9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe
Size

184KB
MD5

4d4590dc198e1c485fcbfbb7b90a2603
SHA1

4f37da692dbbd1445ca104059bce656d1f2deb2d
SHA256

9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355
SHA512

2c4e978e549135664886b4b6caf3737d3adce3d75cab70ff0d00e33bb672f025c932a6097e14f734ada08b6b7b0dd6cc5510028cebfb10ec2db3c65706ee9e58
SSDEEP

3072:XmP4tQou7qymGFWWU089sEghlnViFOn3:XmFotlGFj8iEghlnViFO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-38201.exeUnicorn-63098.exeUnicorn-43232.exeUnicorn-27713.exeUnicorn-62715.exeUnicorn-61215.exeUnicorn-31676.exeUnicorn-64166.exeUnicorn-49989.exeUnicorn-36284.exeUnicorn-64358.exeUnicorn-15686.exeUnicorn-15686.exeUnicorn-13801.exeUnicorn-60029.exeUnicorn-58721.exeUnicorn-60605.exeUnicorn-10553.exeUnicorn-21606.exeUnicorn-39274.exeUnicorn-59140.exeUnicorn-57832.exeUnicorn-40583.exeUnicorn-10624.exeUnicorn-7780.exeUnicorn-31294.exeUnicorn-49851.exeUnicorn-60904.exeUnicorn-47007.exeUnicorn-32254.exeUnicorn-1335.exeUnicorn-39153.exeUnicorn-25797.exeUnicorn-24488.exeUnicorn-44354.exeUnicorn-30597.exeUnicorn-30405.exeUnicorn-59247.exeUnicorn-15932.exeUnicorn-26216.exeUnicorn-21381.exeUnicorn-1515.exeUnicorn-8443.exeUnicorn-23929.exeUnicorn-52387.exeUnicorn-36901.exeUnicorn-36866.exeUnicorn-36866.exeUnicorn-3871.exeUnicorn-57868.exeUnicorn-32518.exeUnicorn-22342.exeUnicorn-4744.exeUnicorn-55076.exeUnicorn-20457.exeUnicorn-20457.exeUnicorn-7292.exeUnicorn-40550.exeUnicorn-58880.exeUnicorn-25117.exeUnicorn-10364.exeUnicorn-4534.exeUnicorn-34144.exeUnicorn-23092.exe

pid	process
2124	Unicorn-38201.exe
2080	Unicorn-63098.exe
2652	Unicorn-43232.exe
2848	Unicorn-27713.exe
2612	Unicorn-62715.exe
2188	Unicorn-61215.exe
2668	Unicorn-31676.exe
2484	Unicorn-64166.exe
2924	Unicorn-49989.exe
2016	Unicorn-36284.exe
2392	Unicorn-64358.exe
1056	Unicorn-15686.exe
108	Unicorn-15686.exe
1752	Unicorn-13801.exe
2256	Unicorn-60029.exe
852	Unicorn-58721.exe
2676	Unicorn-60605.exe
2108	Unicorn-10553.exe
792	Unicorn-21606.exe
448	Unicorn-39274.exe
2180	Unicorn-59140.exe
1764	Unicorn-57832.exe
952	Unicorn-40583.exe
2896	Unicorn-10624.exe
904	Unicorn-7780.exe
2336	Unicorn-31294.exe
1800	Unicorn-49851.exe
2576	Unicorn-60904.exe
2908	Unicorn-47007.exe
1728	Unicorn-32254.exe
1632	Unicorn-1335.exe
1836	Unicorn-39153.exe
2736	Unicorn-25797.exe
3024	Unicorn-24488.exe
2504	Unicorn-44354.exe
2784	Unicorn-30597.exe
2760	Unicorn-30405.exe
2508	Unicorn-59247.exe
2200	Unicorn-15932.exe
1220	Unicorn-26216.exe
2956	Unicorn-21381.exe
2804	Unicorn-1515.exe
1964	Unicorn-8443.exe
1320	Unicorn-23929.exe
2560	Unicorn-52387.exe
1976	Unicorn-36901.exe
2160	Unicorn-36866.exe
2424	Unicorn-36866.exe
1648	Unicorn-3871.exe
2264	Unicorn-57868.exe
916	Unicorn-32518.exe
1960	Unicorn-22342.exe
760	Unicorn-4744.exe
848	Unicorn-55076.exe
2900	Unicorn-20457.exe
2104	Unicorn-20457.exe
3060	Unicorn-7292.exe
1632	Unicorn-40550.exe
1580	Unicorn-58880.exe
2384	Unicorn-25117.exe
2140	Unicorn-10364.exe
2684	Unicorn-4534.exe
2740	Unicorn-34144.exe
2520	Unicorn-23092.exe

Loads dropped DLL 64 IoCs

Processes:

9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exeUnicorn-38201.exeUnicorn-43232.exeUnicorn-63098.exeWerFault.exeUnicorn-27713.exeUnicorn-62715.exeUnicorn-61215.exeWerFault.exeWerFault.exeUnicorn-64166.exeUnicorn-31676.exeUnicorn-36284.exeUnicorn-64358.exeUnicorn-49989.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe
3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe
2124	Unicorn-38201.exe
2124	Unicorn-38201.exe
3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe
3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe
2652	Unicorn-43232.exe
2652	Unicorn-43232.exe
2080	Unicorn-63098.exe
2080	Unicorn-63098.exe
2124	Unicorn-38201.exe
2124	Unicorn-38201.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2548	WerFault.exe
2848	Unicorn-27713.exe
2848	Unicorn-27713.exe
2652	Unicorn-43232.exe
2652	Unicorn-43232.exe
2612	Unicorn-62715.exe
2612	Unicorn-62715.exe
2188	Unicorn-61215.exe
2188	Unicorn-61215.exe
2080	Unicorn-63098.exe
2080	Unicorn-63098.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1176	WerFault.exe
1768	WerFault.exe
1768	WerFault.exe
1768	WerFault.exe
1768	WerFault.exe
1176	WerFault.exe
1768	WerFault.exe
2484	Unicorn-64166.exe
2668	Unicorn-31676.exe
2668	Unicorn-31676.exe
2484	Unicorn-64166.exe
2848	Unicorn-27713.exe
2848	Unicorn-27713.exe
2016	Unicorn-36284.exe
2016	Unicorn-36284.exe
2188	Unicorn-61215.exe
2188	Unicorn-61215.exe
2392	Unicorn-64358.exe
2392	Unicorn-64358.exe
2924	Unicorn-49989.exe
2924	Unicorn-49989.exe
2612	Unicorn-62715.exe
2612	Unicorn-62715.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
580	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
2452	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2548	2124	WerFault.exe	Unicorn-38201.exe
1176	2652	WerFault.exe	Unicorn-43232.exe
1768	2080	WerFault.exe	Unicorn-63098.exe
580	2848	WerFault.exe	Unicorn-27713.exe
1252	2612	WerFault.exe	Unicorn-62715.exe
2452	2188	WerFault.exe	Unicorn-61215.exe
1316	2668	WerFault.exe	Unicorn-31676.exe
1680	2484	WerFault.exe	Unicorn-64166.exe
3044	2016	WerFault.exe	Unicorn-36284.exe
2340	2392	WerFault.exe	Unicorn-64358.exe
2712	2924	WerFault.exe	Unicorn-49989.exe
2268	108	WerFault.exe	Unicorn-15686.exe
1900	1056	WerFault.exe	Unicorn-15686.exe
2864	1752	WerFault.exe	Unicorn-13801.exe
636	2256	WerFault.exe	Unicorn-60029.exe
1108	852	WerFault.exe	Unicorn-58721.exe
988	2676	WerFault.exe	Unicorn-60605.exe
1380	2108	WerFault.exe	Unicorn-10553.exe
1640	792	WerFault.exe	Unicorn-21606.exe
1616	2180	WerFault.exe	Unicorn-59140.exe
352	448	WerFault.exe	Unicorn-39274.exe
2372	1764	WerFault.exe	Unicorn-57832.exe
1392	952	WerFault.exe	Unicorn-40583.exe
2104	2896	WerFault.exe	Unicorn-10624.exe
3000	904	WerFault.exe	Unicorn-7780.exe
2624	1800	WerFault.exe	Unicorn-49851.exe
1576	2908	WerFault.exe	Unicorn-47007.exe
2744	2336	WerFault.exe	Unicorn-31294.exe
2544	1728	WerFault.exe	Unicorn-32254.exe
1796	2576	WerFault.exe	Unicorn-60904.exe
2976	1836	WerFault.exe	Unicorn-39153.exe
1004	2504	WerFault.exe	Unicorn-44354.exe
2608	2784	WerFault.exe	Unicorn-30597.exe
548	2760	WerFault.exe	Unicorn-30405.exe
3128	1220	WerFault.exe	Unicorn-26216.exe
3136	2956	WerFault.exe	Unicorn-21381.exe
3164	1964	WerFault.exe	Unicorn-8443.exe
3196	1648	WerFault.exe	Unicorn-3871.exe
3212	2508	WerFault.exe	Unicorn-59247.exe
3256	1320	WerFault.exe	Unicorn-23929.exe
3264	2736	WerFault.exe	Unicorn-25797.exe
3304	3024	WerFault.exe	Unicorn-24488.exe
3360	2200	WerFault.exe	Unicorn-15932.exe
3384	2160	WerFault.exe	Unicorn-36866.exe
3416	2804	WerFault.exe	Unicorn-1515.exe
3424	2424	WerFault.exe	Unicorn-36866.exe
3496	2560	WerFault.exe	Unicorn-52387.exe
3516	1976	WerFault.exe	Unicorn-36901.exe
3476	848	WerFault.exe	Unicorn-55076.exe
3504	3060	WerFault.exe	Unicorn-7292.exe
4052	316	WerFault.exe	Unicorn-26164.exe
3104	2300	WerFault.exe	Unicorn-25588.exe
3144	1744	WerFault.exe	Unicorn-26164.exe
3548	2684	WerFault.exe	Unicorn-4534.exe
3644	1676	WerFault.exe	Unicorn-20980.exe
3684	1236	WerFault.exe	Unicorn-2998.exe
3824	2520	WerFault.exe	Unicorn-23092.exe
3984	2740	WerFault.exe	Unicorn-34144.exe
3080	2412	WerFault.exe	Unicorn-3958.exe
4048	2264	WerFault.exe	Unicorn-57868.exe
3972	2296	WerFault.exe	Unicorn-61587.exe
3156	2836	WerFault.exe	Unicorn-27824.exe
3244	1292	WerFault.exe	Unicorn-25588.exe
4160	2584	WerFault.exe	Unicorn-22743.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exeUnicorn-38201.exeUnicorn-43232.exeUnicorn-63098.exeUnicorn-27713.exeUnicorn-62715.exeUnicorn-61215.exeUnicorn-31676.exeUnicorn-64166.exeUnicorn-36284.exeUnicorn-64358.exeUnicorn-49989.exeUnicorn-15686.exeUnicorn-15686.exeUnicorn-13801.exeUnicorn-60029.exeUnicorn-58721.exeUnicorn-10553.exeUnicorn-60605.exeUnicorn-21606.exeUnicorn-39274.exeUnicorn-59140.exeUnicorn-57832.exeUnicorn-40583.exeUnicorn-10624.exeUnicorn-7780.exeUnicorn-31294.exeUnicorn-49851.exeUnicorn-47007.exeUnicorn-60904.exeUnicorn-32254.exeUnicorn-39153.exeUnicorn-25797.exeUnicorn-24488.exeUnicorn-44354.exeUnicorn-30597.exeUnicorn-30405.exeUnicorn-59247.exeUnicorn-15932.exeUnicorn-26216.exeUnicorn-21381.exeUnicorn-1515.exeUnicorn-23929.exeUnicorn-8443.exeUnicorn-36866.exeUnicorn-36901.exeUnicorn-52387.exeUnicorn-36866.exeUnicorn-3871.exeUnicorn-57868.exeUnicorn-32518.exeUnicorn-22342.exeUnicorn-4744.exeUnicorn-55076.exeUnicorn-20457.exeUnicorn-7292.exeUnicorn-40550.exeUnicorn-25117.exeUnicorn-10364.exeUnicorn-58880.exeUnicorn-4534.exeUnicorn-34144.exeUnicorn-23092.exeUnicorn-16163.exe

pid	process
3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe
2124	Unicorn-38201.exe
2652	Unicorn-43232.exe
2080	Unicorn-63098.exe
2848	Unicorn-27713.exe
2612	Unicorn-62715.exe
2188	Unicorn-61215.exe
2668	Unicorn-31676.exe
2484	Unicorn-64166.exe
2016	Unicorn-36284.exe
2392	Unicorn-64358.exe
2924	Unicorn-49989.exe
1056	Unicorn-15686.exe
108	Unicorn-15686.exe
1752	Unicorn-13801.exe
2256	Unicorn-60029.exe
852	Unicorn-58721.exe
2108	Unicorn-10553.exe
2676	Unicorn-60605.exe
792	Unicorn-21606.exe
448	Unicorn-39274.exe
2180	Unicorn-59140.exe
1764	Unicorn-57832.exe
952	Unicorn-40583.exe
2896	Unicorn-10624.exe
904	Unicorn-7780.exe
2336	Unicorn-31294.exe
1800	Unicorn-49851.exe
2908	Unicorn-47007.exe
2576	Unicorn-60904.exe
1728	Unicorn-32254.exe
1836	Unicorn-39153.exe
2736	Unicorn-25797.exe
3024	Unicorn-24488.exe
2504	Unicorn-44354.exe
2784	Unicorn-30597.exe
2760	Unicorn-30405.exe
2508	Unicorn-59247.exe
2200	Unicorn-15932.exe
1220	Unicorn-26216.exe
2956	Unicorn-21381.exe
2804	Unicorn-1515.exe
1320	Unicorn-23929.exe
1964	Unicorn-8443.exe
2424	Unicorn-36866.exe
1976	Unicorn-36901.exe
2560	Unicorn-52387.exe
2160	Unicorn-36866.exe
1648	Unicorn-3871.exe
2264	Unicorn-57868.exe
916	Unicorn-32518.exe
1960	Unicorn-22342.exe
760	Unicorn-4744.exe
848	Unicorn-55076.exe
2900	Unicorn-20457.exe
3060	Unicorn-7292.exe
1632	Unicorn-40550.exe
2384	Unicorn-25117.exe
2140	Unicorn-10364.exe
1580	Unicorn-58880.exe
2684	Unicorn-4534.exe
2740	Unicorn-34144.exe
2520	Unicorn-23092.exe
2528	Unicorn-16163.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 3040 wrote to memory of 2124	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-38201.exe
PID 3040 wrote to memory of 2124	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-38201.exe
PID 3040 wrote to memory of 2124	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-38201.exe
PID 3040 wrote to memory of 2124	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-38201.exe
PID 2124 wrote to memory of 2080	2124	Unicorn-38201.exe	Unicorn-63098.exe
PID 2124 wrote to memory of 2080	2124	Unicorn-38201.exe	Unicorn-63098.exe
PID 2124 wrote to memory of 2080	2124	Unicorn-38201.exe	Unicorn-63098.exe
PID 2124 wrote to memory of 2080	2124	Unicorn-38201.exe	Unicorn-63098.exe
PID 3040 wrote to memory of 2652	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-43232.exe
PID 3040 wrote to memory of 2652	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-43232.exe
PID 3040 wrote to memory of 2652	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-43232.exe
PID 3040 wrote to memory of 2652	3040	9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe	Unicorn-43232.exe
PID 2652 wrote to memory of 2848	2652	Unicorn-43232.exe	Unicorn-27713.exe
PID 2652 wrote to memory of 2848	2652	Unicorn-43232.exe	Unicorn-27713.exe
PID 2652 wrote to memory of 2848	2652	Unicorn-43232.exe	Unicorn-27713.exe
PID 2652 wrote to memory of 2848	2652	Unicorn-43232.exe	Unicorn-27713.exe
PID 2080 wrote to memory of 2612	2080	Unicorn-63098.exe	Unicorn-62715.exe
PID 2080 wrote to memory of 2612	2080	Unicorn-63098.exe	Unicorn-62715.exe
PID 2080 wrote to memory of 2612	2080	Unicorn-63098.exe	Unicorn-62715.exe
PID 2080 wrote to memory of 2612	2080	Unicorn-63098.exe	Unicorn-62715.exe
PID 2124 wrote to memory of 2188	2124	Unicorn-38201.exe	Unicorn-61215.exe
PID 2124 wrote to memory of 2188	2124	Unicorn-38201.exe	Unicorn-61215.exe
PID 2124 wrote to memory of 2188	2124	Unicorn-38201.exe	Unicorn-61215.exe
PID 2124 wrote to memory of 2188	2124	Unicorn-38201.exe	Unicorn-61215.exe
PID 2124 wrote to memory of 2548	2124	Unicorn-38201.exe	WerFault.exe
PID 2124 wrote to memory of 2548	2124	Unicorn-38201.exe	WerFault.exe
PID 2124 wrote to memory of 2548	2124	Unicorn-38201.exe	WerFault.exe
PID 2124 wrote to memory of 2548	2124	Unicorn-38201.exe	WerFault.exe
PID 2848 wrote to memory of 2668	2848	Unicorn-27713.exe	Unicorn-31676.exe
PID 2848 wrote to memory of 2668	2848	Unicorn-27713.exe	Unicorn-31676.exe
PID 2848 wrote to memory of 2668	2848	Unicorn-27713.exe	Unicorn-31676.exe
PID 2848 wrote to memory of 2668	2848	Unicorn-27713.exe	Unicorn-31676.exe
PID 2652 wrote to memory of 2484	2652	Unicorn-43232.exe	Unicorn-64166.exe
PID 2652 wrote to memory of 2484	2652	Unicorn-43232.exe	Unicorn-64166.exe
PID 2652 wrote to memory of 2484	2652	Unicorn-43232.exe	Unicorn-64166.exe
PID 2652 wrote to memory of 2484	2652	Unicorn-43232.exe	Unicorn-64166.exe
PID 2612 wrote to memory of 2924	2612	Unicorn-62715.exe	Unicorn-49989.exe
PID 2612 wrote to memory of 2924	2612	Unicorn-62715.exe	Unicorn-49989.exe
PID 2612 wrote to memory of 2924	2612	Unicorn-62715.exe	Unicorn-49989.exe
PID 2612 wrote to memory of 2924	2612	Unicorn-62715.exe	Unicorn-49989.exe
PID 2188 wrote to memory of 2016	2188	Unicorn-61215.exe	Unicorn-36284.exe
PID 2188 wrote to memory of 2016	2188	Unicorn-61215.exe	Unicorn-36284.exe
PID 2188 wrote to memory of 2016	2188	Unicorn-61215.exe	Unicorn-36284.exe
PID 2188 wrote to memory of 2016	2188	Unicorn-61215.exe	Unicorn-36284.exe
PID 2080 wrote to memory of 2392	2080	Unicorn-63098.exe	Unicorn-64358.exe
PID 2080 wrote to memory of 2392	2080	Unicorn-63098.exe	Unicorn-64358.exe
PID 2080 wrote to memory of 2392	2080	Unicorn-63098.exe	Unicorn-64358.exe
PID 2080 wrote to memory of 2392	2080	Unicorn-63098.exe	Unicorn-64358.exe
PID 2652 wrote to memory of 1176	2652	Unicorn-43232.exe	WerFault.exe
PID 2652 wrote to memory of 1176	2652	Unicorn-43232.exe	WerFault.exe
PID 2652 wrote to memory of 1176	2652	Unicorn-43232.exe	WerFault.exe
PID 2652 wrote to memory of 1176	2652	Unicorn-43232.exe	WerFault.exe
PID 2080 wrote to memory of 1768	2080	Unicorn-63098.exe	WerFault.exe
PID 2080 wrote to memory of 1768	2080	Unicorn-63098.exe	WerFault.exe
PID 2080 wrote to memory of 1768	2080	Unicorn-63098.exe	WerFault.exe
PID 2080 wrote to memory of 1768	2080	Unicorn-63098.exe	WerFault.exe
PID 2668 wrote to memory of 1056	2668	Unicorn-31676.exe	Unicorn-15686.exe
PID 2668 wrote to memory of 1056	2668	Unicorn-31676.exe	Unicorn-15686.exe
PID 2668 wrote to memory of 1056	2668	Unicorn-31676.exe	Unicorn-15686.exe
PID 2668 wrote to memory of 1056	2668	Unicorn-31676.exe	Unicorn-15686.exe
PID 2484 wrote to memory of 108	2484	Unicorn-64166.exe	Unicorn-15686.exe
PID 2484 wrote to memory of 108	2484	Unicorn-64166.exe	Unicorn-15686.exe
PID 2484 wrote to memory of 108	2484	Unicorn-64166.exe	Unicorn-15686.exe
PID 2484 wrote to memory of 108	2484	Unicorn-64166.exe	Unicorn-15686.exe

C:\Users\Admin\AppData\Local\Temp\9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe
"C:\Users\Admin\AppData\Local\Temp\9f6575ad400d7339babadfb80d698eec25a34d7849fe7955e969168e16595355.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10553.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-1335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1335.exe
7⤵
- Executes dropped EXE
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26216.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63528.exe
8⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61382.exe
10⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
11⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
12⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 236
11⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 216
9⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
8⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
7⤵
- Program crash
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8443.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
8⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
9⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
10⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
11⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
12⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45808.exe
13⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-431.exe
14⤵
PID:11800

C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45650.exe
15⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 220
14⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
13⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
12⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
11⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 216
10⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
9⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
8⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
7⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
8⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62826.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29473.exe
10⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-912.exe
12⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8226.exe
13⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 220
13⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
11⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50356.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22023.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42986.exe
11⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe
12⤵
PID:11336

C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25453.exe
13⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11336 -s 216
13⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 236
11⤵
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
8⤵
- Program crash
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
7⤵
- Program crash
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
6⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21606.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32254.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4534.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38386.exe
9⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
10⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3209.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36304.exe
12⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
13⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6025.exe
14⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
14⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
13⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 236
12⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
11⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
10⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
9⤵
- Program crash
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
8⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20660.exe
10⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
11⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26947.exe
12⤵
PID:11300

C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58092.exe
13⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11300 -s 216
13⤵
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 236
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
11⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
8⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34144.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4569.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
9⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53822.exe
11⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
12⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9044.exe
13⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 236
13⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
9⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
8⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
7⤵
- Program crash
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
7⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
8⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25119.exe
11⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53386.exe
12⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-589.exe
13⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 236
13⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 236
12⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
9⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
8⤵
- Program crash
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
7⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43204.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
10⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-56804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56804.exe
11⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
12⤵
PID:11756

C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2512.exe
13⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
12⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 236
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
9⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 216
8⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
7⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 240
6⤵
- Program crash
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58715.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
11⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57162.exe
12⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
10⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21362.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
10⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44389.exe
11⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18050.exe
12⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19939.exe
13⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 220
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
11⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
7⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36901.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-20980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20980.exe
7⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51711.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60820.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18405.exe
12⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16089.exe
13⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
13⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
11⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
8⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31775.exe
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47780.exe
10⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
11⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59627.exe
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
7⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
6⤵
- Program crash
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60904.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36866.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23092.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
8⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26361.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54458.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32945.exe
11⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe
12⤵
PID:11760

C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
13⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
9⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38741.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-43430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43430.exe
10⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4661.exe
11⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
12⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 236
11⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 220
10⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
7⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16163.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
7⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15430.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24824.exe
10⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53727.exe
11⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28320.exe
12⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 220
12⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16531.exe
7⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
8⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50942.exe
9⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5806.exe
10⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
11⤵
PID:12364

C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45481.exe
12⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 220
10⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
9⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
8⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
7⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
6⤵
- Program crash
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
5⤵
- Program crash
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60029.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10624.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3958.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37050.exe
9⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9339.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53458.exe
11⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
12⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53893.exe
13⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
14⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
14⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
13⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
12⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
10⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46720.exe
11⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
12⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
13⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 216
12⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
11⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 220
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33219.exe
8⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60953.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33021.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27714.exe
11⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
12⤵
PID:11452

C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
13⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 236
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
10⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
8⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5722.exe
7⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51741.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4658.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48822.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40254.exe
12⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32491.exe
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 236
13⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 220
12⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
11⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
9⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33500.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28739.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
11⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
12⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 220
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
8⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
7⤵
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2998.exe
7⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54447.exe
8⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57968.exe
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21037.exe
11⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5522.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1225.exe
13⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
12⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 236
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
9⤵
PID:5504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
8⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4047.exe
7⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26937.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23734.exe
9⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55981.exe
10⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35646.exe
11⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
12⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 236
12⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
11⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 220
10⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
8⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
7⤵
- Program crash
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
6⤵
- Program crash
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7780.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21381.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41150.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64799.exe
10⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17194.exe
11⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1417.exe
12⤵
PID:12168

C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45842.exe
13⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
10⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
8⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
7⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
6⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3993.exe
7⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43249.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2442.exe
10⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31487.exe
11⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6054.exe
12⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 216
12⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 236
11⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
8⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42649.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43396.exe
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38147.exe
9⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39420.exe
10⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46067.exe
11⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
11⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
10⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
9⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
8⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
7⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 240
6⤵
- Program crash
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
5⤵
- Program crash
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31294.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23929.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25588.exe
7⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
8⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2552.exe
10⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11799.exe
11⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
12⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
11⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
10⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
9⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 216
8⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17184.exe
7⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
9⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-43315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43315.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
11⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
12⤵
PID:12052

C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35616.exe
13⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
11⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 216
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
7⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22743.exe
6⤵
PID:236

C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2859.exe
7⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51725.exe
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6996.exe
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
11⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
12⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-470.exe
7⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34756.exe
8⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36466.exe
9⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41748.exe
10⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 204
11⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
10⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
9⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
8⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 236 -s 240
7⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
6⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52387.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26164.exe
6⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55407.exe
7⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23408.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57299.exe
10⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
11⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49320.exe
12⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
12⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
11⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
8⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1499.exe
6⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30777.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe
8⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8378.exe
9⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13730.exe
10⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
11⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
11⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 220
10⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 220
9⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
7⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
6⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
5⤵
- Program crash
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59140.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25797.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4744.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24961.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14912.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11496.exe
11⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
12⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17168.exe
13⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
14⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
14⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
13⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
12⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11274.exe
9⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47012.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
12⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51910.exe
13⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
12⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 236
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
10⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8743.exe
8⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52624.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23760.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
11⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3694.exe
12⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43974.exe
13⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 220
13⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20457.exe
7⤵
- Executes dropped EXE
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
7⤵
- Program crash
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32518.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21453.exe
8⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39012.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63878.exe
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17820.exe
11⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45040.exe
12⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21148.exe
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
13⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
12⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
11⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61544.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe
10⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5403.exe
11⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12614.exe
11⤵
PID:9296

C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
12⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 216
12⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 220
11⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
9⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20694.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8551.exe
10⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15632.exe
11⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29217.exe
12⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
12⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
11⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
8⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
7⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
6⤵
- Program crash
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57832.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30597.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7292.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60522.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61953.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8333.exe
11⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
12⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23525.exe
13⤵
PID:12200

C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39456.exe
14⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 220
13⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
9⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
8⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7207.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29507.exe
10⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28162.exe
11⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48802.exe
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 220
12⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
8⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28033.exe
7⤵
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44295.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3354.exe
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
10⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
11⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 220
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 220
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
9⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 236
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9162.exe
7⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26593.exe
8⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
9⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28529.exe
10⤵
PID:9356

C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
11⤵
PID:11608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16368.exe
12⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9356 -s 236
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
9⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
8⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
7⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
6⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
5⤵
- Program crash
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40583.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30405.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58880.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17857.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42686.exe
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
12⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59798.exe
13⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19768.exe
14⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
13⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
12⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35975.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37205.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
11⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51511.exe
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
12⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 220
11⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
9⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55199.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32650.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
9⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 220
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
8⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
7⤵
- Program crash
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25117.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe
7⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48903.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27971.exe
10⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11908.exe
11⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50511.exe
12⤵
PID:12208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
13⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 216
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
11⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
9⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62862.exe
7⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51922.exe
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
9⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
10⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
11⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 220
10⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
9⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
8⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
7⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
6⤵
- Program crash
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
7⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29323.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60509.exe
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18485.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17166.exe
11⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31727.exe
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
12⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 236
11⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
10⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
8⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
8⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35178.exe
9⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16426.exe
10⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
11⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 216
12⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
11⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
10⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
8⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
7⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53139.exe
6⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
7⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14384.exe
9⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23418.exe
10⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56335.exe
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12232.exe
12⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 220
11⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 236
10⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
9⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
8⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
7⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
5⤵
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39153.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57868.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61587.exe
7⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12104.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28014.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-26488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26488.exe
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24331.exe
11⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35063.exe
12⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42804.exe
13⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
13⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 236
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 236
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
9⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
8⤵
- Program crash
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22197.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32712.exe
9⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17744.exe
10⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63420.exe
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 220
11⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
10⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
9⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
8⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
7⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27824.exe
6⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
7⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32503.exe
8⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30951.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39565.exe
10⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
11⤵
PID:12040

C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65169.exe
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 236
10⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
9⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 216
8⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
7⤵
- Program crash
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
6⤵
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
5⤵
- Program crash
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39274.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44354.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31332.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
9⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52719.exe
10⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9360.exe
11⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5299.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
12⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 220
11⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 220
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25659.exe
8⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
9⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
10⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
11⤵
PID:11668

C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9902.exe
12⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
11⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
10⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 236
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
8⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4135.exe
6⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
7⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12503.exe
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19471.exe
9⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40331.exe
10⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
11⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 220
11⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 220
10⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 220
9⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
8⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
7⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
6⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55076.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
6⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65130.exe
7⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
8⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44390.exe
9⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32578.exe
10⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41475.exe
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
11⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
10⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 220
9⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
8⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
7⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
6⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 240
5⤵
- Program crash
PID:352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 220
4⤵
- Program crash
PID:1680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1176

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15686.exe

Filesize
184KB

MD5
1094612198526ddb9ea5ada6c3a18d39

SHA1
bcfcc7910cd992c699fb66c62e00d679bbd4252e

SHA256
465c4fffec47b5d752ef4165cb9d82f8a22f1c441a2db79c0b8e8ff4ea664894

SHA512
8b89b419e566160ad5637b2883d1f1c9ed910abde0ad4cc48493e409c848efe5c71c602f9042c618e0ca0831b122315e6fef8696ecb4ffcf03e2e4e85e34fb1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21213.exe

Filesize
184KB

MD5
5f4935eaa70f83cdae9ff8dae5f8559a

SHA1
124b81ffb7a38bc57b918314f4cfee8a1dab2dd4

SHA256
19988f94e206288eb78cc48de74f6814103ac72b400e476a2e19ff939d2895f1

SHA512
8d1a8b94fc7606ced43c99e11339b13747ad67fb8a904963ffaa06a1a7b34bbff72c7ded8ec6c4c387958a4c4e5fa77c688925c6cacef8f40e691d0a5e8a59eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21543.exe

Filesize
184KB

MD5
c8978944d75b519c3258be32efcad402

SHA1
2f86d03bb121f923fc4b249b68ca026ffd1bf5c9

SHA256
803010afeed7e7fb3cdd5bc8aa2080fcc79a61da122d9c16fec0e594443519a4

SHA512
dc3841ef90d77a0c7d6029243d07311b38e67d56afd8efc7df0b9cea43c908b436e7ec1bfba62f6b9cb424cd41cf37dc896d8e756edfd02f8d31792fa9c0f3b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21920.exe

Filesize
184KB

MD5
bfa9649ddc085585e4a0a17f9c15bae5

SHA1
a156f2a840347a815978d9b5dd4b54aef1ec7775

SHA256
690fb251f2aa975788921d827ef113d02c4c53d4c7b690428f9f546f9fcae375

SHA512
b91f0d9c0e18b62c6b0d47ff3009d0dd7c77ed1e5057e32489093133e82106f0c125cdd35a946032eb1ff4c8015c6a3d30f67495f6460d15ee1f2ef9193eb0ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe

Filesize
184KB

MD5
0210407c4d9252c1f13bb6ac91cec6aa

SHA1
c6dd412ff065f5a7769e52c88e8017c2259f583e

SHA256
7552b6f86295e0af9c0c8c972cfc5fd3fc0dd26cd0288877166112995afcb83a

SHA512
fe3589b9ae332a6a07f95926efb429d6066527ca62c7f9c7f7e702e0a7725c03ec1e2e7c723baf2aefd21f42a2dcac8e9ac77484635ddc9d16c8c16520803148

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40550.exe

Filesize
184KB

MD5
f8c855306d8c2e8b2476022e7fb62682

SHA1
a8efd9d71695372a2bc47f52edab4230f7497d01

SHA256
7482ffd279e04846b87836d9065963e1a5b008cc22d13dea4a012f37a01192f5

SHA512
e2ad58e5303a9650adf9a7e85722e67bf6b05d94de15b4939460eff86590b3d1de32bad9719f23e280d66d63dee6048c8262135b19b0acdd3a970c0c0527627d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe

Filesize
184KB

MD5
296b6038c53b61bf8d087c18703d1773

SHA1
5c5e08bd9a60cf0f0a81709ce038e33e02ed8b36

SHA256
edc443e2c55f366598dabb50ee654f1f88dd328bcf6ab01f2dbd7c909ac0f4f7

SHA512
aad00c40681bb582017bd13b07dfad1675ca51d401322a9d32211925a091e98fd20311aed468fe40c36028d9e9100d6f6a7d30c9f20555f9556d8a5447d83e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5452.exe

Filesize
184KB

MD5
89dd0d136038967c2c70d21f2db77b02

SHA1
5c09b8385b6cd3837156de86ff604e1d68991ef0

SHA256
6acd5e9726732d53d5f01c1e8a90656bfc441d15bc3319bca1217f1cc8d31e46

SHA512
1a25765c8ad293b0217d35bf10f16800f6db07031670a9c0a884ed6a25625801fefd7d9e63eb89ebef7edd27978d9c34fc4718430a817709516f31a9f2634353

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56240.exe

Filesize
184KB

MD5
ca860025a866a6dc2b670b151458fbdf

SHA1
c26c4d503226708807be7cdc5bc241b0033478a1

SHA256
73e246e97748dd5a1db21d78617764739394dfad00660c791083d1794393c940

SHA512
30fedc3a3e91e1b4a2899ca126888bd1f2f5ad004274bec9f4214a2e1c110d48e175b9b0ce1ffc8e2a38dd5bdb3957534dda304d6cefaac861c42228ae7b908c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64166.exe

Filesize
184KB

MD5
ec65ba2d839e325f17f9004989696c17

SHA1
9502749f34e15aabd9eea865d47a653b7bbbe962

SHA256
3ee69cd5a506e5ce7af62b9baa9c9aa483d86611a3db4dc8ce860f7c82eb0f4f

SHA512
eb8029dd059ff1ecc402742919a0f19a20e4e6f238fff48c7f78d6e7fd4e8b9bfe32fd5f54dd4e5d26ded9537401d13887c02ffd00566791022edc9b47b143c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6455.exe

Filesize
184KB

MD5
ad2e6bc3e32a9d0abf3cdb31f42c1389

SHA1
4858992afd8ed55e9ce6f51952f4bc07dde0f928

SHA256
3169bef95b0a492c5d320aaafa95204e816f64a48ab0b420c6634dd92d89db37

SHA512
dd474b4c8cd9d45ed9d15430f5407a7369549b44d9fe95b63f107f8746a60f640f6e03ee35106d767b9e4a47032bf2578ece503a95aa2392ff87779da50cb2cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13801.exe

Filesize
184KB

MD5
3dc75b0d02aa15c10e873b8d53b09e95

SHA1
fe81bf4abe722ef9ba23c9a5fb199dbb083d67be

SHA256
a9accd32e1fd22294f173fb69239708cdca79269c33f7be1c9082be4b9856386

SHA512
3a0741fd75b10ae824e3c3b52466bd06f4aa719a6d9ee0c2bbc79b01c14e949bcd00684a6d7f7d453d07af0b05b7e09744612ffa62c2a734dc090ce026006b52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27713.exe

Filesize
184KB

MD5
db217b01f07ca6c892ad052d489ecd75

SHA1
a38b7cf3d1079e5fe9fa4100fab7f3d132217a30

SHA256
95b303632881ab7942427cac1e5063d69cc5859d68475df82d388ac4ea094cc4

SHA512
02b26ae5dfd0f31370c4b6b71e44b5e435b39ef53aa98d6bd430cdcb02c66e293c123d4675992cadd023010b1d39061d153dccdbbb47875fbc414600e59025fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36284.exe

Filesize
184KB

MD5
136c29c36a166121f7dc122d3f95c44c

SHA1
14822f68bc58c652c9b1fdeefbb2c538f7c6bef1

SHA256
8786d316e2f3119391997cd298353cf9be98e0f3fdf61434e6f96c01e6c97c2e

SHA512
70849dc38686af71402a5668490f58374f8f1dca3479ad754332b32b17e4b9c01c708d5068381e977b8b3c64d7a13541f08cb9a9f78c23caf2de0ffbfd62e879

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38201.exe

Filesize
184KB

MD5
42c8688b0b67ed0c6295e927e627c0ca

SHA1
150bfe60f59d4da407dbef7f102af430cf9bda5d

SHA256
f884a0daa6753930a5a37ff127beddab5f2e7761f26d90554c6db15eed367324

SHA512
3baf1132364291b52f7daa6a41ea0167baceb7fa4c144fe27be342eb4902e601796044d528df813a8ac12705496de12100a01b40314756e9359058da0fa6db70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43232.exe

Filesize
184KB

MD5
fff1f7964c43eb5c7e40e9bf5fd0bbcc

SHA1
aca99e3101ad81924bf8a7d87a5dae750b0e1dd3

SHA256
3e001b98fb3777775f2188f4db0014a44d12615faa9d378b2d4a9ce292986b34

SHA512
2d7d5f7cfcc760b42defc75a0622335dbe73adcef8b9fdb01be6d55d9b4f0ed96c692ad79d9cfa91222d2c197be93f9690dd5daed98d90a9b10f0255b0bfa3fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49989.exe

Filesize
184KB

MD5
3ef9e5f76e84cade70def56e1a472efb

SHA1
e93470a2879fa23c22f5f774929b06c4e138e17e

SHA256
c3478a48601f541910e4aeb19f6f8691beb4f62505a656111339c81b9240b3bd

SHA512
36398147bec463be3b74d1996571c4cb28e7d02260259b4dad176e87c52be77a29dc673139ec4a2d8c956692a7b92f04b58fd4f5a561a51542907899313d8221

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61215.exe

Filesize
184KB

MD5
26defd4778e5f6b98725115202cd516d

SHA1
4daa5a5e70326500fcf698bf8ee566d80b0cb8d5

SHA256
c05f1e6bbc80393346479e9be2e8b652ce81053ec46123394482aed2131d5155

SHA512
7f652cf33f00e76a22d6b232e981be26e3376b3279b83aee7729c69a76454f3ee8af830b3ec334cadcf9e588efe9209b1a723d80b3b8f16fbc8de9035ede3696

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe

Filesize
184KB

MD5
bf4b0062be761ee1ca4a2fc9bc65d7e7

SHA1
980bce972f8b3babb459452697f8a381949780ba

SHA256
e6917ed9fe718bf93ab45953c5a353198d7f21766933c71c252eb13b27d0db14

SHA512
d8b303b5f666df0b8256820f2fbb8a5660e96e2b084b75f8a71ac53fbdc8da751de529e2f9312d614f54d67fe946b20b96415af2f73d3a7f7aecad40da03781b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe

Filesize
184KB

MD5
537db952d1e7526a9aa1abf66c19b7c6

SHA1
5a708b588d4c2faba5a771c3d71b7231392c09ce

SHA256
885aa6bd20e70b25ec9e9978449e8c3240118477624e5954442371c114e2de66

SHA512
f6a1c53b85db0f05c79782c6e1e5088cfa671fe5791bac8612ef081e3870b22432c76fa713fb436ecdb95eca31b03233a4af4fa058eb044d2bbe83be76edcd61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64358.exe

Filesize
184KB

MD5
c599870ae3e066770a84145357ca1595

SHA1
8412ed6b6baa69dc070e78aa773c8bf2e363ceb0

SHA256
bef197885b22022097fc93a61e4ba191400f8ab95111c0ffe8cfe2f8e27f93d5

SHA512
2972cfe42c4cce42f083e3e1dda4484de7db63fc6b20089b425916a1136f87ac372aec6969bb1e3c182f50e2e6da7caa86d6da728b1b58208e14504cecf6e3e2

Download Submit