84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
Size

184KB
MD5

10adc63b2293a2cb95fad03277453d25
SHA1

ac478a15266f57eedd3330f58074a80e5e2e08ce
SHA256

84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0
SHA512

db37517cf8d7905cfd5787dca257e35b49103a795539cb455e1399265f8ff6a894694dcf712cb62b959f56905b9bd192d1ed9e10f7842972a5bf07dd886ee9de
SSDEEP

3072:43i3vSoT78KrdFZWeJwLRKsJhlnViFFn3:43rodRFZgLYsJhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-58631.exeUnicorn-1345.exeUnicorn-12206.exeUnicorn-61490.exeUnicorn-23795.exeUnicorn-55673.exeUnicorn-43976.exeUnicorn-63841.exeUnicorn-29114.exeUnicorn-39974.exeUnicorn-63924.exeUnicorn-56503.exeUnicorn-10831.exeUnicorn-60115.exeUnicorn-56031.exeUnicorn-31012.exeUnicorn-19083.exeUnicorn-29943.exeUnicorn-29943.exeUnicorn-49809.exeUnicorn-55105.exeUnicorn-47492.exeUnicorn-63273.exeUnicorn-8597.exeUnicorn-28463.exeUnicorn-35069.exeUnicorn-258.exeUnicorn-45930.exeUnicorn-30985.exeUnicorn-41845.exeUnicorn-43237.exeUnicorn-51104.exeUnicorn-27154.exeUnicorn-33206.exeUnicorn-10647.exeUnicorn-41374.exeUnicorn-21508.exeUnicorn-6563.exeUnicorn-33760.exeUnicorn-43512.exeUnicorn-54373.exeUnicorn-51680.exeUnicorn-51680.exeUnicorn-27730.exeUnicorn-29122.exeUnicorn-39982.exeUnicorn-59848.exeUnicorn-5748.exeUnicorn-25614.exeUnicorn-34358.exeUnicorn-9853.exeUnicorn-48748.exeUnicorn-64892.exeUnicorn-22468.exeUnicorn-42334.exeUnicorn-17315.exeUnicorn-48042.exeUnicorn-63823.exeUnicorn-56210.exeUnicorn-14814.exeUnicorn-61877.exeUnicorn-61877.exeUnicorn-22983.exeUnicorn-3117.exe

pid	process
1316	Unicorn-58631.exe
3068	Unicorn-1345.exe
1272	Unicorn-12206.exe
2640	Unicorn-61490.exe
2540	Unicorn-23795.exe
2628	Unicorn-55673.exe
1964	Unicorn-43976.exe
3032	Unicorn-63841.exe
1820	Unicorn-29114.exe
1616	Unicorn-39974.exe
2404	Unicorn-63924.exe
1052	Unicorn-56503.exe
896	Unicorn-10831.exe
2912	Unicorn-60115.exe
2544	Unicorn-56031.exe
2108	Unicorn-31012.exe
2376	Unicorn-19083.exe
628	Unicorn-29943.exe
1808	Unicorn-29943.exe
2780	Unicorn-49809.exe
1764	Unicorn-55105.exe
1396	Unicorn-47492.exe
1048	Unicorn-63273.exe
1772	Unicorn-8597.exe
2860	Unicorn-28463.exe
1988	Unicorn-35069.exe
2468	Unicorn-258.exe
1268	Unicorn-45930.exe
1728	Unicorn-30985.exe
2592	Unicorn-41845.exe
1688	Unicorn-43237.exe
2364	Unicorn-51104.exe
2664	Unicorn-27154.exe
2808	Unicorn-33206.exe
2800	Unicorn-10647.exe
2500	Unicorn-41374.exe
2476	Unicorn-21508.exe
3012	Unicorn-6563.exe
2276	Unicorn-33760.exe
2760	Unicorn-43512.exe
1696	Unicorn-54373.exe
2040	Unicorn-51680.exe
1044	Unicorn-51680.exe
2032	Unicorn-27730.exe
1976	Unicorn-29122.exe
2208	Unicorn-39982.exe
760	Unicorn-59848.exe
3020	Unicorn-5748.exe
2112	Unicorn-25614.exe
1844	Unicorn-34358.exe
236	Unicorn-9853.exe
692	Unicorn-48748.exe
908	Unicorn-64892.exe
2228	Unicorn-22468.exe
2472	Unicorn-42334.exe
1324	Unicorn-17315.exe
2944	Unicorn-48042.exe
1196	Unicorn-63823.exe
1656	Unicorn-56210.exe
2636	Unicorn-14814.exe
3036	Unicorn-61877.exe
2764	Unicorn-61877.exe
1020	Unicorn-22983.exe
2772	Unicorn-3117.exe

Loads dropped DLL 64 IoCs

Processes:

84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exeUnicorn-58631.exeUnicorn-12206.exeWerFault.exeUnicorn-61490.exeUnicorn-23795.exeWerFault.exeUnicorn-55673.exeUnicorn-43976.exeUnicorn-63841.exeWerFault.exeWerFault.exeUnicorn-39974.exeUnicorn-29114.exeWerFault.exeUnicorn-10831.exeUnicorn-56503.exe

pid	process
2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
1316	Unicorn-58631.exe
1316	Unicorn-58631.exe
2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
1316	Unicorn-58631.exe
1316	Unicorn-58631.exe
1272	Unicorn-12206.exe
1272	Unicorn-12206.exe
2620	WerFault.exe
2620	WerFault.exe
2620	WerFault.exe
2620	WerFault.exe
2620	WerFault.exe
2640	Unicorn-61490.exe
2640	Unicorn-61490.exe
2540	Unicorn-23795.exe
1272	Unicorn-12206.exe
2540	Unicorn-23795.exe
1272	Unicorn-12206.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2628	Unicorn-55673.exe
2628	Unicorn-55673.exe
2640	Unicorn-61490.exe
2640	Unicorn-61490.exe
1964	Unicorn-43976.exe
1964	Unicorn-43976.exe
3032	Unicorn-63841.exe
3032	Unicorn-63841.exe
2540	Unicorn-23795.exe
2540	Unicorn-23795.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1616	Unicorn-39974.exe
1616	Unicorn-39974.exe
1820	Unicorn-29114.exe
1820	Unicorn-29114.exe
2628	Unicorn-55673.exe
2628	Unicorn-55673.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
896	Unicorn-10831.exe
2964	WerFault.exe
896	Unicorn-10831.exe
1964	Unicorn-43976.exe
3032	Unicorn-63841.exe
1964	Unicorn-43976.exe
3032	Unicorn-63841.exe
1052	Unicorn-56503.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2792	2928	WerFault.exe	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
2620	1316	WerFault.exe	Unicorn-58631.exe
2840	1272	WerFault.exe	Unicorn-12206.exe
2200	2640	WerFault.exe	Unicorn-61490.exe
1680	2540	WerFault.exe	Unicorn-23795.exe
2964	2404	WerFault.exe	Unicorn-63924.exe
1556	2628	WerFault.exe	Unicorn-55673.exe
2352	1964	WerFault.exe	Unicorn-43976.exe
1784	3032	WerFault.exe	Unicorn-63841.exe
2332	1616	WerFault.exe	Unicorn-39974.exe
1684	1820	WerFault.exe	Unicorn-29114.exe
2788	896	WerFault.exe	Unicorn-10831.exe
2728	1052	WerFault.exe	Unicorn-56503.exe
580	2912	WerFault.exe	Unicorn-60115.exe
2196	2544	WerFault.exe	Unicorn-56031.exe
1644	2108	WerFault.exe	Unicorn-31012.exe
2400	2376	WerFault.exe	Unicorn-19083.exe
408	628	WerFault.exe	Unicorn-29943.exe
1120	2780	WerFault.exe	Unicorn-49809.exe
1628	1808	WerFault.exe	Unicorn-29943.exe
2952	1764	WerFault.exe	Unicorn-55105.exe
2328	1396	WerFault.exe	Unicorn-47492.exe
1792	2860	WerFault.exe	Unicorn-28463.exe
2172	1772	WerFault.exe	Unicorn-8597.exe
884	1048	WerFault.exe	Unicorn-63273.exe
1320	1988	WerFault.exe	Unicorn-35069.exe
2648	1268	WerFault.exe	Unicorn-45930.exe
2668	1728	WerFault.exe	Unicorn-30985.exe
2576	1688	WerFault.exe	Unicorn-43237.exe
2768	2592	WerFault.exe	Unicorn-41845.exe
2820	880	WerFault.exe	Unicorn-33241.exe
2852	2364	WerFault.exe	Unicorn-51104.exe
552	2664	WerFault.exe	Unicorn-27154.exe
3008	2800	WerFault.exe	Unicorn-10647.exe
2188	3012	WerFault.exe	Unicorn-6563.exe
1708	2476	WerFault.exe	Unicorn-21508.exe
1148	2808	WerFault.exe	Unicorn-33206.exe
264	2500	WerFault.exe	Unicorn-41374.exe
3108	2760	WerFault.exe	Unicorn-43512.exe
3100	1044	WerFault.exe	Unicorn-51680.exe
3136	760	WerFault.exe	Unicorn-59848.exe
3144	2208	WerFault.exe	Unicorn-39982.exe
3180	2040	WerFault.exe	Unicorn-51680.exe
3192	1976	WerFault.exe	Unicorn-29122.exe
3208	2032	WerFault.exe	Unicorn-27730.exe
3616	2112	WerFault.exe	Unicorn-25614.exe
3624	3020	WerFault.exe	Unicorn-5748.exe
3968	236	WerFault.exe	Unicorn-9853.exe
3988	2252	WerFault.exe	Unicorn-65359.exe
3444	1844	WerFault.exe	Unicorn-34358.exe
3580	2232	WerFault.exe	Unicorn-43403.exe
3656	1020	WerFault.exe	Unicorn-22983.exe
3836	3432	WerFault.exe	Unicorn-253.exe
4132	3036	WerFault.exe	Unicorn-61877.exe
4168	2532	WerFault.exe	Unicorn-36579.exe
4192	2356	WerFault.exe	Unicorn-50180.exe
4216	1092	WerFault.exe	Unicorn-58348.exe
4240	2804	WerFault.exe	Unicorn-9936.exe
4264	2944	WerFault.exe	Unicorn-48042.exe
4284	908	WerFault.exe	Unicorn-64892.exe
4300	2836	WerFault.exe	Unicorn-31151.exe
4332	2228	WerFault.exe	Unicorn-22468.exe
4348	2784	WerFault.exe	Unicorn-62022.exe
4356	748	WerFault.exe	Unicorn-6215.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exeUnicorn-58631.exeUnicorn-12206.exeUnicorn-61490.exeUnicorn-23795.exeUnicorn-55673.exeUnicorn-43976.exeUnicorn-63841.exeUnicorn-39974.exeUnicorn-29114.exeUnicorn-63924.exeUnicorn-56503.exeUnicorn-10831.exeUnicorn-60115.exeUnicorn-56031.exeUnicorn-31012.exeUnicorn-19083.exeUnicorn-29943.exeUnicorn-29943.exeUnicorn-49809.exeUnicorn-55105.exeUnicorn-47492.exeUnicorn-28463.exeUnicorn-8597.exeUnicorn-63273.exeUnicorn-258.exeUnicorn-35069.exeUnicorn-45930.exeUnicorn-30985.exeUnicorn-43237.exeUnicorn-41845.exeUnicorn-51104.exeUnicorn-27154.exeUnicorn-33206.exeUnicorn-10647.exeUnicorn-41374.exeUnicorn-6563.exeUnicorn-33760.exeUnicorn-21508.exeUnicorn-43512.exeUnicorn-54373.exeUnicorn-51680.exeUnicorn-51680.exeUnicorn-27730.exeUnicorn-29122.exeUnicorn-39982.exeUnicorn-59848.exeUnicorn-5748.exeUnicorn-25614.exeUnicorn-34358.exeUnicorn-9853.exeUnicorn-48748.exeUnicorn-64892.exeUnicorn-22468.exeUnicorn-17315.exeUnicorn-42334.exeUnicorn-48042.exeUnicorn-63823.exeUnicorn-56210.exeUnicorn-14814.exeUnicorn-61877.exeUnicorn-61877.exeUnicorn-22983.exeUnicorn-3117.exe

pid	process
2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
1316	Unicorn-58631.exe
1272	Unicorn-12206.exe
2640	Unicorn-61490.exe
2540	Unicorn-23795.exe
2628	Unicorn-55673.exe
1964	Unicorn-43976.exe
3032	Unicorn-63841.exe
1616	Unicorn-39974.exe
1820	Unicorn-29114.exe
2404	Unicorn-63924.exe
1052	Unicorn-56503.exe
896	Unicorn-10831.exe
2912	Unicorn-60115.exe
2544	Unicorn-56031.exe
2108	Unicorn-31012.exe
2376	Unicorn-19083.exe
628	Unicorn-29943.exe
1808	Unicorn-29943.exe
2780	Unicorn-49809.exe
1764	Unicorn-55105.exe
1396	Unicorn-47492.exe
2860	Unicorn-28463.exe
1772	Unicorn-8597.exe
1048	Unicorn-63273.exe
2468	Unicorn-258.exe
1988	Unicorn-35069.exe
1268	Unicorn-45930.exe
1728	Unicorn-30985.exe
1688	Unicorn-43237.exe
2592	Unicorn-41845.exe
2364	Unicorn-51104.exe
2664	Unicorn-27154.exe
2808	Unicorn-33206.exe
2800	Unicorn-10647.exe
2500	Unicorn-41374.exe
3012	Unicorn-6563.exe
2276	Unicorn-33760.exe
2476	Unicorn-21508.exe
2760	Unicorn-43512.exe
1696	Unicorn-54373.exe
2040	Unicorn-51680.exe
1044	Unicorn-51680.exe
2032	Unicorn-27730.exe
1976	Unicorn-29122.exe
2208	Unicorn-39982.exe
760	Unicorn-59848.exe
3020	Unicorn-5748.exe
2112	Unicorn-25614.exe
1844	Unicorn-34358.exe
236	Unicorn-9853.exe
692	Unicorn-48748.exe
908	Unicorn-64892.exe
2228	Unicorn-22468.exe
1324	Unicorn-17315.exe
2472	Unicorn-42334.exe
2944	Unicorn-48042.exe
1196	Unicorn-63823.exe
1656	Unicorn-56210.exe
2636	Unicorn-14814.exe
3036	Unicorn-61877.exe
2764	Unicorn-61877.exe
1020	Unicorn-22983.exe
2772	Unicorn-3117.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exeUnicorn-58631.exeUnicorn-12206.exeUnicorn-61490.exeUnicorn-23795.exeUnicorn-55673.exeUnicorn-43976.exeUnicorn-63841.exe

description	pid	process	target process
PID 2928 wrote to memory of 1316	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-58631.exe
PID 2928 wrote to memory of 1316	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-58631.exe
PID 2928 wrote to memory of 1316	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-58631.exe
PID 2928 wrote to memory of 1316	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-58631.exe
PID 1316 wrote to memory of 3068	1316	Unicorn-58631.exe	Unicorn-1345.exe
PID 1316 wrote to memory of 3068	1316	Unicorn-58631.exe	Unicorn-1345.exe
PID 1316 wrote to memory of 3068	1316	Unicorn-58631.exe	Unicorn-1345.exe
PID 1316 wrote to memory of 3068	1316	Unicorn-58631.exe	Unicorn-1345.exe
PID 2928 wrote to memory of 1272	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-12206.exe
PID 2928 wrote to memory of 1272	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-12206.exe
PID 2928 wrote to memory of 1272	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-12206.exe
PID 2928 wrote to memory of 1272	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	Unicorn-12206.exe
PID 2928 wrote to memory of 2792	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	WerFault.exe
PID 2928 wrote to memory of 2792	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	WerFault.exe
PID 2928 wrote to memory of 2792	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	WerFault.exe
PID 2928 wrote to memory of 2792	2928	84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe	WerFault.exe
PID 1316 wrote to memory of 2640	1316	Unicorn-58631.exe	Unicorn-61490.exe
PID 1316 wrote to memory of 2640	1316	Unicorn-58631.exe	Unicorn-61490.exe
PID 1316 wrote to memory of 2640	1316	Unicorn-58631.exe	Unicorn-61490.exe
PID 1316 wrote to memory of 2640	1316	Unicorn-58631.exe	Unicorn-61490.exe
PID 1272 wrote to memory of 2540	1272	Unicorn-12206.exe	Unicorn-23795.exe
PID 1272 wrote to memory of 2540	1272	Unicorn-12206.exe	Unicorn-23795.exe
PID 1272 wrote to memory of 2540	1272	Unicorn-12206.exe	Unicorn-23795.exe
PID 1272 wrote to memory of 2540	1272	Unicorn-12206.exe	Unicorn-23795.exe
PID 1316 wrote to memory of 2620	1316	Unicorn-58631.exe	WerFault.exe
PID 1316 wrote to memory of 2620	1316	Unicorn-58631.exe	WerFault.exe
PID 1316 wrote to memory of 2620	1316	Unicorn-58631.exe	WerFault.exe
PID 1316 wrote to memory of 2620	1316	Unicorn-58631.exe	WerFault.exe
PID 2640 wrote to memory of 2628	2640	Unicorn-61490.exe	Unicorn-55673.exe
PID 2640 wrote to memory of 2628	2640	Unicorn-61490.exe	Unicorn-55673.exe
PID 2640 wrote to memory of 2628	2640	Unicorn-61490.exe	Unicorn-55673.exe
PID 2640 wrote to memory of 2628	2640	Unicorn-61490.exe	Unicorn-55673.exe
PID 1272 wrote to memory of 1964	1272	Unicorn-12206.exe	Unicorn-43976.exe
PID 1272 wrote to memory of 1964	1272	Unicorn-12206.exe	Unicorn-43976.exe
PID 1272 wrote to memory of 1964	1272	Unicorn-12206.exe	Unicorn-43976.exe
PID 1272 wrote to memory of 1964	1272	Unicorn-12206.exe	Unicorn-43976.exe
PID 2540 wrote to memory of 3032	2540	Unicorn-23795.exe	Unicorn-63841.exe
PID 2540 wrote to memory of 3032	2540	Unicorn-23795.exe	Unicorn-63841.exe
PID 2540 wrote to memory of 3032	2540	Unicorn-23795.exe	Unicorn-63841.exe
PID 2540 wrote to memory of 3032	2540	Unicorn-23795.exe	Unicorn-63841.exe
PID 1272 wrote to memory of 2840	1272	Unicorn-12206.exe	WerFault.exe
PID 1272 wrote to memory of 2840	1272	Unicorn-12206.exe	WerFault.exe
PID 1272 wrote to memory of 2840	1272	Unicorn-12206.exe	WerFault.exe
PID 1272 wrote to memory of 2840	1272	Unicorn-12206.exe	WerFault.exe
PID 2628 wrote to memory of 1820	2628	Unicorn-55673.exe	Unicorn-29114.exe
PID 2628 wrote to memory of 1820	2628	Unicorn-55673.exe	Unicorn-29114.exe
PID 2628 wrote to memory of 1820	2628	Unicorn-55673.exe	Unicorn-29114.exe
PID 2628 wrote to memory of 1820	2628	Unicorn-55673.exe	Unicorn-29114.exe
PID 2640 wrote to memory of 1616	2640	Unicorn-61490.exe	Unicorn-39974.exe
PID 2640 wrote to memory of 1616	2640	Unicorn-61490.exe	Unicorn-39974.exe
PID 2640 wrote to memory of 1616	2640	Unicorn-61490.exe	Unicorn-39974.exe
PID 2640 wrote to memory of 1616	2640	Unicorn-61490.exe	Unicorn-39974.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-43976.exe	Unicorn-63924.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-43976.exe	Unicorn-63924.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-43976.exe	Unicorn-63924.exe
PID 1964 wrote to memory of 2404	1964	Unicorn-43976.exe	Unicorn-63924.exe
PID 3032 wrote to memory of 896	3032	Unicorn-63841.exe	Unicorn-10831.exe
PID 3032 wrote to memory of 896	3032	Unicorn-63841.exe	Unicorn-10831.exe
PID 3032 wrote to memory of 896	3032	Unicorn-63841.exe	Unicorn-10831.exe
PID 3032 wrote to memory of 896	3032	Unicorn-63841.exe	Unicorn-10831.exe
PID 2540 wrote to memory of 1052	2540	Unicorn-23795.exe	Unicorn-56503.exe
PID 2540 wrote to memory of 1052	2540	Unicorn-23795.exe	Unicorn-56503.exe
PID 2540 wrote to memory of 1052	2540	Unicorn-23795.exe	Unicorn-56503.exe
PID 2540 wrote to memory of 1052	2540	Unicorn-23795.exe	Unicorn-56503.exe

C:\Users\Admin\AppData\Local\Temp\84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe
"C:\Users\Admin\AppData\Local\Temp\84893847c626585ef8dbdcbb70f9caaa651651f263df7210f21b7b6b4afbf5f0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
3⤵
- Executes dropped EXE
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56031.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63273.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-6563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6563.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64892.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
10⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29034.exe
11⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4285.exe
12⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13875.exe
13⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
14⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-93.exe
15⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
14⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
13⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
12⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
11⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48063.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32682.exe
11⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21660.exe
12⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
13⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52143.exe
14⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
14⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 220
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
11⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
10⤵
- Program crash
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49194.exe
9⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47700.exe
10⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8644.exe
11⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
12⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3663.exe
13⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
13⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
12⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 216
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
9⤵
- Program crash
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32303.exe
9⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41478.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61545.exe
11⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56709.exe
12⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32060.exe
13⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53796.exe
14⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
12⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
11⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49402.exe
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
11⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21048.exe
12⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11072 -s 180
13⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
11⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 220
9⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
8⤵
- Program crash
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9853.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:236

C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36579.exe
9⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-253.exe
10⤵
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 240
11⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
10⤵
- Program crash
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8696.exe
10⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60907.exe
11⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64083.exe
12⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47602.exe
13⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 236
13⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
12⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 240
9⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47440.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20949.exe
10⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
11⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23134.exe
12⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
13⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
13⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 236
12⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20133.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8597.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41374.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63605.exe
9⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29610.exe
10⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
11⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62137.exe
12⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34390.exe
13⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe
14⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
12⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
11⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26080.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15245.exe
11⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-31738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31738.exe
12⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30353.exe
13⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
11⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe
8⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9.exe
10⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48110.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
12⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61271.exe
13⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
13⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 220
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
9⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
- Program crash
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56210.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44555.exe
8⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10699.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40565.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
12⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35322.exe
13⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 236
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 236
11⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19666.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12536.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55531.exe
10⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
11⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 216
11⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
9⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
7⤵
- Program crash
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
6⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31012.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10647.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48748.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9936.exe
9⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49646.exe
10⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
11⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27306.exe
12⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
13⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3819.exe
14⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
14⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
13⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
12⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
11⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
10⤵
- Program crash
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38140.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16813.exe
10⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30451.exe
11⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56372.exe
12⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64486.exe
13⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
12⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55608.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35012.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9599.exe
11⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
12⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
12⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
9⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
8⤵
- Program crash
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22468.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
8⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31120.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36050.exe
11⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
12⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47457.exe
13⤵
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
12⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48639.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44934.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
10⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
11⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64971.exe
12⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 220
11⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
10⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
9⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
8⤵
- Program crash
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
7⤵
- Program crash
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21508.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42334.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24135.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31966.exe
11⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50020.exe
12⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35397.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
11⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61462.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
10⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43414.exe
11⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 216
12⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
11⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
10⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
7⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56091.exe
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14498.exe
10⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65116.exe
11⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
10⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
8⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 220
7⤵
- Program crash
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
6⤵
- Program crash
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
5⤵
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60115.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55105.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51104.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
9⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52998.exe
10⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14534.exe
11⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
12⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
13⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
14⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8228 -s 216
14⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
12⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
11⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16912.exe
12⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6076.exe
13⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
13⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
9⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10450.exe
10⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
11⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-55723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55723.exe
12⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
13⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
12⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
11⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
10⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
9⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41217.exe
8⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4337.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8888.exe
10⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26450.exe
12⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35734.exe
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
12⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
11⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
10⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4851.exe
11⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58759.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
11⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
9⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
8⤵
- Program crash
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61083.exe
8⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
10⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
11⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59506.exe
12⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 236
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
12⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
10⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1275.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
10⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
11⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32911.exe
12⤵
PID:11744

C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27504.exe
13⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
11⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 220
9⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41840.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29309.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22013.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22366.exe
11⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-923.exe
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
8⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27154.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34358.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
8⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60035.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
11⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61260.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58100.exe
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
13⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
12⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
10⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30055.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4275.exe
11⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19097.exe
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7030.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17955.exe
11⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3139.exe
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 216
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 236
11⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
8⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
7⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37010.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37477.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57176.exe
11⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49932.exe
12⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3413.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36211.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
10⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
11⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
8⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
7⤵
- Program crash
PID:552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
6⤵
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47492.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6215.exe
7⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41286.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64254.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
11⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 236
12⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
10⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
8⤵
- Program crash
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
7⤵
- Program crash
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48042.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7881.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53398.exe
9⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
10⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
11⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
10⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
8⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
7⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
9⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
10⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
11⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 236
11⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 220
10⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
9⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
8⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
6⤵
- Program crash
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
5⤵
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19083.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35069.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14814.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
10⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
11⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26652.exe
12⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43834.exe
13⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23570.exe
14⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
15⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
14⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 220
13⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
12⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
11⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-46501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46501.exe
10⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-59516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59516.exe
11⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-13683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13683.exe
12⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38837.exe
13⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57571.exe
14⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
13⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
12⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
9⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37595.exe
11⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57285.exe
12⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54426.exe
13⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51274.exe
14⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
13⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
11⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
10⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
9⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3117.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26465.exe
9⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45754.exe
10⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50196.exe
11⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
12⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
13⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
14⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
14⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
13⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
12⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
11⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29972.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26844.exe
10⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
11⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16855.exe
12⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
13⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 220
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 220
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
8⤵
- Program crash
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54373.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
9⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23580.exe
10⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53486.exe
11⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
12⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45443.exe
13⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
14⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 220
13⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
12⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
11⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24134.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14399.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16206.exe
11⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 236
13⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
11⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33241.exe
8⤵
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 188
9⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
8⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
7⤵
- Program crash
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45930.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31151.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
9⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
10⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39288.exe
11⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5515.exe
12⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
14⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
13⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
12⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
11⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
10⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3714.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe
10⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10969.exe
11⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36616.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
13⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 236
13⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
12⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
9⤵
- Program crash
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
8⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
11⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57716.exe
12⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 216
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
8⤵
- Program crash
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58348.exe
7⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
8⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10974.exe
10⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
11⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34473.exe
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
11⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3138.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9547.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
10⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
11⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58173.exe
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10908 -s 236
12⤵
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 220
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
8⤵
- Program crash
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
7⤵
- Program crash
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43237.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12676.exe
8⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16351.exe
9⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe
10⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62360.exe
11⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14965.exe
12⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
13⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 240
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
12⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
11⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59900.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19953.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32169.exe
12⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
13⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
11⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62022.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10559.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56610.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16808.exe
11⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25577.exe
12⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 236
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
11⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
9⤵
- Program crash
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
8⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
7⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7990.exe
8⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25334.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
10⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2801.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
12⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13933.exe
13⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 216
13⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14861.exe
10⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39330.exe
11⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13824.exe
12⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
12⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 220
11⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
10⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35235.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
8⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52168.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28022.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19138.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4327.exe
12⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51759.exe
13⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
13⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
12⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
10⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-55624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55624.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
10⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5972.exe
11⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
12⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 220
8⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
7⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
6⤵
- Program crash
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
5⤵
- Program crash
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61877.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57191.exe
9⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23004.exe
10⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11301.exe
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27066.exe
12⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17239.exe
13⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37234.exe
14⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 220
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
12⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
11⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15390.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25692.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28868.exe
11⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
12⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44660.exe
13⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 216
13⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
12⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
11⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
9⤵
- Program crash
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27019.exe
8⤵
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33502.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55894.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
12⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29201.exe
13⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 216
13⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
12⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
11⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1156 -s 236
9⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 220
8⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50180.exe
7⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22381.exe
8⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28790.exe
10⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48878.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20747.exe
12⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53186.exe
13⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32302.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15962.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6885.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-32724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32724.exe
11⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
12⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 236
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
8⤵
- Program crash
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
7⤵
- Program crash
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
6⤵
- Program crash
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41845.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59848.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22983.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20435.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15770.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52194.exe
11⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47882.exe
12⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25802.exe
13⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 236
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 220
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
10⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
9⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
7⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43424.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4752.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
10⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45163.exe
11⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
8⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
7⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15369.exe
6⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
7⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10621.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
8⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-22236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22236.exe
9⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37467.exe
10⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62122.exe
11⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 220
10⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
9⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
8⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
7⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
6⤵
- Program crash
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
5⤵
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29943.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-258.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27730.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43403.exe
6⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
9⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33305.exe
10⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19860.exe
11⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
11⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 236
10⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
7⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45494.exe
6⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25526.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17545.exe
8⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-55806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55806.exe
9⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
10⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 220
10⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
9⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
8⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
7⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
5⤵
- Program crash
PID:408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
4⤵
- Program crash
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
2⤵
- Program crash
PID:2792

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10831.exe

Filesize
184KB

MD5
155463af1c48b117799de9e48e68444f

SHA1
d8e719182eee2064c2fc4e9b42c0f896afeaab61

SHA256
f2d5cac056896ae2b933ab8107de7583c6f9d3493536b46fa9e4016fb75348f8

SHA512
1014b633f49c5e10b0faaa5a47eb83adae265abda032f66e47f6ce719bc918e9d10dd3ad9b1acb23c00122d29e1c105c5f66bfdfed30f7941eea4b080c9afecb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-12206.exe

Filesize
184KB

MD5
364c49da099b44ebc09d5818e28c8e77

SHA1
0dbbf0af09e9b9044c275689e636992e92849101

SHA256
c32aa14b7c34d52d21e6df78e90ba5a7928edf575159d4e5b914a1f603e1db65

SHA512
7e0efea2f15e512258cd123f740fe6919f410475d918e20707e5fa9fa58daa6d97010cf49aa3ec05fd5f29d645d46ba9f5ed50e92f730223bcfc758dc43a7c30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe

Filesize
184KB

MD5
8a634019f504b234a678abed042096b4

SHA1
5c2039522d21fb543836846a9c0b4e5169f6fabc

SHA256
aee83b4d818f3e55d5e6a96f3d25d37c1dac9000f794333a6b028f6380ac5ce3

SHA512
0f3c77a267dab5310c183105cdcf5434f3aff7ca923bbed5250ae5bb6d7fd2bceffb58e92d907e4341e6605148fb5f58cd0fdedf83d58bd17e808f8bccbf0cf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe

Filesize
184KB

MD5
ca897f2c304cf5c6bca2c64c596f69af

SHA1
91189ead0c6bc3078005f81b2bcde3262d52579b

SHA256
3a5d7cd114121f46c17de0bfd2369af65c830ab25bffda0aee933ca4d9113b2d

SHA512
58ceb79d2fc3902896358ead38b27f5819ff4603c1d49d2b60d3d78e5e2e45b9af74186803ba4bc4dbbeebdf515443ddfeb119f8a16aa027f0a36085286d2132

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe

Filesize
184KB

MD5
e6d4b498d2c6d56797c261ee29d4d2f3

SHA1
b693698cfda6189827327f748bd113fe4d7ede61

SHA256
2669a3f505179eb6b8e8b2a0967701ce1f0a4daae06ece59fcc7fa7e8d8800b3

SHA512
bdc3b08f66346186ac8911452ff169411563e98c62b1c459a89af9b4b2bdd8c0bbb7a92bd30b9ac2633a5ff844c77ac7ab2ffbc956584417c514b8a17883a84b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37460.exe

Filesize
184KB

MD5
1529a68f1181caf637ead55e60cfb2f4

SHA1
4c4d511917d3e2b6b46487b0ff1f333d62ea94c9

SHA256
038900b82ba49b0601c163defa3315c71b681252adb388f84331059bd9ee84dc

SHA512
6a6732203c7940e7d2714de01fe2adf608c7ff7ccf28ed571ce9227d5029de2a83f00bbd079bad41b857c6dea8f528ed3fc53c2da6426fe953aaf48e42957a96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39655.exe

Filesize
184KB

MD5
fd7ed934d34c712009f46de158bb39e1

SHA1
c8a3b159eca874704fbc4163d6e5d8c9adf37c74

SHA256
83cb5ba6080d0c82f148b78ebfc92be1768505ae47918e2cf628cab93240bd08

SHA512
2f3c55b6e1a4bf6db4e6b3818390dd93508bac6f279942d288502b21d11f84e72de68ab4c0c89f7f5a82cba6a1426e13c534faad506e80ab4344312f7eebb5e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39974.exe

Filesize
184KB

MD5
82bca2f09ff09375b41a124328c1f05a

SHA1
f7838e74e1137c472b719e94233acd8b77d40711

SHA256
f19708cb1db6da74a03a2c3b122b31e505796bd144475e3f39610c4233c41778

SHA512
f1d8ed94aaa8bc5160be19df1bfbd452728b9acae8b0b1111a62a951da72ff405d6ad41cc20fbf972457ee9335f17d90c8f76c06993ffb1958fbb1f5cc0c73bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39977.exe

Filesize
184KB

MD5
a0b24532f880a7f3cf57b4bae73454c8

SHA1
10e5337e05fcb18f559a547322542371c6b4a2ee

SHA256
40539b79bda9763b10b1a8f15241f32714ca02e667d22d02ad10e5b23b3b002c

SHA512
1d66f547b3dbf75a8d6923feb1c57a26ac6bd9832ee7ae2e91ba6708ab6129f8836b2895ea93c9481b3fad88c931d14abb4d1e3a5130902b7700ed00b156a0bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe

Filesize
184KB

MD5
413e2314a831575605e0b7da47182523

SHA1
2b4e70f89e313cf6ebb0bcf12df2d03a385a7728

SHA256
15a1fd71c38f3c8ce7d9f5fac00926882643ebdecd0baff95a8a3506477e0fea

SHA512
dbd765faa20e7c5036610ca219afb35bce1967207d002ae1e2468921881f4d4a590c33d3f3352f32059bdf6e8ee673c0daa63defb11fcdeb3e0409bf746924c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe

Filesize
184KB

MD5
30d368a82c66eea09f8623a6c011c378

SHA1
78e2fc20a8c3125eb3920844d942f3030323eb1e

SHA256
e01a8f56a869de7a0d6f5783fbbf5f035c11d1343973f82f89747cf9d50da26d

SHA512
986d32bc0f9bad35c7e974a6880f8e67bed19a6427ff5c8746cc6e342ec2db641980d70e5687e1b2835f5599b9bf7f74d722fe7b54bcf389c3fa558fe50763a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41234.exe

Filesize
184KB

MD5
4d25b6f9c03a8e82a8c04ad48aed33a2

SHA1
b9e90e51bb8addc1b50f4ff3adb68dfe15912eb4

SHA256
2db3a9fa3a14edc41fd82849d43c097e4191dc53dca69c1c34f5b26663944488

SHA512
bc3449c64d7609ab2d795d0585b4ad092f3859b5c6390eaa83f34000538c62818cd3d01e70ec29467b8fe13a721a88875ca8f6b1418055d91ba2fa296e43500e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43976.exe

Filesize
184KB

MD5
b5f74edf6ca1ebfbf571fa03bedc665c

SHA1
5ed040de006962c3be85c0b13de3c972199953df

SHA256
d50bed9500328ee8d5289cb6f61dc77febfec1d85ef681961173361e03f6095d

SHA512
787612e293e4b5f257a502f8dc9c1a63c9c6ac5027ad9e620815e263120473b1155f8c4bdd5173b3c173dd61de75896ebb0bb95065934628a448060ffec2a25c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe

Filesize
184KB

MD5
3b3b3765ab969964d9e659a79df5d216

SHA1
0711013244291cca1e18d67bf5339bada59cfa37

SHA256
a7ff4d612ce35a11ff09d6eae050ba22a551e41487f20eeabac459cf8842d072

SHA512
8686693722f42e2c18369c7d3ee5a114fb42e35d99f03d73c251a55cd232bff01ee0b0f6d3eb675ff964bcb94a65f9ded6e289dba996f3d7ce147c3d5f8a4eef

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe

Filesize
184KB

MD5
21c4013a96f65ae3e365e9610154c9a8

SHA1
78bcf290db125e4e9a992912b0c2ffceb44ed1c0

SHA256
66ea39d77128f4f4c53535e87ff55f0f56371a05f06c8b3202d1f0be4697febb

SHA512
aec42d888481795749fd0ccd5bea1ce6008c4b7cbdc38ba6cb4f7f3f054352155d9b5da36c8a34aa21f1410b493f53c2c2b4a893e58d9afd214bd326e05c9ce0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59324.exe

Filesize
184KB

MD5
6114354b70399cb9f1dd4de22da962a9

SHA1
eead3190c95077494d0757a8017634325b6062c9

SHA256
3b2b3d66b14ab30f24681acd4cdbd7145c97ab40b5819614215410ce72820216

SHA512
b963e9335ceced511edc742da2c4de136077c7dc8b48b6ac93ad192e65a2a4e633d8b1ff7e00821dbdcec1a75612fea3949ed10f490ae4076ff4dd33017ac7fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe

Filesize
184KB

MD5
57b615262a99d88067d13c1ff50985eb

SHA1
2477a651a438d20e109d5181e87cc5c6e8615c47

SHA256
af654e0ebcd3a5628369a1f32af5267826b46577c3ae7d0bb36f4869cd1ceb09

SHA512
4e928b25b7ad941b93865edd1ed80ef1ffe531df33987500654a5d9b7f60fc0a5c5d0b5362639d0ddfd215cf691ea8f8722bcb96e04788f9fc2642b250d6534d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63924.exe

Filesize
184KB

MD5
c37004bec87ffdf3f2fdfbdc1a07022d

SHA1
203b72b6eeac425199b5cf70f1b75b8a7d453bab

SHA256
014d0904bc5179c3e44224e7374eed90d1467361c18706f1005ae0311fe46fa3

SHA512
936229e1a029a8713ef20a0a34eaf0658fff4a2b9fe5e040d2aa4e26ce35c03699acb9ab59c89168c15d5b13e8c4149c873e7a0345363026c10c0f703f9e627d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6563.exe

Filesize
184KB

MD5
03a3d74157df5907e4403e94ef6f166c

SHA1
2473a7b8ef41f2483925102b5b69c015b71349c1

SHA256
4a756a9a406fb1aa991e50fa623c86c90dea5c07176d0c854e0f38d454e9e4c7

SHA512
66ed21991711075bba60cf8d9d53c4c48fdf0dc8bf1d09514ec97940b5c5fa185fee75583d8d33dfac04e242c297ea08ec1a324ee611a7973a64442afbf5c438

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe

Filesize
184KB

MD5
84fb54ea4906c261617cef69037a3b1c

SHA1
b136024760d8eb4b55b8183c2da95435f3d050ad

SHA256
e31e7cfcf0386b437634460cf892e57054ea2d6ebb218f39ff8db601c4149499

SHA512
76e4d6412e7bd0cb6b0ce7ed4de0c97948870c0f6d9d175e9ea4dcb38b01887a136f421dfe0497ce198f5bc67e7120d8157d81d751973a7c29f927856201c162

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe

Filesize
184KB

MD5
cc2e269ef2d9f62f1175860012d5fc1a

SHA1
1dbd5bf5ef324f213808782a7342cc3f316ae84c

SHA256
9ccfd78d7fe9dee36406d753ad15b18f13fb4b4d4c8522f599f32bca2d735641

SHA512
52c7cd01a72a7a9498f8044a8a8067e9952e19e3c8d6cbd383c555997be41b6d083c895e40b4b90e280b01551993302eb3a3730eee1d3d1e3e7a54980613654c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55673.exe

Filesize
184KB

MD5
eba8d65c1fbd8b388584037fd0f5808a

SHA1
7d4de4b14ce619e6c55e30ee7bd5917355b5d03c

SHA256
84a3985649d60d091a00f28ce52b3be19c00cf08e8d033ce23476d53e0c83f62

SHA512
4a041257f91a62c3f9974c527fe81e2774d00ad9d6d6f997cd1f271d2e9be9998dac71d5694a5d6ddf2922a4c33a0a3c0465b10a73f84f99cb74cdaa63c574ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe

Filesize
184KB

MD5
f3376e91bcdf618c4d18ddd91e0cd0a8

SHA1
5a999321b3005681491ad562870b0ac03ea31ea1

SHA256
42e910667a7e460a8cdd4eed8414aa33c0668c8181f21055d8788cbea69cd916

SHA512
c60165013ad06a65d9649c78ccc6624a5e96a5736b3041830d8090ed9288dd3ad76c986dcfb58c468927cc2629b4fa67aa681d1dfdbbde2a99e1c3e939fa0015

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe

Filesize
184KB

MD5
f9c3cf4a1ddf2277e3bd32c72bbd0098

SHA1
6708a0eb75e4966a8145f1a24cf8b40fcd6419df

SHA256
bd6b99745896e5de61da5ccedfe520b5be8b1de4084a6964b41dd7da828c9965

SHA512
167247ccc3bb80891fd59df5cff0da361b9341d981e3477d42b81dd797564e533fca8fd4fef99d6387e0c2ff16db3855a39d2ec48c0610bb381335cf79c9eacb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63841.exe

Filesize
184KB

MD5
794ae50b88c406c1d088cbaf332a75e4

SHA1
436a30835e2385b1e3555b1b40462107dfb5a835

SHA256
43b8d906410841e3c41eded383012128de0391b66f8d611b661c473d2b41b11e

SHA512
cf8b9830503021d600d7fa57f5f8769561a6a3825346f85dc42394e1addd5c6f8f298acdc1406cc28fcbea7a1bf01fcfac860615c7d1feebec21e348bdb94f5e

Download Submit