397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
Size

184KB
MD5

785f1a9a03ad14bf874948e791cd886a
SHA1

35ba462d0a8fbd32c90ae5d7342cbdabd6a7cd4c
SHA256

397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57
SHA512

2086c2cd1f1bb7e56a4ae65c337f728a0d3c76dd6b0571eb8a2d7b849f7c0c1c3cca86d8070cc2d11340b6c849806c9868a8999f3e71118c966e80fe30b2725b
SSDEEP

3072:aEe3e8ofPRhTdFate8pLRtpIhlnViFan3:aE4ozJFarLbpIhlnViFa

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-3000.exeUnicorn-47131.exeUnicorn-64022.exeUnicorn-43094.exeUnicorn-27312.exeUnicorn-41785.exeUnicorn-45123.exeUnicorn-14396.exeUnicorn-29341.exeUnicorn-42191.exeUnicorn-25855.exeUnicorn-10073.exeUnicorn-3296.exeUnicorn-55766.exeUnicorn-7380.exeUnicorn-7463.exeUnicorn-22408.exeUnicorn-56664.exeUnicorn-43596.exeUnicorn-10177.exeUnicorn-16400.exeUnicorn-31344.exeUnicorn-55294.exeUnicorn-35428.exeUnicorn-36327.exeUnicorn-5600.exeUnicorn-51272.exeUnicorn-62154.exeUnicorn-16483.exeUnicorn-55377.exeUnicorn-15091.exeUnicorn-34957.exeUnicorn-8314.exeUnicorn-29289.exeUnicorn-57323.exeUnicorn-26597.exeUnicorn-26597.exeUnicorn-8869.exeUnicorn-17599.exeUnicorn-9985.exeUnicorn-35881.exeUnicorn-50826.exeUnicorn-44049.exeUnicorn-13322.exeUnicorn-48133.exeUnicorn-65216.exeUnicorn-58439.exeUnicorn-58439.exeUnicorn-42657.exeUnicorn-11931.exeUnicorn-31797.exeUnicorn-17961.exeUnicorn-41911.exeUnicorn-41911.exeUnicorn-11184.exeUnicorn-15268.exeUnicorn-60940.exeUnicorn-60940.exeUnicorn-60940.exeUnicorn-9513.exeUnicorn-24458.exeUnicorn-23712.exeUnicorn-1153.exeUnicorn-61215.exe

pid	process
2100	Unicorn-3000.exe
2600	Unicorn-47131.exe
2716	Unicorn-64022.exe
2836	Unicorn-43094.exe
2592	Unicorn-27312.exe
1596	Unicorn-41785.exe
2708	Unicorn-45123.exe
2756	Unicorn-14396.exe
1704	Unicorn-29341.exe
836	Unicorn-42191.exe
840	Unicorn-25855.exe
3016	Unicorn-10073.exe
2180	Unicorn-3296.exe
1884	Unicorn-55766.exe
1728	Unicorn-7380.exe
2816	Unicorn-7463.exe
272	Unicorn-22408.exe
292	Unicorn-56664.exe
3024	Unicorn-43596.exe
308	Unicorn-10177.exe
2712	Unicorn-16400.exe
1484	Unicorn-31344.exe
284	Unicorn-55294.exe
1540	Unicorn-35428.exe
2248	Unicorn-36327.exe
2136	Unicorn-5600.exe
1924	Unicorn-51272.exe
2908	Unicorn-62154.exe
1496	Unicorn-16483.exe
1968	Unicorn-55377.exe
300	Unicorn-15091.exe
1220	Unicorn-34957.exe
2740	Unicorn-8314.exe
3028	Unicorn-29289.exe
2492	Unicorn-57323.exe
2468	Unicorn-26597.exe
2376	Unicorn-26597.exe
2472	Unicorn-8869.exe
1780	Unicorn-17599.exe
1452	Unicorn-9985.exe
616	Unicorn-35881.exe
1172	Unicorn-50826.exe
1236	Unicorn-44049.exe
2848	Unicorn-13322.exe
2152	Unicorn-48133.exe
1880	Unicorn-65216.exe
532	Unicorn-58439.exe
2768	Unicorn-58439.exe
804	Unicorn-42657.exe
1720	Unicorn-11931.exe
1432	Unicorn-31797.exe
2172	Unicorn-17961.exe
2888	Unicorn-41911.exe
2188	Unicorn-41911.exe
1892	Unicorn-11184.exe
752	Unicorn-15268.exe
792	Unicorn-60940.exe
1820	Unicorn-60940.exe
2324	Unicorn-60940.exe
2748	Unicorn-9513.exe
2780	Unicorn-24458.exe
2440	Unicorn-23712.exe
884	Unicorn-1153.exe
1768	Unicorn-61215.exe

Loads dropped DLL 64 IoCs

Processes:

397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exeUnicorn-3000.exeUnicorn-47131.exeWerFault.exeUnicorn-64022.exeUnicorn-27312.exeUnicorn-43094.exeWerFault.exeWerFault.exeUnicorn-41785.exeUnicorn-45123.exeUnicorn-29341.exeUnicorn-14396.exeWerFault.exeWerFault.exeUnicorn-42191.exeUnicorn-25855.exeUnicorn-10073.exe

pid	process
1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
2100	Unicorn-3000.exe
2100	Unicorn-3000.exe
1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
2600	Unicorn-47131.exe
2100	Unicorn-3000.exe
2600	Unicorn-47131.exe
2100	Unicorn-3000.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
3000	WerFault.exe
2716	Unicorn-64022.exe
2716	Unicorn-64022.exe
2592	Unicorn-27312.exe
2592	Unicorn-27312.exe
2836	Unicorn-43094.exe
2836	Unicorn-43094.exe
2600	Unicorn-47131.exe
2600	Unicorn-47131.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1436	WerFault.exe
1176	WerFault.exe
1436	WerFault.exe
1436	WerFault.exe
1436	WerFault.exe
1176	WerFault.exe
1436	WerFault.exe
1596	Unicorn-41785.exe
1596	Unicorn-41785.exe
2708	Unicorn-45123.exe
2708	Unicorn-45123.exe
2592	Unicorn-27312.exe
2592	Unicorn-27312.exe
1704	Unicorn-29341.exe
1704	Unicorn-29341.exe
2836	Unicorn-43094.exe
2756	Unicorn-14396.exe
2836	Unicorn-43094.exe
2756	Unicorn-14396.exe
488	WerFault.exe
488	WerFault.exe
488	WerFault.exe
488	WerFault.exe
488	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
1404	WerFault.exe
836	Unicorn-42191.exe
836	Unicorn-42191.exe
1596	Unicorn-41785.exe
1596	Unicorn-41785.exe
840	Unicorn-25855.exe
840	Unicorn-25855.exe
2708	Unicorn-45123.exe
2708	Unicorn-45123.exe
3016	Unicorn-10073.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2788	1732	WerFault.exe	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
3000	2100	WerFault.exe	Unicorn-3000.exe
1436	2716	WerFault.exe	Unicorn-64022.exe
1176	2600	WerFault.exe	Unicorn-47131.exe
488	2592	WerFault.exe	Unicorn-27312.exe
1404	2836	WerFault.exe	Unicorn-43094.exe
1984	1596	WerFault.exe	Unicorn-41785.exe
3020	2708	WerFault.exe	Unicorn-45123.exe
1552	1704	WerFault.exe	Unicorn-29341.exe
880	2756	WerFault.exe	Unicorn-14396.exe
1356	836	WerFault.exe	Unicorn-42191.exe
2692	840	WerFault.exe	Unicorn-25855.exe
2764	3016	WerFault.exe	Unicorn-10073.exe
2820	1884	WerFault.exe	Unicorn-55766.exe
2812	1728	WerFault.exe	Unicorn-7380.exe
1776	2180	WerFault.exe	Unicorn-3296.exe
596	2816	WerFault.exe	Unicorn-7463.exe
1608	272	WerFault.exe	Unicorn-22408.exe
2088	292	WerFault.exe	Unicorn-56664.exe
1532	3024	WerFault.exe	Unicorn-43596.exe
3008	308	WerFault.exe	Unicorn-10177.exe
1636	2712	WerFault.exe	Unicorn-16400.exe
2596	1540	WerFault.exe	Unicorn-35428.exe
2648	284	WerFault.exe	Unicorn-55294.exe
2660	1484	WerFault.exe	Unicorn-31344.exe
1208	2248	WerFault.exe	Unicorn-36327.exe
988	2136	WerFault.exe	Unicorn-5600.exe
2496	1924	WerFault.exe	Unicorn-51272.exe
2628	300	WerFault.exe	Unicorn-15091.exe
884	1496	WerFault.exe	Unicorn-16483.exe
2804	1220	WerFault.exe	Unicorn-34957.exe
1096	2740	WerFault.exe	Unicorn-8314.exe
2348	2908	WerFault.exe	Unicorn-62154.exe
1280	3028	WerFault.exe	Unicorn-29289.exe
1692	1968	WerFault.exe	Unicorn-55377.exe
1944	2492	WerFault.exe	Unicorn-57323.exe
1656	2468	WerFault.exe	Unicorn-26597.exe
2068	2376	WerFault.exe	Unicorn-26597.exe
2060	2472	WerFault.exe	Unicorn-8869.exe
3904	1780	WerFault.exe	Unicorn-17599.exe
3980	1452	WerFault.exe	Unicorn-9985.exe
4092	616	WerFault.exe	Unicorn-35881.exe
3340	1172	WerFault.exe	Unicorn-50826.exe
3376	2152	WerFault.exe	Unicorn-48133.exe
3392	1236	WerFault.exe	Unicorn-44049.exe
3424	2324	WerFault.exe	Unicorn-60940.exe
3452	1720	WerFault.exe	Unicorn-11931.exe
3468	752	WerFault.exe	Unicorn-15268.exe
3244	1892	WerFault.exe	Unicorn-11184.exe
3632	684	WerFault.exe	Unicorn-33093.exe
3164	2172	WerFault.exe	Unicorn-17961.exe
3160	804	WerFault.exe	Unicorn-42657.exe
3168	2768	WerFault.exe	Unicorn-58439.exe
3264	1432	WerFault.exe	Unicorn-31797.exe
3460	1820	WerFault.exe	Unicorn-60940.exe
3640	2024	WerFault.exe	Unicorn-44708.exe
3604	2948	WerFault.exe	Unicorn-18066.exe
3972	2888	WerFault.exe	Unicorn-41911.exe
3924	2824	WerFault.exe	Unicorn-62990.exe
4016	2644	WerFault.exe	Unicorn-48600.exe
3108	2304	WerFault.exe	Unicorn-39040.exe
3088	2448	WerFault.exe	Unicorn-1537.exe
3528	532	WerFault.exe	Unicorn-58439.exe
4100	792	WerFault.exe	Unicorn-60940.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exeUnicorn-3000.exeUnicorn-47131.exeUnicorn-64022.exeUnicorn-43094.exeUnicorn-27312.exeUnicorn-41785.exeUnicorn-45123.exeUnicorn-14396.exeUnicorn-29341.exeUnicorn-42191.exeUnicorn-25855.exeUnicorn-10073.exeUnicorn-3296.exeUnicorn-55766.exeUnicorn-7380.exeUnicorn-7463.exeUnicorn-22408.exeUnicorn-56664.exeUnicorn-43596.exeUnicorn-10177.exeUnicorn-16400.exeUnicorn-31344.exeUnicorn-55294.exeUnicorn-35428.exeUnicorn-36327.exeUnicorn-51272.exeUnicorn-5600.exeUnicorn-62154.exeUnicorn-16483.exeUnicorn-55377.exeUnicorn-15091.exeUnicorn-34957.exeUnicorn-8314.exeUnicorn-29289.exeUnicorn-26597.exeUnicorn-57323.exeUnicorn-26597.exeUnicorn-8869.exeUnicorn-17599.exeUnicorn-9985.exeUnicorn-35881.exeUnicorn-50826.exeUnicorn-44049.exeUnicorn-13322.exeUnicorn-48133.exeUnicorn-65216.exeUnicorn-58439.exeUnicorn-58439.exeUnicorn-42657.exeUnicorn-11931.exeUnicorn-31797.exeUnicorn-17961.exeUnicorn-41911.exeUnicorn-41911.exeUnicorn-11184.exeUnicorn-15268.exeUnicorn-60940.exeUnicorn-60940.exeUnicorn-60940.exeUnicorn-9513.exeUnicorn-24458.exeUnicorn-23712.exeUnicorn-61215.exe

pid	process
1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
2100	Unicorn-3000.exe
2600	Unicorn-47131.exe
2716	Unicorn-64022.exe
2836	Unicorn-43094.exe
2592	Unicorn-27312.exe
1596	Unicorn-41785.exe
2708	Unicorn-45123.exe
2756	Unicorn-14396.exe
1704	Unicorn-29341.exe
836	Unicorn-42191.exe
840	Unicorn-25855.exe
3016	Unicorn-10073.exe
2180	Unicorn-3296.exe
1884	Unicorn-55766.exe
1728	Unicorn-7380.exe
2816	Unicorn-7463.exe
272	Unicorn-22408.exe
292	Unicorn-56664.exe
3024	Unicorn-43596.exe
308	Unicorn-10177.exe
2712	Unicorn-16400.exe
1484	Unicorn-31344.exe
284	Unicorn-55294.exe
1540	Unicorn-35428.exe
2248	Unicorn-36327.exe
1924	Unicorn-51272.exe
2136	Unicorn-5600.exe
2908	Unicorn-62154.exe
1496	Unicorn-16483.exe
1968	Unicorn-55377.exe
300	Unicorn-15091.exe
1220	Unicorn-34957.exe
2740	Unicorn-8314.exe
3028	Unicorn-29289.exe
2468	Unicorn-26597.exe
2492	Unicorn-57323.exe
2376	Unicorn-26597.exe
2472	Unicorn-8869.exe
1780	Unicorn-17599.exe
1452	Unicorn-9985.exe
616	Unicorn-35881.exe
1172	Unicorn-50826.exe
1236	Unicorn-44049.exe
2848	Unicorn-13322.exe
2152	Unicorn-48133.exe
1880	Unicorn-65216.exe
2768	Unicorn-58439.exe
532	Unicorn-58439.exe
804	Unicorn-42657.exe
1720	Unicorn-11931.exe
1432	Unicorn-31797.exe
2172	Unicorn-17961.exe
2888	Unicorn-41911.exe
2188	Unicorn-41911.exe
1892	Unicorn-11184.exe
752	Unicorn-15268.exe
792	Unicorn-60940.exe
1820	Unicorn-60940.exe
2324	Unicorn-60940.exe
2748	Unicorn-9513.exe
2780	Unicorn-24458.exe
2440	Unicorn-23712.exe
1768	Unicorn-61215.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exeUnicorn-3000.exeUnicorn-47131.exeUnicorn-64022.exeUnicorn-27312.exeUnicorn-43094.exeUnicorn-41785.exeUnicorn-45123.exe

description	pid	process	target process
PID 1732 wrote to memory of 2100	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-3000.exe
PID 1732 wrote to memory of 2100	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-3000.exe
PID 1732 wrote to memory of 2100	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-3000.exe
PID 1732 wrote to memory of 2100	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-3000.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-3000.exe	Unicorn-47131.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-3000.exe	Unicorn-47131.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-3000.exe	Unicorn-47131.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-3000.exe	Unicorn-47131.exe
PID 1732 wrote to memory of 2716	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-64022.exe
PID 1732 wrote to memory of 2716	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-64022.exe
PID 1732 wrote to memory of 2716	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-64022.exe
PID 1732 wrote to memory of 2716	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	Unicorn-64022.exe
PID 1732 wrote to memory of 2788	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	WerFault.exe
PID 1732 wrote to memory of 2788	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	WerFault.exe
PID 1732 wrote to memory of 2788	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	WerFault.exe
PID 1732 wrote to memory of 2788	1732	397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe	WerFault.exe
PID 2600 wrote to memory of 2836	2600	Unicorn-47131.exe	Unicorn-43094.exe
PID 2600 wrote to memory of 2836	2600	Unicorn-47131.exe	Unicorn-43094.exe
PID 2600 wrote to memory of 2836	2600	Unicorn-47131.exe	Unicorn-43094.exe
PID 2600 wrote to memory of 2836	2600	Unicorn-47131.exe	Unicorn-43094.exe
PID 2100 wrote to memory of 2592	2100	Unicorn-3000.exe	Unicorn-27312.exe
PID 2100 wrote to memory of 2592	2100	Unicorn-3000.exe	Unicorn-27312.exe
PID 2100 wrote to memory of 2592	2100	Unicorn-3000.exe	Unicorn-27312.exe
PID 2100 wrote to memory of 2592	2100	Unicorn-3000.exe	Unicorn-27312.exe
PID 2100 wrote to memory of 3000	2100	Unicorn-3000.exe	WerFault.exe
PID 2100 wrote to memory of 3000	2100	Unicorn-3000.exe	WerFault.exe
PID 2100 wrote to memory of 3000	2100	Unicorn-3000.exe	WerFault.exe
PID 2100 wrote to memory of 3000	2100	Unicorn-3000.exe	WerFault.exe
PID 2716 wrote to memory of 1596	2716	Unicorn-64022.exe	Unicorn-41785.exe
PID 2716 wrote to memory of 1596	2716	Unicorn-64022.exe	Unicorn-41785.exe
PID 2716 wrote to memory of 1596	2716	Unicorn-64022.exe	Unicorn-41785.exe
PID 2716 wrote to memory of 1596	2716	Unicorn-64022.exe	Unicorn-41785.exe
PID 2592 wrote to memory of 2708	2592	Unicorn-27312.exe	Unicorn-45123.exe
PID 2592 wrote to memory of 2708	2592	Unicorn-27312.exe	Unicorn-45123.exe
PID 2592 wrote to memory of 2708	2592	Unicorn-27312.exe	Unicorn-45123.exe
PID 2592 wrote to memory of 2708	2592	Unicorn-27312.exe	Unicorn-45123.exe
PID 2836 wrote to memory of 2756	2836	Unicorn-43094.exe	Unicorn-14396.exe
PID 2836 wrote to memory of 2756	2836	Unicorn-43094.exe	Unicorn-14396.exe
PID 2836 wrote to memory of 2756	2836	Unicorn-43094.exe	Unicorn-14396.exe
PID 2836 wrote to memory of 2756	2836	Unicorn-43094.exe	Unicorn-14396.exe
PID 2600 wrote to memory of 1704	2600	Unicorn-47131.exe	Unicorn-29341.exe
PID 2600 wrote to memory of 1704	2600	Unicorn-47131.exe	Unicorn-29341.exe
PID 2600 wrote to memory of 1704	2600	Unicorn-47131.exe	Unicorn-29341.exe
PID 2600 wrote to memory of 1704	2600	Unicorn-47131.exe	Unicorn-29341.exe
PID 2600 wrote to memory of 1176	2600	Unicorn-47131.exe	WerFault.exe
PID 2600 wrote to memory of 1176	2600	Unicorn-47131.exe	WerFault.exe
PID 2600 wrote to memory of 1176	2600	Unicorn-47131.exe	WerFault.exe
PID 2600 wrote to memory of 1176	2600	Unicorn-47131.exe	WerFault.exe
PID 2716 wrote to memory of 1436	2716	Unicorn-64022.exe	WerFault.exe
PID 2716 wrote to memory of 1436	2716	Unicorn-64022.exe	WerFault.exe
PID 2716 wrote to memory of 1436	2716	Unicorn-64022.exe	WerFault.exe
PID 2716 wrote to memory of 1436	2716	Unicorn-64022.exe	WerFault.exe
PID 1596 wrote to memory of 836	1596	Unicorn-41785.exe	Unicorn-42191.exe
PID 1596 wrote to memory of 836	1596	Unicorn-41785.exe	Unicorn-42191.exe
PID 1596 wrote to memory of 836	1596	Unicorn-41785.exe	Unicorn-42191.exe
PID 1596 wrote to memory of 836	1596	Unicorn-41785.exe	Unicorn-42191.exe
PID 2708 wrote to memory of 840	2708	Unicorn-45123.exe	Unicorn-25855.exe
PID 2708 wrote to memory of 840	2708	Unicorn-45123.exe	Unicorn-25855.exe
PID 2708 wrote to memory of 840	2708	Unicorn-45123.exe	Unicorn-25855.exe
PID 2708 wrote to memory of 840	2708	Unicorn-45123.exe	Unicorn-25855.exe
PID 2592 wrote to memory of 3016	2592	Unicorn-27312.exe	Unicorn-10073.exe
PID 2592 wrote to memory of 3016	2592	Unicorn-27312.exe	Unicorn-10073.exe
PID 2592 wrote to memory of 3016	2592	Unicorn-27312.exe	Unicorn-10073.exe
PID 2592 wrote to memory of 3016	2592	Unicorn-27312.exe	Unicorn-10073.exe

C:\Users\Admin\AppData\Local\Temp\397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe
"C:\Users\Admin\AppData\Local\Temp\397b8df93578ad78a39f76319605e93f188bb91b6d9a318fa1ad4a33642fdd57.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47131.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7380.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8314.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
10⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19746.exe
11⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27176.exe
12⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
13⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
14⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
15⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
15⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
14⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
13⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
12⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
11⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
10⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
11⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7606.exe
12⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35479.exe
13⤵
PID:8784

C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe
14⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
15⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8784 -s 236
14⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
13⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
12⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
11⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
10⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45071.exe
9⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53919.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-41544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41544.exe
11⤵
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34161.exe
12⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
13⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34857.exe
14⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
14⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 236
13⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 216
12⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
10⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
9⤵
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42657.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50738.exe
9⤵
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25749.exe
11⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
12⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64607.exe
13⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
14⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46694.exe
15⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
14⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
13⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
12⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
11⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18206.exe
10⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38333.exe
11⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
12⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-632.exe
13⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20628.exe
14⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
12⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
9⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
8⤵
- Program crash
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31797.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20588.exe
9⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25139.exe
10⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44799.exe
11⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
12⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53844.exe
13⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32148.exe
14⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 236
14⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 220
13⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
12⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60992.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55437.exe
11⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18374.exe
12⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-35106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35106.exe
13⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8375.exe
14⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
13⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
12⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
11⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
10⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
9⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39616.exe
8⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43421.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18014.exe
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12266.exe
11⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34073.exe
12⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34914.exe
13⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
14⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
13⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
11⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
10⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
9⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 220
8⤵
- Program crash
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
7⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31344.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
9⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
10⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
11⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64674.exe
12⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61291.exe
13⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61940.exe
14⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 236
14⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
13⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
12⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
11⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64884.exe
10⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
11⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
12⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15214.exe
13⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24904.exe
14⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
10⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
9⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4806.exe
8⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58003.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59238.exe
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21613.exe
11⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55816.exe
12⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49065.exe
13⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59465.exe
14⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 236
13⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
12⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
11⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
10⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 236
9⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
8⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-62990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62990.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-40523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40523.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39293.exe
11⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12920.exe
12⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
13⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
14⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
13⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
11⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
9⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-613.exe
8⤵
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
8⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
7⤵
- Program crash
PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
6⤵
- Program crash
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55766.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
6⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26597.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60852.exe
9⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32731.exe
10⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42085.exe
11⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
12⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31888.exe
13⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31167.exe
14⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50202.exe
15⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
14⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
13⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
12⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
11⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
10⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19663.exe
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11742.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
11⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
12⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43850.exe
13⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
13⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
12⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
10⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14344.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23830.exe
9⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
10⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46496.exe
11⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65318.exe
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 220
13⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 236
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 236
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
9⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 220
8⤵
- Program crash
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
8⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57100.exe
10⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38904.exe
12⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
13⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30493.exe
14⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 236
13⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
12⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
11⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
10⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
9⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4697.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39677.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
11⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
8⤵
- Program crash
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 220
7⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8869.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15268.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
8⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21473.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10704.exe
11⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7814.exe
12⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63263.exe
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
13⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
12⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
10⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 216
9⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35423.exe
8⤵
PID:3384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
8⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
7⤵
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
6⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35428.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57323.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41911.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15928.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16971.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44415.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
11⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
12⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
13⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
12⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
10⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15579.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50829.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57383.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15406.exe
11⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32776.exe
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 236
12⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
8⤵
- Program crash
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe
7⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28655.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
10⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6143.exe
11⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64161.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
11⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
9⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
8⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60940.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48600.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3815.exe
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36387.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
11⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4908.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58754.exe
13⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 236
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
10⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
7⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13929.exe
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24711.exe
9⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
10⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
11⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52916.exe
12⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
11⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
7⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
5⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56664.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48133.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44708.exe
9⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
10⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1210.exe
11⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-725.exe
12⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
13⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
14⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37187.exe
15⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
15⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
14⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
13⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
12⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
10⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
9⤵
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
10⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
9⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
8⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28839.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23468.exe
10⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
11⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40056.exe
12⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20861.exe
13⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39429.exe
14⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
12⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
11⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46581.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54254.exe
11⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43419.exe
12⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39128.exe
13⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
12⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
9⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
8⤵
- Program crash
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65216.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46654.exe
8⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18917.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41208.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25173.exe
12⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8032.exe
13⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
13⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
12⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
10⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35999.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61327.exe
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38956.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
11⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 240
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 220
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
7⤵
- Program crash
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
7⤵
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58605.exe
8⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29991.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18209.exe
11⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17296.exe
12⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
12⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-888.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60850.exe
11⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
12⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 236
12⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 236
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
8⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
7⤵
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
6⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43596.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55377.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30488.exe
7⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
8⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64316.exe
10⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
12⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21811.exe
13⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
13⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
11⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-55956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55956.exe
9⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
11⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20851.exe
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
11⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
8⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
7⤵
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18066.exe
7⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37124.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
11⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28090.exe
12⤵
PID:11928

C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61276.exe
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 220
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 236
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
8⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62066.exe
7⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44848.exe
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52723.exe
9⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53953.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20716.exe
11⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59029.exe
12⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
10⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 236
9⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
8⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 220
7⤵
- Program crash
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
6⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
5⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34957.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58439.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34210.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23193.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15198.exe
11⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40954.exe
12⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60570.exe
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 236
13⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
12⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52336.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22049.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55629.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36657.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
12⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27644.exe
13⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
10⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
7⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10180.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24758.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8089.exe
11⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54732.exe
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 216
8⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
7⤵
- Program crash
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11931.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7759.exe
7⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33307.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-25414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25414.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34057.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63299.exe
11⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26891.exe
12⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34250.exe
13⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
10⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
9⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54749.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
10⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18915.exe
11⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34420.exe
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
8⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23555.exe
7⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56140.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5468.exe
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3984.exe
10⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33113.exe
11⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41842.exe
12⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
10⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
7⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
6⤵
- Program crash
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15091.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-13322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13322.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40432.exe
7⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26273.exe
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
11⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31551.exe
12⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45132.exe
13⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
12⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
11⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56420.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-42661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42661.exe
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
10⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14057.exe
11⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 236
11⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 236
10⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
9⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
8⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
7⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24650.exe
6⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35445.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11965.exe
9⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38624.exe
10⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
11⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
11⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
10⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
9⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
8⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
6⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
5⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36327.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17599.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59674.exe
9⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17739.exe
10⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
11⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40767.exe
12⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
13⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56237.exe
14⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
14⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
11⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
10⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37098.exe
10⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48743.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27218.exe
12⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 200
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 236
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 236
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
10⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
9⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26487.exe
8⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6340.exe
11⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46268.exe
12⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37571.exe
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11072 -s 216
13⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
12⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
9⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
8⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24458.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50437.exe
8⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7432.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26984.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65271.exe
11⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54052.exe
12⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16678.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22293.exe
10⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
11⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25127.exe
12⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10896 -s 216
12⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
7⤵
- Program crash
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9985.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23712.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56659.exe
8⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56633.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9085.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
11⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
12⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
13⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
13⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10125.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3818.exe
10⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15157.exe
11⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19481.exe
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 216
12⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
10⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23472.exe
7⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46327.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37290.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8094.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
11⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16959.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 216
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
11⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 236
8⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
7⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
6⤵
- Program crash
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51272.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44049.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49430.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4801.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15115.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61571.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
8⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
7⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39040.exe
6⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44983.exe
7⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39947.exe
8⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55245.exe
9⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe
10⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43227.exe
11⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12485.exe
12⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
10⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
9⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
8⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
7⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
6⤵
- Program crash
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
5⤵
- Program crash
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22408.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35881.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1153.exe
7⤵
- Executes dropped EXE
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
7⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11516.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34929.exe
10⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15349.exe
11⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36009.exe
12⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 216
12⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
11⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
8⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
7⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13488.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-20754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20754.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11986.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
12⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 216
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
11⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
10⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24323.exe
7⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39236.exe
8⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60995.exe
9⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41608.exe
10⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-814.exe
11⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 220
11⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
10⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
9⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
8⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
6⤵
- Program crash
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50826.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
6⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9980.exe
7⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5932.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14020.exe
9⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4368.exe
10⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
11⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
12⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
11⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
10⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 220
8⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4780.exe
7⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
8⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63216.exe
9⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22122.exe
10⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
10⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
9⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
8⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
7⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24925.exe
6⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24646.exe
7⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54010.exe
8⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53403.exe
9⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38484.exe
10⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
11⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 216
11⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
10⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
9⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
8⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
7⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
6⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
5⤵
- Program crash
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
4⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
2⤵
- Program crash
PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36247.exe

Filesize
184KB

MD5
f743206cccc9ab46fad39190eec20947

SHA1
75327108dd8c150f397cbaef4ba73233ea27305a

SHA256
e5ce5283196cc2232e0c46039a5d3798889dcb1630b99caae3e6cc39c020d0e1

SHA512
7a7f9cabc6ef7b0b628d14620a32bb1c1bcceabec629e8afc81baa80c2bfca51f78c6f2ef18b8e9a85c7b89e25f0d3bfe1badc377c0ae37f39214898f75a0d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36813.exe

Filesize
184KB

MD5
845ed97813394c6114a063667635b0d3

SHA1
e8b772af7a87bd24208e586a6b6e1cb581436c8d

SHA256
65fd6db723ec6db488e737d66ff2e5e02a85c2bcad9506b02f53af8ff0847f8a

SHA512
3008dd725ee1ff91365c563ea4f952e2f41fa36ea28dd4800d88a919c34dc90495743007f678a5b3c82c5a52b8d6b2b7d3a335fe76dc65dc9665b2825ab87b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36875.exe

Filesize
184KB

MD5
60890353b142acce18e6f1db70cbd8c9

SHA1
782c012a5c236cbb7f4ff9ba82aba7f405fe6ec3

SHA256
ecd380866b7adadf5aa2bac55faea513be07b7ccacfd564fb30698787ba37bcd

SHA512
9c2e0ad52106c5c824b1229e106f2cf3ab7e9afa16a69896f869d4c3e08dac46a060a77b561187d7a33107a9caaade96fd2178bcb134e5e76d1f56801a1295f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe

Filesize
184KB

MD5
239ed45f0953f2c248c37adbb302f8cd

SHA1
6a360572f2882d94d9a2eaa027c0e95910af0c5d

SHA256
57ab777cce747ba5c2ec5bd7a784e929edf65dff1a6f886fac46ec4029d3fd00

SHA512
ac8dbf5ee0f3a6f0236121779b535032a5ddf4131937fb67317b65b6484a88e48514616347246ce6bc70790eb336f580e7b5ea4ac908bba3aa3909778e5d6177

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40986.exe

Filesize
184KB

MD5
9d9c2e0c86572a9dcce0c8709dc50e59

SHA1
02b0929d20de73c814cd3c3fabd537ac6b79127b

SHA256
d9a68e555b84e060b3b0359e7de8bc38370436c0fbbc851842d20a4f66804f28

SHA512
a576cacc43005f8e7c0a18316ce509c77966556db006fc80f57dc9b87896f71fd6072b4ebfef43e3f8ce2882c90a52fb7cf438637509d82805e62c4273c6bebe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe

Filesize
184KB

MD5
a3e010505ec194865a59edbf695388cc

SHA1
1affde35bae930ea3d910972ced157dcd307b7e7

SHA256
42cf5d08b3f181562c55de302f9f1498a450c1410c72c28ac3673f3ede9dd1c6

SHA512
1a730828367a0bed797ea00ead0436a946d09698f37d4757ce7544cf03d54f03a2ebd9185fd27428d4db636cc0c2d2d6324ba4e5b66f95ca6d565b9f1e294949

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5600.exe

Filesize
184KB

MD5
2ec38b3ebd9902c2b0ea2d5e3732c478

SHA1
ec4cbf8de359d59d5f8afb4fbd4dd094f4fc706e

SHA256
8a4d0060a4bf3c2907accd68c6a43a6fa4d23672b534dcbd3c32151680324959

SHA512
1e22a18f8a5b2b12bc0307bec9a189983f826b3a3f29538ac0ef8b887db657480e347920f5b30cbdec48b0f8b0ce25ce46b0c95e9f2097a34a3b00034e80c79d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6088.exe

Filesize
184KB

MD5
ed4ef5e5af4ed327e7194102c3fd10ba

SHA1
6c9364943391b13ff19b8b6fc3f4ea95d17ad0fd

SHA256
a7fae7bef0b8cb94b80e6b69fdf44f821879b9800c2db8d2b4570671d437f2b7

SHA512
f30b3a3b9a6b9eb3dcddbfd51b80efa9af84930fb378f4086adaad7e6f83c734a33d547c7896ba5b942bc5b3df8c7828a430835307be7943e798982635c0c26e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63875.exe

Filesize
184KB

MD5
216e96e6c5e17102136f3ca47eb4ca16

SHA1
73c92adbb2fe3c8380927a3793389c4d2d39c5b8

SHA256
13a62772e6ae1ec3a78d6097e82fd1f7a9e3f4076ec3f5e96f1748646cb93bf7

SHA512
9ad857d8ad166f0c4ecf0bc4b470fe6edcd8239421543584e49ca41f9f560a508fec415115f9d1ce06af11c50d3cc27b6a36b3e3ef8023cf19ba283ca19dac4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe

Filesize
184KB

MD5
f91257bb239414cb29810f0815cd48e6

SHA1
9ea2a93c47d48634534681654dcb85155382ab9b

SHA256
5bc4cf4ab71b59960670cbb6cfbbb91c74e4e3eac4a244a0927342cddd643ab8

SHA512
a51013fa97b0c356b4bcd61c62e094ba01d1145323d837e9a240182b67c507eed41066040413a1ed354e1eac2659b421244877a26bafeefd312559ccac33cc47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe

Filesize
184KB

MD5
4628dc7032c78fcde624056337f3be4d

SHA1
fe9ecf16fa30174695e03c63e47cbb4413c5bc5f

SHA256
1c706c86c85a59493ba3c541c66d876cf836851b5c297aed0290e4c436363812

SHA512
c97440d0b635faee3208b27c13576d8b23ae332634268db9052dbf001678448a46946cd517d221863352b6e1a38072357c3daccd214a2ee95333f44f4f45b09a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe

Filesize
184KB

MD5
b6eb0dd2788601e05420414336dad65c

SHA1
190d1b576b59e5fa941bfd2d6b19c9f00c4fe3c5

SHA256
0155a03d08e59b7ac52a5233a9f7e537fdf54e43eafc9de85439f3756c545f70

SHA512
96215e543dfc8bbc969d743e913cc372d7e38b154add6c453d0b2a4f1bcfd51c9eb96feaa69a6e95b5b8a1804174e5eec34e721f3be4e9639bd2e1cff59d5a71

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25855.exe

Filesize
184KB

MD5
c32ee97c7c92cfc506ca52c35eafd8bd

SHA1
27523878ec95f8601a4ff3579b6edd7da4a0c9d8

SHA256
6cfac052552452ba407dd4f8a8cfa154dc041de402176c28e8907cb32ee634f6

SHA512
98de741df5c0dcb3b2c96768307e9d09985c1a17b224817a5721279ff3494221bb58e1bee9d83ded66719f13a28220dccab7b6639132f42df5d77cd420137c55

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe

Filesize
184KB

MD5
1f755b3cbf38418c95a4d150d86a4412

SHA1
2a299427c8b8645dec6c88f6de1dc54fd30b54fd

SHA256
709d5c36acb14d5f5f27dae496bfa56d2670ef5af2c588a0d3381a6ff1b0a93a

SHA512
59f1c0051f869dd242dde564668bae8df5dffa1c84c4c73338307955e80b5a80af88781c7b94aa8e9cc9ac8171687821ff3433eda84ae0597520caee24bbfab9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29341.exe

Filesize
184KB

MD5
0788e3c47c1d5547e72cfc5e93cdccb5

SHA1
a45673ba1cf2b4b1461fdd7685775cd690f2129f

SHA256
81d04e616e2b42b59ba9ee2f96fc14d9dd975084e5148f02a40cd8117f387540

SHA512
9b04323499acc1c2647e71867717b3bed00492420b93144ff5003286c93c5125e4302fff46bf7ab25859c684c09306a39436e2d8631e10aa7d9e1b0592464ec7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe

Filesize
184KB

MD5
c14de4725ab76cbd830e00fe88934907

SHA1
a220daed69ef26c18f8fc5ca82b7a10197419354

SHA256
0f7c133a92de3b5b84e1aacba8746368549cecd13c8ee327163f2b7df24df6ea

SHA512
d269529031c03a7ca67d1071051a9d70e5fcee010e75a31399b3c036835afc0a202444d29b6579a41aa0a5363309dd1dfdca7abd187c142faca52798b81ac247

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe

Filesize
184KB

MD5
065562b7ccf388361ec035cf3343f431

SHA1
52a55f054914b40d5d39a56c3ad8c1bccf702f5f

SHA256
30620d562d85bc1515565893e92bac049ed840f32d7de53c83dbad8975a8eb36

SHA512
30a5c91ea8147ed52897f66730e86ec5fcf34b0030ed0e31360c375b683141fad1065d888767ea602a5fb90ac13948632638c4c432060c060f7ded894357cb38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41785.exe

Filesize
184KB

MD5
3ed3fe2b5534469f7b2f2cd9fd7e508c

SHA1
43ef3e17abcc0333cff5b826fd85417a3cec0e17

SHA256
6d62a473f9a7bbaf09822654d1e9d1ddcadc9c8d96293f445c93e5b980a31263

SHA512
b7df1849f23d027bbb916c03e05bab0f88cfdfe3c11826b47ed7e1dd50f904116eaffb5f25e4c085544b214b7af4948fad35e3de4bdb4fe3cd5a93b96e5aa1a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42191.exe

Filesize
184KB

MD5
d6b121b8434f63d5749ec66a9048f708

SHA1
3a8743b2d122a43b3e8651c809d9cc8e0eef529a

SHA256
7eff4eefb4eeb11ac3a89098d8cd822252675ee2e2ded155685e1deb004dc83e

SHA512
aa481a607e380bcf52d53da36a995eabf3bf605083742ddbdd93136793fb109bc87a4c4b52d1ba6a81665202caa7557164a6e2e2636073fbbfc4d3c050801dbd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45123.exe

Filesize
184KB

MD5
89c884868f89ef26255111a2efa73049

SHA1
4b664b4baf4192b5f944f7d79b72bf161206191f

SHA256
935d59b1ea1a96a57cf3bdbdc65346541ece056e4b585fd7b9ea7755ab855efd

SHA512
bd7a4026265a38f026898d88d6b95ce10a3f2932b87bcb33be16e097c4542dcc93574cb2d84208c2419e80ed4da5bdb8788c6b536cef79ec53f01db7f11f0606

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47131.exe

Filesize
184KB

MD5
c332cf282eaa986ba030baa5044b8558

SHA1
df44b7471789755685a87da9922f5fa0423f009a

SHA256
3ebbb79dfe45d946793a811f25a736683a3733ae0a54383b0442c55f579fa8df

SHA512
fe39667130f5489c50467543eff4f7ec6b5fd1db2c578806ca4b02e50648b13e4360364bd8d3a36a5f6c346079879c33d06acefd0c00fbe5991cdd5cb8a26b8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64022.exe

Filesize
184KB

MD5
534f1253dbcafae91583aedd587377a9

SHA1
3410be9cec0bd3f05a62c5ebb5e182c51a0600f7

SHA256
f89c76922d291546b2fdab4699bb989fd5c7f09775de0c60d9e02e9c1b61cff4

SHA512
d99e3d7aa8e6c838ee5fd834bd5b47ce827472caaf6fe614c90695f385b6314cce682e88b9296b60fb3a5e0b38bf9fb2166be9dab7e8b8882c748b2c9b8d767d

Download Submit