29ddaaa05b5d901e9d25cd7dfecf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48843.exe

Filesize
184KB

MD5
34ee6295075b9bda9ce5ec0e7e425ba7

SHA1
f0dac852c497bf6c10c466509b0fac8f54437c7e

SHA256
9499702886488e6aa7892af418767849a13e9432411ec84cf2c416b59de59292

SHA512
8cb5d7315755ed7fd387dff16c72193a167ea18f090440d9ba70f408f225e308e812c4aa0bd83d52e6950afee70d63aa3b6fa6dd8f3986ec99999e33de66ab82

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58018.exe

Filesize
184KB

MD5
7890a8d16f9ae97f4d65171152454c14

SHA1
cba416d12efe1517d157e95c711bddc3788df0cd

SHA256
d2e4cab3b0641780d153fc1ba6e3da4347d4eb4a4eb89d7f0d8bf156c8865a2c

SHA512
ccf00b5ccbf675e9e8fa6b972bec68d34ed52e6cc758b16c5d78470646b5ceb5389a604d909839488ca7c716489145164c656bb07385df1b637e6235b35526af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe

Filesize
184KB

MD5
7524b4c34f570ce3aa7a9e336ef3f14c

SHA1
aa464cacb865d192f2201f10233d57aa55305d08

SHA256
1b79dde95fa89ad54288380290e890916de0a5fa7f54a01ba24965096f08fc86

SHA512
1511d62eb0e7f48eacc1d56e3c89ca0a56ec467ff43925552b1d5112885e2b9fd0c376b8af11827f060ef804cc9d85000d004a4ba5db3b7a948be4563a0500d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6954.exe

Filesize
184KB

MD5
2aa2b8c3db2248daf264ce08c6b850d3

SHA1
770e1d1f588baebd4f60b8aaba49845d9fc09232

SHA256
0075126d595a9c935f8dc38a6eaaad4b75cb511170217edee5f13bfce3737af2

SHA512
5a9bf61f36c2573aaabd4a0edf61b1ed7908579d7194a098032df9d3b77f5681acfa03b31b3692f699ce8111414b2ebecd3ec9c50f393050481f385fcdc52015

Download Submit