af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
Size

184KB
MD5

b562d795776f25daf4a35776f9684e77
SHA1

414254cc1e1d446b025580a0a0c8a9d9b95d45ec
SHA256

af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8
SHA512

9b29259623cc388bfe8b6eb93382ddc03910deaaa2097b215e52381a36c915720126816f53abd33afd867b592244ebb8cbcbbf091214174550c73fe74522a3ce
SSDEEP

3072:lhaTF5oTAJOmjl4WeCyL+Z1FhlnViF9n3:lhuobsl4TLG1FhlnViF9

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-62300.exeUnicorn-21694.exeUnicorn-1828.exeUnicorn-40459.exeUnicorn-5134.exeUnicorn-25000.exeUnicorn-32621.exeUnicorn-17546.exeUnicorn-63217.exeUnicorn-46196.exeUnicorn-524.exeUnicorn-47463.exeUnicorn-27789.exeUnicorn-15174.exeUnicorn-14660.exeUnicorn-15366.exeUnicorn-37068.exeUnicorn-7048.exeUnicorn-15086.exeUnicorn-35144.exeUnicorn-59272.exeUnicorn-59272.exeUnicorn-26600.exeUnicorn-39598.exeUnicorn-6734.exeUnicorn-26346.exeUnicorn-39920.exeUnicorn-59786.exeUnicorn-40243.exeUnicorn-63569.exeUnicorn-17898.exeUnicorn-31795.exeUnicorn-31664.exeUnicorn-51530.exeUnicorn-18858.exeUnicorn-45370.exeUnicorn-65235.exeUnicorn-1644.exeUnicorn-10627.exeUnicorn-44924.exeUnicorn-1987.exeUnicorn-36283.exeUnicorn-24053.exeUnicorn-32740.exeUnicorn-61390.exeUnicorn-643.exeUnicorn-49159.exeUnicorn-16487.exeUnicorn-16487.exeUnicorn-16487.exeUnicorn-16487.exeUnicorn-32941.exeUnicorn-62350.exeUnicorn-6621.exeUnicorn-41897.exeUnicorn-42089.exeUnicorn-5010.exeUnicorn-58150.exeUnicorn-21263.exeUnicorn-21455.exeUnicorn-51435.exeUnicorn-42124.exeUnicorn-30086.exeUnicorn-10412.exe

pid	process
2592	Unicorn-62300.exe
2548	Unicorn-21694.exe
2908	Unicorn-1828.exe
2280	Unicorn-40459.exe
2612	Unicorn-5134.exe
2440	Unicorn-25000.exe
1588	Unicorn-32621.exe
2504	Unicorn-17546.exe
1912	Unicorn-63217.exe
1288	Unicorn-46196.exe
1280	Unicorn-524.exe
1416	Unicorn-47463.exe
2252	Unicorn-27789.exe
1400	Unicorn-15174.exe
1744	Unicorn-14660.exe
536	Unicorn-15366.exe
708	Unicorn-37068.exe
328	Unicorn-7048.exe
2160	Unicorn-15086.exe
1544	Unicorn-35144.exe
1868	Unicorn-59272.exe
1048	Unicorn-59272.exe
764	Unicorn-26600.exe
2136	Unicorn-39598.exe
1624	Unicorn-6734.exe
2340	Unicorn-26346.exe
1616	Unicorn-39920.exe
1720	Unicorn-59786.exe
2164	Unicorn-40243.exe
2932	Unicorn-63569.exe
2964	Unicorn-17898.exe
3028	Unicorn-31795.exe
2472	Unicorn-31664.exe
2608	Unicorn-51530.exe
2204	Unicorn-18858.exe
2740	Unicorn-45370.exe
1696	Unicorn-65235.exe
1584	Unicorn-1644.exe
2820	Unicorn-10627.exe
1924	Unicorn-44924.exe
2328	Unicorn-1987.exe
1596	Unicorn-36283.exe
2424	Unicorn-24053.exe
2072	Unicorn-32740.exe
2632	Unicorn-61390.exe
1500	Unicorn-643.exe
452	Unicorn-49159.exe
2524	Unicorn-16487.exe
1788	Unicorn-16487.exe
1040	Unicorn-16487.exe
2728	Unicorn-16487.exe
916	Unicorn-32941.exe
1092	Unicorn-62350.exe
3044	Unicorn-6621.exe
2308	Unicorn-41897.exe
2780	Unicorn-42089.exe
2680	Unicorn-5010.exe
2492	Unicorn-58150.exe
2628	Unicorn-21263.exe
2836	Unicorn-21455.exe
1980	Unicorn-51435.exe
1936	Unicorn-42124.exe
1408	Unicorn-30086.exe
1948	Unicorn-10412.exe

Loads dropped DLL 64 IoCs

Processes:

af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exeUnicorn-62300.exeUnicorn-21694.exeUnicorn-1828.exeWerFault.exeUnicorn-5134.exeUnicorn-40459.exeUnicorn-25000.exeWerFault.exeWerFault.exeUnicorn-32621.exeUnicorn-17546.exeWerFault.exeUnicorn-63217.exeWerFault.exeWerFault.exe

pid	process
3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
2592	Unicorn-62300.exe
2592	Unicorn-62300.exe
3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
2548	Unicorn-21694.exe
2548	Unicorn-21694.exe
2592	Unicorn-62300.exe
2592	Unicorn-62300.exe
2908	Unicorn-1828.exe
2908	Unicorn-1828.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2612	Unicorn-5134.exe
2612	Unicorn-5134.exe
2280	Unicorn-40459.exe
2280	Unicorn-40459.exe
2548	Unicorn-21694.exe
2548	Unicorn-21694.exe
2440	Unicorn-25000.exe
2908	Unicorn-1828.exe
2440	Unicorn-25000.exe
2908	Unicorn-1828.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
1816	WerFault.exe
320	WerFault.exe
1588	Unicorn-32621.exe
1588	Unicorn-32621.exe
2612	Unicorn-5134.exe
2612	Unicorn-5134.exe
2504	Unicorn-17546.exe
2504	Unicorn-17546.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2284	WerFault.exe
2440	Unicorn-25000.exe
2440	Unicorn-25000.exe
1912	Unicorn-63217.exe
1912	Unicorn-63217.exe
2284	WerFault.exe
936	WerFault.exe
936	WerFault.exe
936	WerFault.exe
936	WerFault.exe
936	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2684	3008	WerFault.exe	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
2116	2592	WerFault.exe	Unicorn-62300.exe
1816	2548	WerFault.exe	Unicorn-21694.exe
320	2908	WerFault.exe	Unicorn-1828.exe
2284	1280	WerFault.exe	Unicorn-524.exe
936	2612	WerFault.exe	Unicorn-5134.exe
3068	2280	WerFault.exe	Unicorn-40459.exe
616	2440	WerFault.exe	Unicorn-25000.exe
2832	1288	WerFault.exe	Unicorn-46196.exe
1748	1588	WerFault.exe	Unicorn-32621.exe
2992	2504	WerFault.exe	Unicorn-17546.exe
1512	1912	WerFault.exe	Unicorn-63217.exe
2864	1696	WerFault.exe	Unicorn-65235.exe
1864	1416	WerFault.exe	Unicorn-47463.exe
308	2252	WerFault.exe	Unicorn-27789.exe
2140	536	WerFault.exe	Unicorn-15366.exe
356	1744	WerFault.exe	Unicorn-14660.exe
2060	1400	WerFault.exe	Unicorn-15174.exe
1804	708	WerFault.exe	Unicorn-37068.exe
2108	328	WerFault.exe	Unicorn-7048.exe
1612	2160	WerFault.exe	Unicorn-15086.exe
2664	1544	WerFault.exe	Unicorn-35144.exe
2596	1868	WerFault.exe	Unicorn-59272.exe
3032	1048	WerFault.exe	Unicorn-59272.exe
2216	764	WerFault.exe	Unicorn-26600.exe
2696	1624	WerFault.exe	Unicorn-6734.exe
2744	2340	WerFault.exe	Unicorn-26346.exe
1740	1720	WerFault.exe	Unicorn-59786.exe
2988	1616	WerFault.exe	Unicorn-39920.exe
2212	2164	WerFault.exe	Unicorn-40243.exe
2088	2932	WerFault.exe	Unicorn-63569.exe
2972	2472	WerFault.exe	Unicorn-31664.exe
2360	2964	WerFault.exe	Unicorn-17898.exe
2860	2204	WerFault.exe	Unicorn-18858.exe
2724	1584	WerFault.exe	Unicorn-1644.exe
1276	3028	WerFault.exe	Unicorn-31795.exe
1552	2608	WerFault.exe	Unicorn-51530.exe
2092	2740	WerFault.exe	Unicorn-45370.exe
1008	956	WerFault.exe	Unicorn-34065.exe
3212	2576	WerFault.exe	Unicorn-34641.exe
3512	2136	WerFault.exe	Unicorn-39598.exe
3600	1924	WerFault.exe	Unicorn-44924.exe
3616	2820	WerFault.exe	Unicorn-10627.exe
3788	2328	WerFault.exe	Unicorn-1987.exe
3796	1596	WerFault.exe	Unicorn-36283.exe
3828	2424	WerFault.exe	Unicorn-24053.exe
3904	2072	WerFault.exe	Unicorn-32740.exe
3920	2632	WerFault.exe	Unicorn-61390.exe
3952	2728	WerFault.exe	Unicorn-16487.exe
3944	1788	WerFault.exe	Unicorn-16487.exe
3960	2524	WerFault.exe	Unicorn-16487.exe
3968	3044	WerFault.exe	Unicorn-6621.exe
3980	1500	WerFault.exe	Unicorn-643.exe
4044	452	WerFault.exe	Unicorn-49159.exe
4088	916	WerFault.exe	Unicorn-32941.exe
3080	1040	WerFault.exe	Unicorn-16487.exe
3108	1092	WerFault.exe	Unicorn-62350.exe
3464	2308	WerFault.exe	Unicorn-41897.exe
3804	2780	WerFault.exe	Unicorn-42089.exe
3784	2680	WerFault.exe	Unicorn-5010.exe
3408	2628	WerFault.exe	Unicorn-21263.exe
3544	2836	WerFault.exe	Unicorn-21455.exe
4192	2656	WerFault.exe	Unicorn-6183.exe
4324	2812	WerFault.exe	Unicorn-1777.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exeUnicorn-62300.exeUnicorn-21694.exeUnicorn-1828.exeUnicorn-40459.exeUnicorn-5134.exeUnicorn-25000.exeUnicorn-17546.exeUnicorn-32621.exeUnicorn-63217.exeUnicorn-46196.exeUnicorn-524.exeUnicorn-47463.exeUnicorn-27789.exeUnicorn-15174.exeUnicorn-14660.exeUnicorn-15366.exeUnicorn-37068.exeUnicorn-7048.exeUnicorn-15086.exeUnicorn-35144.exeUnicorn-59272.exeUnicorn-59272.exeUnicorn-39598.exeUnicorn-26600.exeUnicorn-6734.exeUnicorn-26346.exeUnicorn-39920.exeUnicorn-59786.exeUnicorn-40243.exeUnicorn-63569.exeUnicorn-17898.exeUnicorn-31795.exeUnicorn-51530.exeUnicorn-31664.exeUnicorn-45370.exeUnicorn-18858.exeUnicorn-65235.exeUnicorn-1644.exeUnicorn-10627.exeUnicorn-44924.exeUnicorn-1987.exeUnicorn-36283.exeUnicorn-24053.exeUnicorn-32740.exeUnicorn-61390.exeUnicorn-643.exeUnicorn-49159.exeUnicorn-16487.exeUnicorn-16487.exeUnicorn-16487.exeUnicorn-16487.exeUnicorn-32941.exeUnicorn-6621.exeUnicorn-62350.exeUnicorn-41897.exeUnicorn-42089.exeUnicorn-5010.exeUnicorn-58150.exeUnicorn-21263.exeUnicorn-21455.exeUnicorn-51435.exeUnicorn-42124.exeUnicorn-30086.exe

pid	process
3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
2592	Unicorn-62300.exe
2548	Unicorn-21694.exe
2908	Unicorn-1828.exe
2280	Unicorn-40459.exe
2612	Unicorn-5134.exe
2440	Unicorn-25000.exe
2504	Unicorn-17546.exe
1588	Unicorn-32621.exe
1912	Unicorn-63217.exe
1288	Unicorn-46196.exe
1280	Unicorn-524.exe
1416	Unicorn-47463.exe
2252	Unicorn-27789.exe
1400	Unicorn-15174.exe
1744	Unicorn-14660.exe
536	Unicorn-15366.exe
708	Unicorn-37068.exe
328	Unicorn-7048.exe
2160	Unicorn-15086.exe
1544	Unicorn-35144.exe
1868	Unicorn-59272.exe
1048	Unicorn-59272.exe
2136	Unicorn-39598.exe
764	Unicorn-26600.exe
1624	Unicorn-6734.exe
2340	Unicorn-26346.exe
1616	Unicorn-39920.exe
1720	Unicorn-59786.exe
2164	Unicorn-40243.exe
2932	Unicorn-63569.exe
2964	Unicorn-17898.exe
3028	Unicorn-31795.exe
2608	Unicorn-51530.exe
2472	Unicorn-31664.exe
2740	Unicorn-45370.exe
2204	Unicorn-18858.exe
1696	Unicorn-65235.exe
1584	Unicorn-1644.exe
2820	Unicorn-10627.exe
1924	Unicorn-44924.exe
2328	Unicorn-1987.exe
1596	Unicorn-36283.exe
2424	Unicorn-24053.exe
2072	Unicorn-32740.exe
2632	Unicorn-61390.exe
1500	Unicorn-643.exe
452	Unicorn-49159.exe
2524	Unicorn-16487.exe
1040	Unicorn-16487.exe
1788	Unicorn-16487.exe
2728	Unicorn-16487.exe
916	Unicorn-32941.exe
3044	Unicorn-6621.exe
1092	Unicorn-62350.exe
2308	Unicorn-41897.exe
2780	Unicorn-42089.exe
2680	Unicorn-5010.exe
2492	Unicorn-58150.exe
2628	Unicorn-21263.exe
2836	Unicorn-21455.exe
1980	Unicorn-51435.exe
1936	Unicorn-42124.exe
1408	Unicorn-30086.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exeUnicorn-62300.exeUnicorn-21694.exeUnicorn-1828.exeUnicorn-5134.exeUnicorn-40459.exeUnicorn-25000.exeUnicorn-32621.exe

description	pid	process	target process
PID 3008 wrote to memory of 2592	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-62300.exe
PID 3008 wrote to memory of 2592	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-62300.exe
PID 3008 wrote to memory of 2592	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-62300.exe
PID 3008 wrote to memory of 2592	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-62300.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-62300.exe	Unicorn-21694.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-62300.exe	Unicorn-21694.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-62300.exe	Unicorn-21694.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-62300.exe	Unicorn-21694.exe
PID 3008 wrote to memory of 2908	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-1828.exe
PID 3008 wrote to memory of 2908	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-1828.exe
PID 3008 wrote to memory of 2908	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-1828.exe
PID 3008 wrote to memory of 2908	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	Unicorn-1828.exe
PID 3008 wrote to memory of 2684	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	WerFault.exe
PID 3008 wrote to memory of 2684	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	WerFault.exe
PID 3008 wrote to memory of 2684	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	WerFault.exe
PID 3008 wrote to memory of 2684	3008	af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe	WerFault.exe
PID 2548 wrote to memory of 2280	2548	Unicorn-21694.exe	Unicorn-40459.exe
PID 2548 wrote to memory of 2280	2548	Unicorn-21694.exe	Unicorn-40459.exe
PID 2548 wrote to memory of 2280	2548	Unicorn-21694.exe	Unicorn-40459.exe
PID 2548 wrote to memory of 2280	2548	Unicorn-21694.exe	Unicorn-40459.exe
PID 2592 wrote to memory of 2612	2592	Unicorn-62300.exe	Unicorn-5134.exe
PID 2592 wrote to memory of 2612	2592	Unicorn-62300.exe	Unicorn-5134.exe
PID 2592 wrote to memory of 2612	2592	Unicorn-62300.exe	Unicorn-5134.exe
PID 2592 wrote to memory of 2612	2592	Unicorn-62300.exe	Unicorn-5134.exe
PID 2908 wrote to memory of 2440	2908	Unicorn-1828.exe	Unicorn-25000.exe
PID 2908 wrote to memory of 2440	2908	Unicorn-1828.exe	Unicorn-25000.exe
PID 2908 wrote to memory of 2440	2908	Unicorn-1828.exe	Unicorn-25000.exe
PID 2908 wrote to memory of 2440	2908	Unicorn-1828.exe	Unicorn-25000.exe
PID 2592 wrote to memory of 2116	2592	Unicorn-62300.exe	WerFault.exe
PID 2592 wrote to memory of 2116	2592	Unicorn-62300.exe	WerFault.exe
PID 2592 wrote to memory of 2116	2592	Unicorn-62300.exe	WerFault.exe
PID 2592 wrote to memory of 2116	2592	Unicorn-62300.exe	WerFault.exe
PID 2612 wrote to memory of 1588	2612	Unicorn-5134.exe	Unicorn-32621.exe
PID 2612 wrote to memory of 1588	2612	Unicorn-5134.exe	Unicorn-32621.exe
PID 2612 wrote to memory of 1588	2612	Unicorn-5134.exe	Unicorn-32621.exe
PID 2612 wrote to memory of 1588	2612	Unicorn-5134.exe	Unicorn-32621.exe
PID 2280 wrote to memory of 2504	2280	Unicorn-40459.exe	Unicorn-17546.exe
PID 2280 wrote to memory of 2504	2280	Unicorn-40459.exe	Unicorn-17546.exe
PID 2280 wrote to memory of 2504	2280	Unicorn-40459.exe	Unicorn-17546.exe
PID 2280 wrote to memory of 2504	2280	Unicorn-40459.exe	Unicorn-17546.exe
PID 2548 wrote to memory of 1912	2548	Unicorn-21694.exe	Unicorn-63217.exe
PID 2548 wrote to memory of 1912	2548	Unicorn-21694.exe	Unicorn-63217.exe
PID 2548 wrote to memory of 1912	2548	Unicorn-21694.exe	Unicorn-63217.exe
PID 2548 wrote to memory of 1912	2548	Unicorn-21694.exe	Unicorn-63217.exe
PID 2440 wrote to memory of 1280	2440	Unicorn-25000.exe	Unicorn-524.exe
PID 2440 wrote to memory of 1280	2440	Unicorn-25000.exe	Unicorn-524.exe
PID 2440 wrote to memory of 1280	2440	Unicorn-25000.exe	Unicorn-524.exe
PID 2440 wrote to memory of 1280	2440	Unicorn-25000.exe	Unicorn-524.exe
PID 2908 wrote to memory of 1288	2908	Unicorn-1828.exe	Unicorn-46196.exe
PID 2908 wrote to memory of 1288	2908	Unicorn-1828.exe	Unicorn-46196.exe
PID 2908 wrote to memory of 1288	2908	Unicorn-1828.exe	Unicorn-46196.exe
PID 2908 wrote to memory of 1288	2908	Unicorn-1828.exe	Unicorn-46196.exe
PID 2548 wrote to memory of 1816	2548	Unicorn-21694.exe	WerFault.exe
PID 2548 wrote to memory of 1816	2548	Unicorn-21694.exe	WerFault.exe
PID 2548 wrote to memory of 1816	2548	Unicorn-21694.exe	WerFault.exe
PID 2548 wrote to memory of 1816	2548	Unicorn-21694.exe	WerFault.exe
PID 2908 wrote to memory of 320	2908	Unicorn-1828.exe	WerFault.exe
PID 2908 wrote to memory of 320	2908	Unicorn-1828.exe	WerFault.exe
PID 2908 wrote to memory of 320	2908	Unicorn-1828.exe	WerFault.exe
PID 2908 wrote to memory of 320	2908	Unicorn-1828.exe	WerFault.exe
PID 1588 wrote to memory of 1416	1588	Unicorn-32621.exe	Unicorn-47463.exe
PID 1588 wrote to memory of 1416	1588	Unicorn-32621.exe	Unicorn-47463.exe
PID 1588 wrote to memory of 1416	1588	Unicorn-32621.exe	Unicorn-47463.exe
PID 1588 wrote to memory of 1416	1588	Unicorn-32621.exe	Unicorn-47463.exe

C:\Users\Admin\AppData\Local\Temp\af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe
"C:\Users\Admin\AppData\Local\Temp\af6d59ea46b49482dabaf94e5d7ea4396d683fc4802850e46ea9e2861f486dc8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15174.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26600.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
10⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-63786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63786.exe
11⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
12⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19887.exe
13⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
14⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32437.exe
15⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18148.exe
16⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
15⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
14⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
13⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
12⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
11⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50244.exe
12⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 220
13⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
12⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
11⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36048.exe
10⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
11⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37868.exe
12⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34013.exe
13⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50418.exe
14⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11404 -s 208
15⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 220
14⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
13⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
12⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
11⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
10⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
9⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15483.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56701.exe
11⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
12⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55416.exe
13⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33511.exe
14⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12937.exe
15⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
14⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
13⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
12⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 236
11⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30997.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25330.exe
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7014.exe
12⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31809.exe
13⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65285.exe
14⤵
PID:13916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
14⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
13⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
12⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
11⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
10⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 220
9⤵
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32941.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
9⤵
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
10⤵
- Program crash
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34704.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe
10⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49974.exe
11⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13682.exe
12⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53002.exe
13⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
14⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
14⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
12⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
11⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
9⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
8⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45370.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
9⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
10⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17110.exe
11⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
12⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
13⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
14⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
14⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
11⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
10⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
9⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
8⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
10⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14981.exe
11⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
12⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50977.exe
13⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 236
13⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
11⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14002.exe
9⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 220
11⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
8⤵
- Program crash
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
7⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1644.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
9⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
11⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1573.exe
12⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-32965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32965.exe
13⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
14⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
14⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
13⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 220
12⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41708.exe
11⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51086.exe
12⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51186.exe
13⤵
PID:11468

C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14568.exe
14⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11468 -s 216
14⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
12⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
10⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15301.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6649.exe
10⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33415.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16693.exe
12⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 200
13⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
11⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
10⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
9⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
8⤵
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 220
9⤵
- Program crash
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
8⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
7⤵
- Program crash
PID:2696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
6⤵
- Program crash
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15366.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51530.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58612.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
10⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
11⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30424.exe
12⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34279.exe
13⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14324.exe
14⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
14⤵
PID:13716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
14⤵
PID:13948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
13⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 220
12⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
10⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
9⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
8⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-811.exe
10⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44126.exe
11⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
12⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2898.exe
13⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
14⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 216
14⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
13⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
12⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
9⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 220
8⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
7⤵
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31664.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49159.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe
8⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35167.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
10⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-10021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10021.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35139.exe
12⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57019.exe
13⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41900.exe
14⤵
PID:14240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 236
13⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
11⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
10⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49749.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
12⤵
PID:11660

C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24488.exe
13⤵
PID:13812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 216
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47974.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32676.exe
11⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12047.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42275.exe
13⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
13⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
9⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
8⤵
- Program crash
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1777.exe
7⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1702.exe
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38322.exe
11⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34689.exe
12⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48917.exe
13⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
13⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
12⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
11⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
8⤵
- Program crash
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
6⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65235.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 200
7⤵
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
6⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
5⤵
- Program crash
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59786.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1987.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
10⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64428.exe
11⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
12⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54152.exe
13⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56094.exe
14⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 236
14⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
13⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
12⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12803.exe
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
11⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
12⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
13⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
14⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
14⤵
PID:14296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
13⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
12⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38710.exe
9⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
10⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52389.exe
11⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30326.exe
12⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47665.exe
13⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41107.exe
14⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-285.exe
14⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 240
14⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 236
13⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
12⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
11⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48175.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40746.exe
11⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51751.exe
12⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5362.exe
13⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 236
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
11⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
9⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21263.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62416.exe
9⤵
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
10⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34922.exe
11⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57465.exe
12⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62454.exe
13⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
14⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
14⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 236
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
12⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
11⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
11⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
12⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16681.exe
13⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
13⤵
PID:13544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 236
12⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 220
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
8⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
10⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
11⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29154.exe
12⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22555.exe
13⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 236
13⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
11⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59924.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2724.exe
10⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15204.exe
11⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-209.exe
12⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
12⤵
PID:13352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 236
11⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
10⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
9⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
8⤵
- Program crash
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
7⤵
- Program crash
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
9⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44096.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22597.exe
11⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54861.exe
12⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 220
13⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
12⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30141.exe
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
11⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
12⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36987.exe
13⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 236
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
12⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
11⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 220
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19484.exe
10⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48415.exe
11⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2366.exe
12⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
13⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
13⤵
PID:13476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 236
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
11⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43126.exe
8⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25731.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35778.exe
10⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
11⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17961.exe
12⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37267.exe
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 236
13⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
12⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
10⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
11⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11636.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 236
12⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
11⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
8⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42124.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62992.exe
8⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46592.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16841.exe
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
11⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 236
11⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 236
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12035.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36908.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45437.exe
10⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10563.exe
11⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
12⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
10⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
7⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
6⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40243.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30086.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15244.exe
9⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48704.exe
10⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23324.exe
11⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60013.exe
12⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6974.exe
13⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11854.exe
14⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 216
14⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
12⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
11⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
10⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43747.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64089.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48685.exe
11⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14299.exe
12⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-33484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33484.exe
13⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
13⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 220
13⤵
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
11⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
8⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2145.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11261.exe
11⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13402.exe
12⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1414.exe
13⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61453.exe
14⤵
PID:14008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 220
12⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
11⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
9⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51204.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
11⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22302.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22452.exe
13⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 220
13⤵
PID:13940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
10⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
9⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
8⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10412.exe
7⤵
- Executes dropped EXE
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60688.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32861.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45013.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
11⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19754.exe
12⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
13⤵
PID:13492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
13⤵
PID:13848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
11⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45860.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
9⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44669.exe
10⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
11⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13276.exe
12⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 220
12⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
11⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
10⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
8⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
- Program crash
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61390.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-60454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60454.exe
7⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49114.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27401.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64625.exe
11⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-30133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30133.exe
12⤵
PID:11268

C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53640.exe
13⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11268 -s 216
13⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
11⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2207.exe
12⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11232 -s 216
12⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42960.exe
7⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25138.exe
9⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
11⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41829.exe
12⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
12⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
8⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:3920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
6⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
5⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17898.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21455.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
8⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52965.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44763.exe
11⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
12⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
13⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 236
13⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
12⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14952.exe
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52548.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18369.exe
11⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37299.exe
12⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
13⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 220
13⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18837.exe
10⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64889.exe
11⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54532.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
10⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 216
7⤵
- Program crash
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62350.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
7⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51996.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33868.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63160.exe
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
12⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-7734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7734.exe
13⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 220
13⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
11⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
9⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56082.exe
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46433.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30604.exe
11⤵
PID:11568

C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40215.exe
12⤵
PID:13536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11568 -s 216
12⤵
PID:13896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 216
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
10⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 220
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37516.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7901.exe
10⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33869.exe
11⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
12⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
9⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
8⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
7⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
6⤵
- Program crash
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63569.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21067.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45179.exe
10⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7133.exe
11⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
12⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19727.exe
13⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 236
13⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
11⤵
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20608.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25289.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-20116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20116.exe
10⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39744.exe
11⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
11⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
8⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14533.exe
7⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
9⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
8⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
7⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41548.exe
6⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43078.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48616.exe
10⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5473.exe
11⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 236
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
9⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
8⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63286.exe
7⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26098.exe
8⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7974.exe
9⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10703.exe
10⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60090.exe
11⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
11⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
10⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
9⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
8⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
7⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
6⤵
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
5⤵
- Program crash
PID:308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-524.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14660.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59272.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
8⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33629.exe
10⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
11⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29401.exe
12⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34847.exe
13⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33650.exe
14⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
14⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
13⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
12⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
11⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49094.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44886.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22102.exe
12⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
13⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
13⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 236
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
11⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
10⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11267.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-166.exe
10⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 220
11⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48820.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40666.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65511.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
11⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12239.exe
12⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9602.exe
13⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 216
13⤵
PID:13712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
11⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
9⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 220
8⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
7⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
8⤵
- Program crash
PID:1008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
7⤵
- Program crash
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
6⤵
- Program crash
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
5⤵
- Program crash
PID:356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
4⤵
- Program crash
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37068.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16942.exe
8⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31893.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26027.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53239.exe
11⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19987.exe
12⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
12⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
11⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-27937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27937.exe
11⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41508.exe
12⤵
PID:11312

C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24756.exe
13⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11312 -s 216
13⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 236
12⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
11⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6913.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
11⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 216
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 236
11⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
7⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48312.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39778.exe
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62669.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
12⤵
PID:11980

C:\Users\Admin\AppData\Local\Temp\Unicorn-60811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60811.exe
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 220
12⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
11⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
8⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29550.exe
9⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34948.exe
10⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
11⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
12⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 216
12⤵
PID:13468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
10⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
9⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
8⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
7⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5010.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
7⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26603.exe
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26291.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-27745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27745.exe
11⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 236
12⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
10⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43810.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52851.exe
10⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55580.exe
11⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
11⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
9⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
8⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
7⤵
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
7⤵
- Program crash
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
6⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44924.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42131.exe
7⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64070.exe
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21423.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10460.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30325.exe
12⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48542.exe
13⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
10⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9036.exe
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22949.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
10⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
10⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
9⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62655.exe
7⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22763.exe
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61454.exe
9⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
10⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49581.exe
11⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
11⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
10⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
9⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
8⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
6⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
7⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29478.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32835.exe
10⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62421.exe
11⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37911.exe
12⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
12⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
11⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
8⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35761.exe
7⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31563.exe
8⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43754.exe
9⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
10⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 216
10⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
9⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
8⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
6⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
5⤵
- Program crash
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
4⤵
- Program crash
PID:2832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
2⤵
- Program crash
PID:2684

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1828.exe

Filesize
184KB

MD5
43d6c77b05ee5d80497b410c0b3d0ed3

SHA1
0d1ea3054a32ff78491cde9d8550dd6e73b9e19e

SHA256
afed03e8bae12f996a323992332cd6fd999da8ad716e52e042af07eea7c86676

SHA512
8fac64d87102c2488cdb8816a186daf42a486db96c6cfeb4c366540dcb769db5f214d4fb4afb5eff3a7e555163756b3f665e63119f436f234698eac13b5638bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe

Filesize
184KB

MD5
0663ca78b19ee5fadfe3d0e9a904b4f1

SHA1
c2c3d561846be81518d27b49529c4442686e2bd4

SHA256
c7c2c27e32761fbb1c1caf0213943d6b07c9ccc6df0f5d35490327a0caeccd39

SHA512
9871e55a22b3584f696b8344555feef27b1f1324fce92d09ecad2a68233081ff71a19691d63685d665330a844c118828005adf4153540deecad552cb27d8553f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21694.exe

Filesize
184KB

MD5
a2bb219aabb94dd5f6673e9240c8d8fd

SHA1
e9f0150575827b1be523c018406fb8050a830fc8

SHA256
cc7b84102022311e64ca7c39085b37a8f5db409ec5ebb20df23a08fd9a3ca55d

SHA512
3c796d53f31c8b71040035e48be4bdeebf1ae9c40a77612357346ff031b895a3db93235e82224e9e08441f55e9ecc5cb5d044126858e9eaa2b52fb7728ccc78a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25000.exe

Filesize
184KB

MD5
debca3a3a7c541cf15240bdff64169bf

SHA1
57e4ee0009f98bc7bcf90f524b0f37bc03c7e1a6

SHA256
31f0094ad874a07661c1d7b909fa70a0a862560be13ec311e6a90719250d6234

SHA512
1383953c4fc9c9edde622aa0823b56f7d47b77f1095289a8c9c736e0cfc6c475042bdf5992bb58e2f1d73f9fbd3059962a11b05da0ebd0ac89e5dd3a5730c8a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe

Filesize
184KB

MD5
116c5cbbaf6344d66a7f6bb05f65f2aa

SHA1
64180932d67a1d42c45416e26bc056eb1039eb10

SHA256
bf876d461c245e87b951c5b36e33fb9a81af701599ee61651293d962b7b60f78

SHA512
b3d926284726b7a6a9464053b75a57f753d7ca516b50d6754ab777acfb5c75fdc45c5d86086bcdb00d5aa213fa96dc06a180a450208039f40594b80a9cc392b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46196.exe

Filesize
184KB

MD5
c38f195c0a9351c74dd12228f32cc836

SHA1
cc9ad2d913f0374aab6dfdb132f22fa0875dae7c

SHA256
4b878d7de6a0dd21e8e13f8a2129b50ebc1be11ae5378a7320220715afabc36d

SHA512
b2b1dc9c81a47d18d6123d8427a96a2f6b2c4e054a22b68b0f4de9a6438d6794ae921ac04266c40724fed650829a124eb9f85fafdf326d29fc56682668fc351a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47463.exe

Filesize
184KB

MD5
dde117cd311ee08e24370f7c30f1ff36

SHA1
4ce393549702aa555b11e383e2e4a9fdc751d6d0

SHA256
f07adf23b6ed548bd367913cfc4c631a9048f9c33f21b5bfe026a1862e75f243

SHA512
a11c020d6fd4b254016d55a2946d31f1305254aed7103dba4c6fc90b818af049aeb2d5c71ce28c9b1ed0af68e6187118f385a653ec3e30ffc688ae69288c7238

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48559.exe

Filesize
184KB

MD5
49998803378670c0547314d6c7811eb9

SHA1
111f3b2961ae6c67be69a02bd9c9b51cc47b3528

SHA256
3d171b2523f38a17e08e227ce790cd634f4bff4e71be47c836c5ed2c715a4ed7

SHA512
b92dfd1b47c1db9e8563804cd00e5cf91784d03eec9347a11687919ce46c2261f4d5a337a363932a2d11d23802c62a434919e0f103823a67c2b957b63f921d1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5134.exe

Filesize
184KB

MD5
40c78198e217d456970a65288fce9b3e

SHA1
0ead7c6d3ef16c7cb0f320e2316ddc6e1013a4eb

SHA256
eb886b28ceb3c49a4d3be19c9ca3c4485abc071cd1fa3d3cb1375435495a7226

SHA512
dead9730cff8648d4691bcf87d1deb0127b5747fdca43cc6df5d95dee263c0859c0592f915575443ec060c70ee9e1f5ae91c917af46ca687d9d70588d37f5feb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5991.exe

Filesize
184KB

MD5
790c3fa256f076c2bf92c446e2928a6e

SHA1
3abe9aa9e0c1bf6c7474d11f295aba7bec9851ef

SHA256
c2fb8ded783229d04b1b30191ba4fbb36ae299171be7ec0745542fd19f0a3cfb

SHA512
4049c48c5af41a5c2577ff28ffae5dfca3be924f8a6352bec0db10bfbd88cf594e7b45c5451cf6236affd90343f059b6b2f71d80d6eef2b96cabe2d4ec29926d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62300.exe

Filesize
184KB

MD5
74d785d44889beecbf92a85d1e2b4013

SHA1
291e17b8ac6f2a2e5392d540ef29280cb21a67eb

SHA256
5a160bf89d9bafa9cc1426d7502e8f819405ef12626877f592036bfa79dd1ae8

SHA512
c51fb15776aec2f6602efe884a5e266c8e016cf0f211d89ae7e624c1c79029d75ee712060c3b93cac50ba525e7ddf653c8b4f545bb38bb9854d443ccbeb1ee84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6621.exe

Filesize
184KB

MD5
514cc249a208d6a1fbdb6717e19a6a5d

SHA1
6fdd88de17a9450b6d70c250d000d06dccfa62cc

SHA256
bf133ea23ecadb4eeae0a215f01970e492c8ddf59f793cef0b5a79f44401e662

SHA512
78644bbe765e7f28b9afe21c50534581849b0ba8b306ac2dbca7d0e214daeae50cb6216bf23590e6335022980b8135f1cee8731f595b322f695aaef1ea0e4086

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17546.exe

Filesize
184KB

MD5
62e3e144d8468f5e8ed131214fee5288

SHA1
d1957c43f20f5b927eee89389f66c18872d0a237

SHA256
b7d2cba37e4a52c0887ffe0f24d7059c67a7b69dce7a9d4e5387c8d9117feeec

SHA512
0327c1d3005255b8e56bf5ce0f660a24ebd027738fa01debd77ab50e9cecb383422435a55a0732e8a5bd9c1c57a75c49b6796de9a78d8eaabaf75c998e2eb185

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27789.exe

Filesize
184KB

MD5
17e177894aea598ccd21701633ae3ded

SHA1
d3e5409078033f3fcfd52e3fde45456952824238

SHA256
7927cc1c40e8abc68736f3052b6b160e40b9e35e0d8bcb08dd2ad1f7ca2193b2

SHA512
9a7015efeb90a7fa968c26086b9746cb1af790ea24ac755710b02df3838729512e5253986910f7692c49bed8bb2dcfba4da694d054506db259006f0b28099b94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe

Filesize
184KB

MD5
7fdca7acba3ee4c232c9b4fca859ba46

SHA1
5612c877e7f917a9db5da38390df07794b3d9705

SHA256
bd238c06db9432d1a0ad97af2cfc6b8a7755702b98be613d80f2a03e98967b69

SHA512
4ff80d4becd71aa8d1b23b4f49960063e8ba418db27899e5a3d3fbbacca77c8b60680357adaf6765f38d42488dad2d5b69cc2242e2fd4d170bb32b2c30fdcaf9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40459.exe

Filesize
184KB

MD5
fe3d2483319efc98d5dbd602a586710f

SHA1
e704cdcd39c1524de7beaa29bedf5ff6d59b5f45

SHA256
1fbd1684b18d23a0e84b7f32d7687a4e0b4bf5c0e41efed8b929b3b85b63e44e

SHA512
28590132856ea2388fce64ecc7890b443160dcb042314b09aef06b2d312fa5583bc11566897527826214e9b180e520c3be8e70d7555039b4e6c247cbe92ae9e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-524.exe

Filesize
184KB

MD5
fc0ac04f746de7a34003f875a5d47adb

SHA1
b7840348680270019a42f2e5eab05829c62d5f47

SHA256
56e09c2241d6c1c4ccb5ec273a27cdb867eafe5af2f4a9357742fffe659dbdd7

SHA512
9a2d2720b250650f6c488312b70f18111f8a59c34c36937cf362553f1c0de51b572acbef207bd6f4d733bfdf29e73822f0a3630d1d87193aeba7ab9e8573611a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63217.exe

Filesize
184KB

MD5
062afa883db5c44a10bbf5877665cf86

SHA1
d27a2efd4f4b808854461a93f3c7fe58246564df

SHA256
a17a47d8b885edc484034f1fdd0742f4816d3cbc88e42dfcf4486e5f602c775f

SHA512
6cca8d65a93aa840b56aff7bb1fc0b5d5bbe2af00a7142ed2343937b2206faf780a52f9759009fbbff0dde85e708053eb9854842ec365c18ad74b2a9e6962520

Download Submit