b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
Size

184KB
MD5

59c5f190bb0103f6550433a7750b802e
SHA1

dd962988561e6ae682d3535a18d45c65bc87118d
SHA256

b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813
SHA512

beb3333c6d947e051698c1621d447984e8dc7312e2b31e03d5661e5e3fe0109271a5e7ac0f5904b6ee19a1f65cf70ecaa87fac8e8d4c9a5945edc82aae33ee90
SSDEEP

3072:68U3H8oI78hYdFaWemwLRtC+hlnViFFn3:68HofEFadLbC+hlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-38313.exeUnicorn-25418.exeUnicorn-21011.exeUnicorn-64834.exeUnicorn-46095.exeUnicorn-615.exeUnicorn-53257.exeUnicorn-51181.exeUnicorn-5509.exeUnicorn-18508.exeUnicorn-57671.exeUnicorn-22538.exeUnicorn-40292.exeUnicorn-7619.exeUnicorn-53291.exeUnicorn-53805.exeUnicorn-46722.exeUnicorn-42315.exeUnicorn-11169.exeUnicorn-45186.exeUnicorn-25835.exeUnicorn-25512.exeUnicorn-3489.exeUnicorn-49161.exeUnicorn-3489.exeUnicorn-48352.exeUnicorn-63811.exeUnicorn-43946.exeUnicorn-44138.exeUnicorn-48544.exeUnicorn-40864.exeUnicorn-8383.exeUnicorn-54055.exeUnicorn-54055.exeUnicorn-8575.exeUnicorn-21766.exeUnicorn-22089.exeUnicorn-22089.exeUnicorn-41632.exeUnicorn-53150.exeUnicorn-804.exeUnicorn-20670.exeUnicorn-46990.exeUnicorn-44894.exeUnicorn-44894.exeUnicorn-57893.exeUnicorn-58599.exeUnicorn-23815.exeUnicorn-21546.exeUnicorn-41604.exeUnicorn-57063.exeUnicorn-57063.exeUnicorn-54795.exeUnicorn-24583.exeUnicorn-54987.exeUnicorn-42180.exeUnicorn-37773.exeUnicorn-57639.exeUnicorn-42372.exeUnicorn-41037.exeUnicorn-60903.exeUnicorn-39091.exeUnicorn-24796.exeUnicorn-20389.exe

pid	process
3012	Unicorn-38313.exe
2972	Unicorn-25418.exe
2584	Unicorn-21011.exe
2416	Unicorn-64834.exe
2680	Unicorn-46095.exe
2392	Unicorn-615.exe
1264	Unicorn-53257.exe
1612	Unicorn-51181.exe
472	Unicorn-5509.exe
2308	Unicorn-18508.exe
688	Unicorn-57671.exe
1552	Unicorn-22538.exe
2800	Unicorn-40292.exe
1416	Unicorn-7619.exe
2228	Unicorn-53291.exe
2232	Unicorn-53805.exe
952	Unicorn-46722.exe
1912	Unicorn-42315.exe
2768	Unicorn-11169.exe
888	Unicorn-45186.exe
1864	Unicorn-25835.exe
108	Unicorn-25512.exe
908	Unicorn-3489.exe
1600	Unicorn-49161.exe
2220	Unicorn-3489.exe
2804	Unicorn-48352.exe
1652	Unicorn-63811.exe
1700	Unicorn-43946.exe
1712	Unicorn-44138.exe
2948	Unicorn-48544.exe
2172	Unicorn-40864.exe
2648	Unicorn-8383.exe
2536	Unicorn-54055.exe
2748	Unicorn-54055.exe
2760	Unicorn-8575.exe
2640	Unicorn-21766.exe
2656	Unicorn-22089.exe
2556	Unicorn-22089.exe
2456	Unicorn-41632.exe
1260	Unicorn-53150.exe
1012	Unicorn-804.exe
2188	Unicorn-20670.exe
1484	Unicorn-46990.exe
2004	Unicorn-44894.exe
2032	Unicorn-44894.exe
1996	Unicorn-57893.exe
2692	Unicorn-58599.exe
592	Unicorn-23815.exe
2864	Unicorn-21546.exe
2240	Unicorn-41604.exe
2940	Unicorn-57063.exe
696	Unicorn-57063.exe
1980	Unicorn-54795.exe
1696	Unicorn-24583.exe
780	Unicorn-54987.exe
2168	Unicorn-42180.exe
1288	Unicorn-37773.exe
2980	Unicorn-57639.exe
912	Unicorn-42372.exe
636	Unicorn-41037.exe
2784	Unicorn-60903.exe
2788	Unicorn-39091.exe
1036	Unicorn-24796.exe
2412	Unicorn-20389.exe

Loads dropped DLL 64 IoCs

Processes:

b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exeUnicorn-38313.exeUnicorn-25418.exeUnicorn-21011.exeWerFault.exeUnicorn-46095.exeUnicorn-615.exeWerFault.exeWerFault.exeUnicorn-53257.exeUnicorn-5509.exeUnicorn-51181.exeUnicorn-18508.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-57671.exe

pid	process
2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
3012	Unicorn-38313.exe
3012	Unicorn-38313.exe
2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
2972	Unicorn-25418.exe
2972	Unicorn-25418.exe
3012	Unicorn-38313.exe
3012	Unicorn-38313.exe
2584	Unicorn-21011.exe
2584	Unicorn-21011.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2840	WerFault.exe
2680	Unicorn-46095.exe
2680	Unicorn-46095.exe
2972	Unicorn-25418.exe
2392	Unicorn-615.exe
2972	Unicorn-25418.exe
2584	Unicorn-21011.exe
2392	Unicorn-615.exe
2584	Unicorn-21011.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
764	WerFault.exe
2208	WerFault.exe
2208	WerFault.exe
2208	WerFault.exe
2208	WerFault.exe
2208	WerFault.exe
1264	Unicorn-53257.exe
2680	Unicorn-46095.exe
1264	Unicorn-53257.exe
2680	Unicorn-46095.exe
472	Unicorn-5509.exe
472	Unicorn-5509.exe
1612	Unicorn-51181.exe
1612	Unicorn-51181.exe
2392	Unicorn-615.exe
2392	Unicorn-615.exe
2308	Unicorn-18508.exe
2308	Unicorn-18508.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
1888	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
812	WerFault.exe
812	WerFault.exe
812	WerFault.exe
812	WerFault.exe
2484	WerFault.exe
812	WerFault.exe
688	Unicorn-57671.exe
688	Unicorn-57671.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2388	2924	WerFault.exe	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
2840	3012	WerFault.exe	Unicorn-38313.exe
764	2972	WerFault.exe	Unicorn-25418.exe
2208	2584	WerFault.exe	Unicorn-21011.exe
1888	2680	WerFault.exe	Unicorn-46095.exe
2484	2416	WerFault.exe	Unicorn-64834.exe
812	2392	WerFault.exe	Unicorn-615.exe
1948	1264	WerFault.exe	Unicorn-53257.exe
1436	472	WerFault.exe	Unicorn-5509.exe
884	1612	WerFault.exe	Unicorn-51181.exe
2184	2308	WerFault.exe	Unicorn-18508.exe
1452	688	WerFault.exe	Unicorn-57671.exe
1256	1552	WerFault.exe	Unicorn-22538.exe
2356	2228	WerFault.exe	Unicorn-53291.exe
3056	2232	WerFault.exe	Unicorn-53805.exe
1832	2800	WerFault.exe	Unicorn-40292.exe
2164	952	WerFault.exe	Unicorn-46722.exe
2572	1912	WerFault.exe	Unicorn-42315.exe
2588	2768	WerFault.exe	Unicorn-11169.exe
2424	888	WerFault.exe	Unicorn-45186.exe
2428	1864	WerFault.exe	Unicorn-25835.exe
2204	108	WerFault.exe	Unicorn-25512.exe
2044	2220	WerFault.exe	Unicorn-3489.exe
2276	908	WerFault.exe	Unicorn-3489.exe
240	1600	WerFault.exe	Unicorn-49161.exe
2244	1652	WerFault.exe	Unicorn-63811.exe
1528	2804	WerFault.exe	Unicorn-48352.exe
1576	2948	WerFault.exe	Unicorn-48544.exe
356	1700	WerFault.exe	Unicorn-43946.exe
2248	1712	WerFault.exe	Unicorn-44138.exe
2140	2172	WerFault.exe	Unicorn-40864.exe
944	2748	WerFault.exe	Unicorn-54055.exe
976	2648	WerFault.exe	Unicorn-8383.exe
2884	2536	WerFault.exe	Unicorn-54055.exe
2408	2760	WerFault.exe	Unicorn-8575.exe
1708	2556	WerFault.exe	Unicorn-22089.exe
1112	2640	WerFault.exe	Unicorn-21766.exe
3052	2656	WerFault.exe	Unicorn-22089.exe
1540	2456	WerFault.exe	Unicorn-41632.exe
3380	1260	WerFault.exe	Unicorn-53150.exe
3488	1012	WerFault.exe	Unicorn-804.exe
3608	1484	WerFault.exe	Unicorn-46990.exe
3640	2004	WerFault.exe	Unicorn-44894.exe
3696	2188	WerFault.exe	Unicorn-20670.exe
3704	1996	WerFault.exe	Unicorn-57893.exe
3812	2692	WerFault.exe	Unicorn-58599.exe
4032	2032	WerFault.exe	Unicorn-44894.exe
4040	696	WerFault.exe	Unicorn-57063.exe
3136	592	WerFault.exe	Unicorn-23815.exe
3176	2940	WerFault.exe	Unicorn-57063.exe
3184	1696	WerFault.exe	Unicorn-24583.exe
3188	1288	WerFault.exe	Unicorn-37773.exe
3240	2980	WerFault.exe	Unicorn-57639.exe
3292	780	WerFault.exe	Unicorn-54987.exe
3296	2864	WerFault.exe	Unicorn-21546.exe
3320	636	WerFault.exe	Unicorn-41037.exe
3324	2168	WerFault.exe	Unicorn-42180.exe
3388	1980	WerFault.exe	Unicorn-54795.exe
3456	2784	WerFault.exe	Unicorn-60903.exe
3756	2240	WerFault.exe	Unicorn-41604.exe
4260	2412	WerFault.exe	Unicorn-20389.exe
4272	912	WerFault.exe	Unicorn-42372.exe
4944	2788	WerFault.exe	Unicorn-39091.exe
5112	1496	WerFault.exe	Unicorn-48994.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exeUnicorn-38313.exeUnicorn-25418.exeUnicorn-21011.exeUnicorn-46095.exeUnicorn-64834.exeUnicorn-615.exeUnicorn-53257.exeUnicorn-51181.exeUnicorn-5509.exeUnicorn-18508.exeUnicorn-57671.exeUnicorn-22538.exeUnicorn-40292.exeUnicorn-7619.exeUnicorn-53291.exeUnicorn-53805.exeUnicorn-46722.exeUnicorn-42315.exeUnicorn-11169.exeUnicorn-45186.exeUnicorn-25835.exeUnicorn-25512.exeUnicorn-3489.exeUnicorn-49161.exeUnicorn-3489.exeUnicorn-63811.exeUnicorn-48352.exeUnicorn-43946.exeUnicorn-44138.exeUnicorn-48544.exeUnicorn-40864.exeUnicorn-54055.exeUnicorn-8383.exeUnicorn-54055.exeUnicorn-8575.exeUnicorn-22089.exeUnicorn-21766.exeUnicorn-22089.exeUnicorn-41632.exeUnicorn-53150.exeUnicorn-804.exeUnicorn-20670.exeUnicorn-46990.exeUnicorn-44894.exeUnicorn-57893.exeUnicorn-44894.exeUnicorn-58599.exeUnicorn-23815.exeUnicorn-21546.exeUnicorn-41604.exeUnicorn-57063.exeUnicorn-24583.exeUnicorn-57063.exeUnicorn-54795.exeUnicorn-54987.exeUnicorn-42180.exeUnicorn-37773.exeUnicorn-57639.exeUnicorn-42372.exeUnicorn-41037.exeUnicorn-60903.exeUnicorn-39091.exeUnicorn-24796.exe

pid	process
2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
3012	Unicorn-38313.exe
2972	Unicorn-25418.exe
2584	Unicorn-21011.exe
2680	Unicorn-46095.exe
2416	Unicorn-64834.exe
2392	Unicorn-615.exe
1264	Unicorn-53257.exe
1612	Unicorn-51181.exe
472	Unicorn-5509.exe
2308	Unicorn-18508.exe
688	Unicorn-57671.exe
1552	Unicorn-22538.exe
2800	Unicorn-40292.exe
1416	Unicorn-7619.exe
2228	Unicorn-53291.exe
2232	Unicorn-53805.exe
952	Unicorn-46722.exe
1912	Unicorn-42315.exe
2768	Unicorn-11169.exe
888	Unicorn-45186.exe
1864	Unicorn-25835.exe
108	Unicorn-25512.exe
2220	Unicorn-3489.exe
1600	Unicorn-49161.exe
908	Unicorn-3489.exe
1652	Unicorn-63811.exe
2804	Unicorn-48352.exe
1700	Unicorn-43946.exe
1712	Unicorn-44138.exe
2948	Unicorn-48544.exe
2172	Unicorn-40864.exe
2748	Unicorn-54055.exe
2648	Unicorn-8383.exe
2536	Unicorn-54055.exe
2760	Unicorn-8575.exe
2656	Unicorn-22089.exe
2640	Unicorn-21766.exe
2556	Unicorn-22089.exe
2456	Unicorn-41632.exe
1260	Unicorn-53150.exe
1012	Unicorn-804.exe
2188	Unicorn-20670.exe
1484	Unicorn-46990.exe
2004	Unicorn-44894.exe
1996	Unicorn-57893.exe
2032	Unicorn-44894.exe
2692	Unicorn-58599.exe
592	Unicorn-23815.exe
2864	Unicorn-21546.exe
2240	Unicorn-41604.exe
696	Unicorn-57063.exe
1696	Unicorn-24583.exe
2940	Unicorn-57063.exe
1980	Unicorn-54795.exe
780	Unicorn-54987.exe
2168	Unicorn-42180.exe
1288	Unicorn-37773.exe
2980	Unicorn-57639.exe
912	Unicorn-42372.exe
636	Unicorn-41037.exe
2784	Unicorn-60903.exe
2788	Unicorn-39091.exe
1036	Unicorn-24796.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exeUnicorn-38313.exeUnicorn-25418.exeUnicorn-21011.exeUnicorn-46095.exeUnicorn-615.exeUnicorn-53257.exe

description	pid	process	target process
PID 2924 wrote to memory of 3012	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-38313.exe
PID 2924 wrote to memory of 3012	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-38313.exe
PID 2924 wrote to memory of 3012	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-38313.exe
PID 2924 wrote to memory of 3012	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-38313.exe
PID 3012 wrote to memory of 2972	3012	Unicorn-38313.exe	Unicorn-25418.exe
PID 3012 wrote to memory of 2972	3012	Unicorn-38313.exe	Unicorn-25418.exe
PID 3012 wrote to memory of 2972	3012	Unicorn-38313.exe	Unicorn-25418.exe
PID 3012 wrote to memory of 2972	3012	Unicorn-38313.exe	Unicorn-25418.exe
PID 2924 wrote to memory of 2584	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-21011.exe
PID 2924 wrote to memory of 2584	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-21011.exe
PID 2924 wrote to memory of 2584	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-21011.exe
PID 2924 wrote to memory of 2584	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	Unicorn-21011.exe
PID 2924 wrote to memory of 2388	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	WerFault.exe
PID 2924 wrote to memory of 2388	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	WerFault.exe
PID 2924 wrote to memory of 2388	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	WerFault.exe
PID 2924 wrote to memory of 2388	2924	b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe	WerFault.exe
PID 2972 wrote to memory of 2416	2972	Unicorn-25418.exe	Unicorn-64834.exe
PID 2972 wrote to memory of 2416	2972	Unicorn-25418.exe	Unicorn-64834.exe
PID 2972 wrote to memory of 2416	2972	Unicorn-25418.exe	Unicorn-64834.exe
PID 2972 wrote to memory of 2416	2972	Unicorn-25418.exe	Unicorn-64834.exe
PID 3012 wrote to memory of 2680	3012	Unicorn-38313.exe	Unicorn-46095.exe
PID 3012 wrote to memory of 2680	3012	Unicorn-38313.exe	Unicorn-46095.exe
PID 3012 wrote to memory of 2680	3012	Unicorn-38313.exe	Unicorn-46095.exe
PID 3012 wrote to memory of 2680	3012	Unicorn-38313.exe	Unicorn-46095.exe
PID 2584 wrote to memory of 2392	2584	Unicorn-21011.exe	Unicorn-615.exe
PID 2584 wrote to memory of 2392	2584	Unicorn-21011.exe	Unicorn-615.exe
PID 2584 wrote to memory of 2392	2584	Unicorn-21011.exe	Unicorn-615.exe
PID 2584 wrote to memory of 2392	2584	Unicorn-21011.exe	Unicorn-615.exe
PID 3012 wrote to memory of 2840	3012	Unicorn-38313.exe	WerFault.exe
PID 3012 wrote to memory of 2840	3012	Unicorn-38313.exe	WerFault.exe
PID 3012 wrote to memory of 2840	3012	Unicorn-38313.exe	WerFault.exe
PID 3012 wrote to memory of 2840	3012	Unicorn-38313.exe	WerFault.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46095.exe	Unicorn-53257.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46095.exe	Unicorn-53257.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46095.exe	Unicorn-53257.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46095.exe	Unicorn-53257.exe
PID 2972 wrote to memory of 1612	2972	Unicorn-25418.exe	Unicorn-51181.exe
PID 2972 wrote to memory of 1612	2972	Unicorn-25418.exe	Unicorn-51181.exe
PID 2972 wrote to memory of 1612	2972	Unicorn-25418.exe	Unicorn-51181.exe
PID 2972 wrote to memory of 1612	2972	Unicorn-25418.exe	Unicorn-51181.exe
PID 2392 wrote to memory of 472	2392	Unicorn-615.exe	Unicorn-5509.exe
PID 2392 wrote to memory of 472	2392	Unicorn-615.exe	Unicorn-5509.exe
PID 2392 wrote to memory of 472	2392	Unicorn-615.exe	Unicorn-5509.exe
PID 2392 wrote to memory of 472	2392	Unicorn-615.exe	Unicorn-5509.exe
PID 2584 wrote to memory of 2308	2584	Unicorn-21011.exe	Unicorn-18508.exe
PID 2584 wrote to memory of 2308	2584	Unicorn-21011.exe	Unicorn-18508.exe
PID 2584 wrote to memory of 2308	2584	Unicorn-21011.exe	Unicorn-18508.exe
PID 2584 wrote to memory of 2308	2584	Unicorn-21011.exe	Unicorn-18508.exe
PID 2972 wrote to memory of 764	2972	Unicorn-25418.exe	WerFault.exe
PID 2972 wrote to memory of 764	2972	Unicorn-25418.exe	WerFault.exe
PID 2972 wrote to memory of 764	2972	Unicorn-25418.exe	WerFault.exe
PID 2972 wrote to memory of 764	2972	Unicorn-25418.exe	WerFault.exe
PID 2584 wrote to memory of 2208	2584	Unicorn-21011.exe	WerFault.exe
PID 2584 wrote to memory of 2208	2584	Unicorn-21011.exe	WerFault.exe
PID 2584 wrote to memory of 2208	2584	Unicorn-21011.exe	WerFault.exe
PID 2584 wrote to memory of 2208	2584	Unicorn-21011.exe	WerFault.exe
PID 1264 wrote to memory of 688	1264	Unicorn-53257.exe	Unicorn-57671.exe
PID 1264 wrote to memory of 688	1264	Unicorn-53257.exe	Unicorn-57671.exe
PID 1264 wrote to memory of 688	1264	Unicorn-53257.exe	Unicorn-57671.exe
PID 1264 wrote to memory of 688	1264	Unicorn-53257.exe	Unicorn-57671.exe
PID 2680 wrote to memory of 1552	2680	Unicorn-46095.exe	Unicorn-22538.exe
PID 2680 wrote to memory of 1552	2680	Unicorn-46095.exe	Unicorn-22538.exe
PID 2680 wrote to memory of 1552	2680	Unicorn-46095.exe	Unicorn-22538.exe
PID 2680 wrote to memory of 1552	2680	Unicorn-46095.exe	Unicorn-22538.exe

C:\Users\Admin\AppData\Local\Temp\b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe
"C:\Users\Admin\AppData\Local\Temp\b4acc78aa32b81974adc263b22f27366c8ce6583bafea3be82d9c89e41ba8813.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25835.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8383.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
9⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
11⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27848.exe
12⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
13⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59416.exe
14⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 216
14⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
13⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
12⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
11⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
9⤵
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
9⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1329.exe
8⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59983.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44455.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
12⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46582.exe
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 220
13⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 220
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 220
11⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 220
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56460.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
10⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
12⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
10⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31574.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62753.exe
12⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16490.exe
13⤵
PID:12488

C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
14⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
13⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 220
12⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23122.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23266.exe
10⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54497.exe
11⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
12⤵
PID:2468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 220
11⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
8⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
7⤵
- Program crash
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57063.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15938.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
10⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
11⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
12⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55021.exe
13⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
13⤵
PID:13432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
12⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62039.exe
10⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51102.exe
11⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26626.exe
12⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
12⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
11⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 220
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63388.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
10⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24581.exe
11⤵
PID:9284

C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27648.exe
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9284 -s 204
12⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 220
11⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
8⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1384.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
9⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47007.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
10⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54772.exe
11⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 220
11⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
10⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
8⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
7⤵
- Program crash
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24583.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51577.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55404.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
11⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28779.exe
12⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
12⤵
PID:13984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 220
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
8⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
7⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54987.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
7⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20057.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2591.exe
9⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
10⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
11⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 220
11⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
10⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
9⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
8⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
7⤵
- Program crash
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
6⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
5⤵
- Program crash
PID:884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48352.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20670.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45730.exe
9⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53896.exe
10⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
11⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7444.exe
12⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
13⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 220
13⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
11⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
10⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
9⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26056.exe
8⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
9⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7887.exe
10⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42877.exe
11⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29931.exe
12⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
13⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 220
13⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
12⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18198.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7035.exe
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
11⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
12⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
11⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
9⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
8⤵
- Program crash
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47292.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
9⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46180.exe
10⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46096.exe
11⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
12⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17398.exe
13⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
12⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
11⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46863.exe
11⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24795.exe
12⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
12⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-45738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45738.exe
8⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26445.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52702.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13614.exe
11⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
9⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
8⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
7⤵
- Program crash
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43946.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48034.exe
8⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52640.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35760.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41460.exe
11⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9053.exe
12⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51970.exe
13⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
13⤵
PID:13708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
12⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64410.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64793.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41816.exe
12⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 220
11⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
10⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13423.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
11⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
12⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
8⤵
- Program crash
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28360.exe
7⤵
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-616.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52537.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47864.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29812.exe
11⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
12⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-41244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41244.exe
8⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31419.exe
9⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55694.exe
10⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 212
11⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
10⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
9⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
8⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
7⤵
- Program crash
PID:356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
6⤵
- Program crash
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42315.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63811.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53150.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52858.exe
9⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38209.exe
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
11⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
12⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10103.exe
13⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
13⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
12⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
11⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48763.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3248.exe
11⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19419.exe
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 236
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-320.exe
8⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35634.exe
10⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
11⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4301.exe
12⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
12⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 236
11⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
9⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20389.exe
7⤵
- Executes dropped EXE
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-834.exe
8⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3040.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
11⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37784.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
12⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 216
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35582.exe
8⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
8⤵
- Program crash
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
7⤵
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30437.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
8⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49408.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
12⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
12⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
10⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20647.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56035.exe
10⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64452.exe
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
11⤵
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12489.exe
7⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47306.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8738.exe
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
10⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
8⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
7⤵
- Program crash
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
6⤵
- Program crash
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
5⤵
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11169.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-48544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48544.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12673.exe
8⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
9⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7311.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17859.exe
11⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
12⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55211.exe
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 220
13⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1151.exe
9⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 220
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
9⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28941.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32147.exe
10⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 220
12⤵
PID:13764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
9⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
8⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4098.exe
8⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55059.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61480.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
11⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
12⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
10⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 236
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20310.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
10⤵
PID:9380

C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
11⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9380 -s 220
11⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 220
8⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
7⤵
- Program crash
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-57893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57893.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15003.exe
7⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54752.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-168.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
11⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34150.exe
12⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 220
12⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
11⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64143.exe
9⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
10⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
11⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
11⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 220
10⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
9⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
7⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47267.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
10⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
11⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
8⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
7⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
6⤵
- Program crash
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44138.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13441.exe
7⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2152.exe
8⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63725.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62686.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
11⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62916.exe
12⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
12⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
11⤵
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32697.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
10⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
11⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
9⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
8⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2022.exe
7⤵
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 220
8⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
7⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59305.exe
6⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35401.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63533.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19786.exe
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 220
10⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
9⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9993.exe
8⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26054.exe
9⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45467.exe
10⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
10⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
9⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
8⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
7⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
6⤵
- Program crash
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
5⤵
- Program crash
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38984.exe
9⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
10⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
11⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
12⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
13⤵
PID:9228

C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
14⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9228 -s 216
14⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 236
13⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
12⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30838.exe
11⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44315.exe
12⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-51798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51798.exe
13⤵
PID:12048

C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4947.exe
14⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
13⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
12⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 220
11⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 216
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24471.exe
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
11⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
12⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25166.exe
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
13⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
10⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
9⤵
- Program crash
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51983.exe
8⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18169.exe
11⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23085.exe
12⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
13⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 216
13⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 236
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 236
9⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
8⤵
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
8⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8676.exe
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
11⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34371.exe
12⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
13⤵
PID:12968

C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
14⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 220
13⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 220
11⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61668.exe
10⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63037.exe
11⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16027.exe
12⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
12⤵
PID:14140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 220
11⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 220
10⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
10⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
11⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54798.exe
12⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
12⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
10⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 220
8⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
7⤵
- Program crash
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21766.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57639.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54251.exe
8⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11467.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57719.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17049.exe
11⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34160.exe
12⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12551.exe
13⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 216
13⤵
PID:13900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
12⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
9⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
8⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19118.exe
7⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27503.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53292.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
11⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35930.exe
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
12⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
8⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 220
7⤵
- Program crash
PID:1112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
6⤵
- Program crash
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
5⤵
- Program crash
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53291.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45186.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23815.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5775.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35489.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39180.exe
11⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7802.exe
12⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
12⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 236
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
8⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
8⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21090.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6523.exe
10⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42654.exe
11⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
12⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
11⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
10⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
9⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15697.exe
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
9⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24440.exe
10⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24985.exe
11⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 220
11⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
10⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
9⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
8⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45702.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29372.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
10⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
11⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21066.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
12⤵
PID:14280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 220
11⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 220
10⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43330.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17190.exe
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 212
10⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
8⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
7⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61852.exe
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59031.exe
9⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
10⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25589.exe
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
11⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
10⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
8⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
7⤵
- Program crash
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
6⤵
- Program crash
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54055.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41604.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48994.exe
7⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26735.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
10⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
11⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
12⤵
PID:14132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 236
12⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
8⤵
- Program crash
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24658.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10.exe
8⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 300
9⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
8⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
7⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27374.exe
6⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45510.exe
7⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61686.exe
8⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33993.exe
9⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-61908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61908.exe
10⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4931.exe
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 220
11⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
10⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
9⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
8⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7228.exe
7⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43064.exe
8⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2209.exe
9⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
10⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 204
10⤵
PID:14216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
9⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
8⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
7⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
6⤵
- Program crash
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
5⤵
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3489.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22089.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39752.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16482.exe
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65459.exe
11⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 220
12⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
11⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10897.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20770.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
11⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 220
12⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
11⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
8⤵
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44639.exe
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3816.exe
10⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17093.exe
11⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
12⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
10⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 216
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
8⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
7⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57871.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56951.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61581.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18872.exe
11⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43163.exe
12⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
11⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
9⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
8⤵
PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37773.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16706.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56309.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9444.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
11⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
12⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 216
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 220
11⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 220
10⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14187.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28711.exe
10⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62359.exe
11⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
11⤵
PID:13668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23314.exe
7⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
8⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12847.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3557.exe
10⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
11⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 236
10⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 220
7⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
6⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
5⤵
- Program crash
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41632.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-60903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60903.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20017.exe
7⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16947.exe
11⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24974.exe
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
12⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9436.exe
9⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34690.exe
10⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
11⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
11⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
10⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
9⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
8⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36443.exe
7⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18594.exe
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
9⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12596.exe
10⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8739.exe
11⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
11⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
10⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
9⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
8⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
6⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19289.exe
8⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33953.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36038.exe
10⤵
PID:8296

C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
11⤵
PID:12704

C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60235.exe
12⤵
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8296 -s 216
11⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
9⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
8⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32671.exe
7⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35866.exe
8⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4679.exe
9⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
10⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
10⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
9⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
8⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
7⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
6⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
6⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57679.exe
7⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54146.exe
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13653.exe
9⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18814.exe
10⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28904.exe
11⤵
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
11⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
10⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
9⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
8⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe
7⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46862.exe
8⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2328.exe
9⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25868.exe
10⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
10⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
9⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
8⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
7⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55603.exe
6⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
7⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62440.exe
8⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13251.exe
9⤵
PID:9296

C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6256.exe
10⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 220
10⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
9⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
8⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
7⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
6⤵
- Program crash
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
5⤵
- Program crash
PID:240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
4⤵
- Program crash
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
2⤵
- Program crash
PID:2388

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-39827.exe

Filesize
184KB

MD5
eefb6881f48367b1fb922b0cdeb8cf1b

SHA1
12cda5b263c8743a43f7cf32caa69fa657a47a97

SHA256
d0acbe6be038ba44fdd5e3aadd31566da66f7937bf78082eb510a84f044e883c

SHA512
100ab6e7fc0bec40e4ab92e7a9e639e5d91674165c5000ef0fe2f8154f2b7e662cc5fb487d4b8439cde3a0c525ae5bdbd536086c5499fec12e5d4da9dc656dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41037.exe

Filesize
184KB

MD5
de84155e46e6ca9db6af929b53b6e78a

SHA1
000416aa17909875b316498f5fb6d15ad068776c

SHA256
578e57f63a7276b6e6c809e77688e05691ab23d5cf0213528d2a07bd602442ad

SHA512
a200027636f31878af21bfda4ae75e31b20b40adb5710a0772dcdfa68a328a39abd24e95d18fa65af503d3860f3aaae4184cdb4f49ac8169d387e70aea8fd294

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe

Filesize
184KB

MD5
295075e96e653004ff653882a0d456cd

SHA1
814b525c3306c7ccf3450ebe2057918900cbb0e2

SHA256
12f5852610fdd1f8934ecc87a8b6da2b09578a8a08cb401ba7397b90c818071c

SHA512
992ed143d2ed3ad7e21bc4c82a8b2e56e1e3e4a70d79eca9449eafc1c1957fdb3273a87560fafde1856a54bd59613fb387f021ec253c969ba761c8806336164a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45874.exe

Filesize
184KB

MD5
be2e2d3d0a88e29aaddf6950e9d43e07

SHA1
f13debff2c3b0d3008328e134bef986c1127be62

SHA256
8480b5434fc2ba8aecd087778b2be0f630b6095e48ba53cd6bacea19ec2f5a47

SHA512
79b1f2acd9212a8df92886ed7efaf3656a7139d18ce57367eddc964cfbed4de533820c2acd16d97e76205e2cbfded85f42750e8eb1dcc13f85522183051a75bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-615.exe

Filesize
184KB

MD5
391927b63853f8a691c88b19d197331b

SHA1
1a0d463f02d62d0674d13e8595673a9cdcdd461a

SHA256
d174f8aec68a77aef31843e4ce21954c89183f5f9dd04c2ff60e4931cdf77e30

SHA512
44d9aaaa40cab2f97ebc89c92b9e12635d185549f05dfe54d253de02787fabdb49ee4d9cf5df65d5964edbd3eb964c15e048c45a1a4698b95242d9fd28d4d13c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18508.exe

Filesize
184KB

MD5
8c370aec3f8909b917252764bf4332f9

SHA1
989161d9a2a65a39d7af5bb67378d72f483dcc6a

SHA256
bb44c17010a98c573587409471309dd0cd5d88a344897b7d825d273e5d0ccf2c

SHA512
a0f01da126a75a1c1f48a156aaa28bdc6180adf17ab457308c5cee8c8a3d1371c01bac28898309f78f7fcc5297f6b5822d90b13dbd11e6a9e411217084ec3317

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21011.exe

Filesize
184KB

MD5
b37b8cfa7ad7dfa68a87c2e86c8f40f7

SHA1
3ae48c3a0e8c68b8d90e5dcc28bcc45caf5d94b8

SHA256
0343aea5efb790239a88033614ad6bc6882f328ce85c26d6639de0d378f91f43

SHA512
64487780aacd3a60d8c290b922de492ad28bf1379c9eded79a2a7a8f4064bf9aba4f0a75be7a7f85503dd724082cf3a51841b7b73a5fcbd4615cf318b2645488

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22538.exe

Filesize
184KB

MD5
5f789927172a3cf1ece9236f0040a8ac

SHA1
5119571b15299410c3dd1056581b158b6a1ed797

SHA256
735703cec4d224a083ec71240db86392d7a3d6378325e1235497c6875522c576

SHA512
0dfb32403fc084a1d6b0e38f789dceea922d597f24ecf83e34947bfe2bd8608f8ba778c3f58405fe575ceeb08a4e38f26bae7e546dbd9035d5fd1760f469ef6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe

Filesize
184KB

MD5
0176caa53a802d964106bc7501216b41

SHA1
9bd06e5ed054ea835b728a99f10737a1ae1e0d99

SHA256
c69b6c0fa722a0769f9d7d5c65d1753aacf36d3ac673724439559fb8d90b4872

SHA512
4aaa695034b9b8891d1421bf9eafbbb1a9c5fba6fb01ee20dd5c0129e8cc426534995d5f715289204a75c9fb789860d703a05c1aae2cdd2f9fb050e0c5f5356a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe

Filesize
184KB

MD5
89d2097ed28390b070b942578dcaf977

SHA1
3aa2b024537721e39df2ad4d41f6808a65a98572

SHA256
7cf81561d10514bd228a982682fc63ecc082465fcb9e5060a48235fc6797c06a

SHA512
2803f25ee6ad1578e2ed5d50cee89235e9047ac0bb2296921dfb245542593163170fd1a0aa0fdc875f380d51845474ab38510441d1c8e8c4c57fe30679c1e02a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40292.exe

Filesize
184KB

MD5
3b2bc50ef94fcf98d49ffe84d3f3c20f

SHA1
80b1354d5e90d73b913336aa4db1d8769223b9c6

SHA256
4b6892fc05258ae04377dd617ca58ac628a136329b8dd8e4b72f41f3b26d3bcd

SHA512
e91b34126854f15456652f8447fc12f8681807b9f7a9ac0f5a48802dbcb2787dc5edc4b1b1d1d31edfb310de7c1e015a93b6a03c4d49a3904d8ce381ab7a2181

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46095.exe

Filesize
184KB

MD5
ccd4fa37f8c3ee9430c4a8aee230f085

SHA1
825f2717b6cb38fef57029a2716f0a84ba3b343d

SHA256
77bc3e0672c5df31e023cb68bf0b38fde7862cedc0bc07c0c4503636b661e46d

SHA512
64b5ab7bf7599e61efb7a2b0781974e560f7ac3061c827d668ae67d0a701e70f67f8eb751b1b94424a78fb486ac19092903caddf823c45b58911b63e5714bbf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe

Filesize
184KB

MD5
285dac5f696bd5e66a58c872648721a5

SHA1
fb17047997a3f847d210a25d4cde2dd82045b330

SHA256
5be3486c8e0921543959fda94748bff56e03c6e5fd9bfebb61d29001ea043afb

SHA512
0c87966ead662b779e0730261796c95a8d5b6240b449426dbeb4f5a765a93295803b27077b8fd0f9569eccdfb8a144d2fecde69230b47ed1da8e48e2e7785bc0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe

Filesize
184KB

MD5
2d962345fd752373013335c5a432c7a7

SHA1
bbdf6b12a3647487ec902a8220b5ae84a618ff81

SHA256
c88fd4b58aaf2c1d44c5a5d8134bcfc8f7f2d18d3ef5174c293a2c0b7d05a18c

SHA512
23c6b13112196c6baaf4ca66280e0ba9d127ada789f71f9a80bb231be8701ba220f83a10a80e49f83bb9ed4c8478b1f2f774b0bba08756bf943669349dc4ad79

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe

Filesize
184KB

MD5
86e427ccb4c0f310ea7864c0404ede1a

SHA1
f192fadf6fb1fc27f489430dbd8d63f868bed374

SHA256
cf70d71e09fc5f2da3e1d036483b2b8ea29f1bbda536cd3a49ab35516ff68d5d

SHA512
cbc8fc3a018c5644b7fda82a651a7faadb115203c0049a0d5d095ed9f03993d642675c414bde94e5f8ff528f5b5ffe3e6226b08212d48ab65c423caee32cc62e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57671.exe

Filesize
184KB

MD5
9b9fae590486f0e4fab160c1f10e1af3

SHA1
2c910781bfdd45d142fe50f3f73e9dc42a05acb1

SHA256
e5269a96ba6a637435a53121c9be479b1e4c4f80edd0b802c2e2f28ca2db5a8f

SHA512
63d6243664455be74624676b6d8278ea8187c46898427ed1b8ebddf9149ca231c397f48182c4b4335a4d9e48f242e4c21c110a532c2d29f7de2097432bb643bf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64834.exe

Filesize
184KB

MD5
e7fd6eb8828cef8823257dcb92b48d16

SHA1
43ed8dbf2ffdc47ea88e0572946c6df147c2ba90

SHA256
a2e7396992934f0dda4a806d64a2e472c3366a34ff5162b5e85996088805b24d

SHA512
36a61e43587abf5a2a3b62608a82e40c4432959fe30774f53756c22ce4ec4afd96ea448209086cc6dacd10f10fc8dba36782ccaac5aae50d1512a43382c9cb30

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7619.exe

Filesize
184KB

MD5
bcb162f7adf99ea24ac1f4bd079a6bb0

SHA1
de7a7d2978f7ccb19fba39a3b4c45f9ac9b2bf70

SHA256
c0dcb3b46138f2e24f2c71060eb3e171361b3c8b5c462477b6a8dea748d218dc

SHA512
21c07226160adc9662eb1d03d64e4479255f206e80092ff7d264659a19f415c8a876c2947822af4843746a09c133b10094d8d2267bc0619b2a1b093e12df1c05

Download Submit