54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 21:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
Size

184KB
MD5

789280739d38c655f32b0157f8121ab5
SHA1

cabd4def92686c3383ae7e25feecfb9353f21419
SHA256

54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817
SHA512

0908f768c5adf5cd2df54f81dd3cb26436d8f90b2a2d0b52fe0a1c54f34d77e196b6702b5da9cd1dab97afe8dfb2c5b85080b9662866f000b8996fb34c690231
SSDEEP

1536:nBZl6jZ/tI8o5g1k4hOlLwMFM9yvZc8xmddjA8R2iQrtbhl5hj5nizpv+:BqVtI8oW64hodFaWeDA8RCBbhlnViFG

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-38037.exeUnicorn-1171.exeUnicorn-50927.exeUnicorn-35742.exeUnicorn-20798.exeUnicorn-50216.exeUnicorn-53553.exeUnicorn-2961.exeUnicorn-57637.exeUnicorn-32339.exeUnicorn-15811.exeUnicorn-48161.exeUnicorn-12795.exeUnicorn-27740.exeUnicorn-47606.exeUnicorn-10418.exeUnicorn-30284.exeUnicorn-52842.exeUnicorn-9012.exeUnicorn-63688.exeUnicorn-12541.exeUnicorn-27486.exeUnicorn-16626.exeUnicorn-15234.exeUnicorn-35100.exeUnicorn-63195.exeUnicorn-63195.exeUnicorn-31077.exeUnicorn-35183.exeUnicorn-4456.exeUnicorn-19401.exeUnicorn-27015.exeUnicorn-41959.exeUnicorn-45297.exeUnicorn-29515.exeUnicorn-6402.exeUnicorn-59687.exeUnicorn-28961.exeUnicorn-28961.exeUnicorn-43906.exeUnicorn-13179.exeUnicorn-48587.exeUnicorn-16469.exeUnicorn-36335.exeUnicorn-55364.exeUnicorn-14653.exeUnicorn-49464.exeUnicorn-37212.exeUnicorn-21430.exeUnicorn-11446.exeUnicorn-13070.exeUnicorn-20684.exeUnicorn-59578.exeUnicorn-47326.exeUnicorn-47326.exeUnicorn-31544.exeUnicorn-50019.exeUnicorn-39158.exeUnicorn-8431.exeUnicorn-62292.exeUnicorn-31566.exeUnicorn-46511.exeUnicorn-839.exeUnicorn-15784.exe

pid	process
2196	Unicorn-38037.exe
2124	Unicorn-1171.exe
2288	Unicorn-50927.exe
2864	Unicorn-35742.exe
2796	Unicorn-20798.exe
1584	Unicorn-50216.exe
2624	Unicorn-53553.exe
3068	Unicorn-2961.exe
2564	Unicorn-57637.exe
2856	Unicorn-32339.exe
808	Unicorn-15811.exe
2900	Unicorn-48161.exe
2904	Unicorn-12795.exe
1252	Unicorn-27740.exe
1120	Unicorn-47606.exe
1076	Unicorn-10418.exe
1112	Unicorn-30284.exe
2852	Unicorn-52842.exe
708	Unicorn-9012.exe
2484	Unicorn-63688.exe
760	Unicorn-12541.exe
1956	Unicorn-27486.exe
1864	Unicorn-16626.exe
1288	Unicorn-15234.exe
1304	Unicorn-35100.exe
996	Unicorn-63195.exe
2028	Unicorn-63195.exe
1508	Unicorn-31077.exe
1604	Unicorn-35183.exe
2392	Unicorn-4456.exe
2584	Unicorn-19401.exe
348	Unicorn-27015.exe
2152	Unicorn-41959.exe
2596	Unicorn-45297.exe
1916	Unicorn-29515.exe
2712	Unicorn-6402.exe
2244	Unicorn-59687.exe
2400	Unicorn-28961.exe
2592	Unicorn-28961.exe
2640	Unicorn-43906.exe
2524	Unicorn-13179.exe
2388	Unicorn-48587.exe
1520	Unicorn-16469.exe
2736	Unicorn-36335.exe
2768	Unicorn-55364.exe
2116	Unicorn-14653.exe
2728	Unicorn-49464.exe
2364	Unicorn-37212.exe
328	Unicorn-21430.exe
1852	Unicorn-11446.exe
1776	Unicorn-13070.exe
2960	Unicorn-20684.exe
1332	Unicorn-59578.exe
1364	Unicorn-47326.exe
1940	Unicorn-47326.exe
1476	Unicorn-31544.exe
916	Unicorn-50019.exe
1256	Unicorn-39158.exe
2504	Unicorn-8431.exe
2176	Unicorn-62292.exe
1708	Unicorn-31566.exe
2192	Unicorn-46511.exe
2416	Unicorn-839.exe
1924	Unicorn-15784.exe

Loads dropped DLL 64 IoCs

Processes:

54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exeUnicorn-38037.exeUnicorn-1171.exeWerFault.exeUnicorn-50927.exeUnicorn-20798.exeUnicorn-35742.exeWerFault.exeWerFault.exeUnicorn-50216.exeUnicorn-53553.exeUnicorn-57637.exeUnicorn-2961.exeWerFault.exeWerFault.exeUnicorn-32339.exeUnicorn-15811.exeUnicorn-48161.exe

pid	process
2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
2196	Unicorn-38037.exe
2196	Unicorn-38037.exe
2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
2196	Unicorn-38037.exe
2124	Unicorn-1171.exe
2196	Unicorn-38037.exe
2124	Unicorn-1171.exe
3064	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe
2288	Unicorn-50927.exe
2288	Unicorn-50927.exe
2796	Unicorn-20798.exe
2124	Unicorn-1171.exe
2796	Unicorn-20798.exe
2124	Unicorn-1171.exe
2864	Unicorn-35742.exe
2864	Unicorn-35742.exe
1860	WerFault.exe
1860	WerFault.exe
1860	WerFault.exe
1620	WerFault.exe
1860	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1620	WerFault.exe
1860	WerFault.exe
1620	WerFault.exe
1584	Unicorn-50216.exe
1584	Unicorn-50216.exe
2624	Unicorn-53553.exe
2624	Unicorn-53553.exe
2796	Unicorn-20798.exe
2796	Unicorn-20798.exe
2564	Unicorn-57637.exe
2564	Unicorn-57637.exe
2864	Unicorn-35742.exe
2864	Unicorn-35742.exe
3068	Unicorn-2961.exe
3068	Unicorn-2961.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
540	WerFault.exe
1584	Unicorn-50216.exe
1584	Unicorn-50216.exe
2856	Unicorn-32339.exe
540	WerFault.exe
2856	Unicorn-32339.exe
808	Unicorn-15811.exe
808	Unicorn-15811.exe
2624	Unicorn-53553.exe
2624	Unicorn-53553.exe
2900	Unicorn-48161.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2452	2040	WerFault.exe	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
3064	2196	WerFault.exe	Unicorn-38037.exe
1620	2288	WerFault.exe	Unicorn-50927.exe
1860	2124	WerFault.exe	Unicorn-1171.exe
596	2796	WerFault.exe	Unicorn-20798.exe
540	2864	WerFault.exe	Unicorn-35742.exe
2320	1584	WerFault.exe	Unicorn-50216.exe
3052	2624	WerFault.exe	Unicorn-53553.exe
2132	2564	WerFault.exe	Unicorn-57637.exe
1580	3068	WerFault.exe	Unicorn-2961.exe
2372	2856	WerFault.exe	Unicorn-32339.exe
1624	808	WerFault.exe	Unicorn-15811.exe
1108	2900	WerFault.exe	Unicorn-48161.exe
1396	2904	WerFault.exe	Unicorn-12795.exe
1320	1120	WerFault.exe	Unicorn-47606.exe
3012	1252	WerFault.exe	Unicorn-27740.exe
2576	1076	WerFault.exe	Unicorn-10418.exe
2552	1112	WerFault.exe	Unicorn-30284.exe
2204	2852	WerFault.exe	Unicorn-52842.exe
2784	708	WerFault.exe	Unicorn-9012.exe
2476	2484	WerFault.exe	Unicorn-63688.exe
2996	760	WerFault.exe	Unicorn-12541.exe
1484	1956	WerFault.exe	Unicorn-27486.exe
1696	1288	WerFault.exe	Unicorn-15234.exe
1480	1864	WerFault.exe	Unicorn-16626.exe
908	1304	WerFault.exe	Unicorn-35100.exe
1004	2028	WerFault.exe	Unicorn-63195.exe
2872	996	WerFault.exe	Unicorn-63195.exe
2200	2584	WerFault.exe	Unicorn-19401.exe
2024	1508	WerFault.exe	Unicorn-31077.exe
2292	2392	WerFault.exe	Unicorn-4456.exe
448	1604	WerFault.exe	Unicorn-35183.exe
2360	348	WerFault.exe	Unicorn-27015.exe
2876	2592	WerFault.exe	Unicorn-28961.exe
1416	2640	WerFault.exe	Unicorn-43906.exe
2888	2524	WerFault.exe	Unicorn-13179.exe
2328	2712	WerFault.exe	Unicorn-6402.exe
3120	2596	WerFault.exe	Unicorn-45297.exe
3528	1916	WerFault.exe	Unicorn-29515.exe
3644	2400	WerFault.exe	Unicorn-28961.exe
3652	2152	WerFault.exe	Unicorn-41959.exe
3956	1784	WerFault.exe	Unicorn-60813.exe
3116	2388	WerFault.exe	Unicorn-48587.exe
3708	2244	WerFault.exe	Unicorn-59687.exe
3856	2176	WerFault.exe	Unicorn-62292.exe
3924	2504	WerFault.exe	Unicorn-8431.exe
3952	2736	WerFault.exe	Unicorn-36335.exe
3992	1708	WerFault.exe	Unicorn-31566.exe
3984	1852	WerFault.exe	Unicorn-11446.exe
4080	1256	WerFault.exe	Unicorn-39158.exe
3300	1520	WerFault.exe	Unicorn-16469.exe
3636	2756	WerFault.exe	Unicorn-50808.exe
3296	2768	WerFault.exe	Unicorn-55364.exe
3688	2084	WerFault.exe	Unicorn-3553.exe
3696	2116	WerFault.exe	Unicorn-14653.exe
3824	2728	WerFault.exe	Unicorn-49464.exe
3664	1148	WerFault.exe	Unicorn-56838.exe
3196	1672	WerFault.exe	Unicorn-59531.exe
3276	1612	WerFault.exe	Unicorn-5691.exe
3572	2252	WerFault.exe	Unicorn-56646.exe
3592	1964	WerFault.exe	Unicorn-28612.exe
4036	2992	WerFault.exe	Unicorn-55276.exe
3684	1716	WerFault.exe	Unicorn-6630.exe
3312	2156	WerFault.exe	Unicorn-24358.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exeUnicorn-38037.exeUnicorn-1171.exeUnicorn-50927.exeUnicorn-20798.exeUnicorn-35742.exeUnicorn-50216.exeUnicorn-53553.exeUnicorn-2961.exeUnicorn-57637.exeUnicorn-32339.exeUnicorn-15811.exeUnicorn-48161.exeUnicorn-12795.exeUnicorn-27740.exeUnicorn-47606.exeUnicorn-10418.exeUnicorn-30284.exeUnicorn-52842.exeUnicorn-9012.exeUnicorn-63688.exeUnicorn-12541.exeUnicorn-27486.exeUnicorn-16626.exeUnicorn-15234.exeUnicorn-35100.exeUnicorn-63195.exeUnicorn-63195.exeUnicorn-31077.exeUnicorn-35183.exeUnicorn-4456.exeUnicorn-19401.exeUnicorn-27015.exeUnicorn-41959.exeUnicorn-45297.exeUnicorn-29515.exeUnicorn-6402.exeUnicorn-28961.exeUnicorn-59687.exeUnicorn-28961.exeUnicorn-43906.exeUnicorn-13179.exeUnicorn-48587.exeUnicorn-16469.exeUnicorn-36335.exeUnicorn-55364.exeUnicorn-14653.exeUnicorn-49464.exeUnicorn-37212.exeUnicorn-21430.exeUnicorn-11446.exeUnicorn-13070.exeUnicorn-20684.exeUnicorn-47326.exeUnicorn-59578.exeUnicorn-31544.exeUnicorn-47326.exeUnicorn-50019.exeUnicorn-8431.exeUnicorn-39158.exeUnicorn-62292.exeUnicorn-31566.exeUnicorn-46511.exeUnicorn-839.exe

pid	process
2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
2196	Unicorn-38037.exe
2124	Unicorn-1171.exe
2288	Unicorn-50927.exe
2796	Unicorn-20798.exe
2864	Unicorn-35742.exe
1584	Unicorn-50216.exe
2624	Unicorn-53553.exe
3068	Unicorn-2961.exe
2564	Unicorn-57637.exe
2856	Unicorn-32339.exe
808	Unicorn-15811.exe
2900	Unicorn-48161.exe
2904	Unicorn-12795.exe
1252	Unicorn-27740.exe
1120	Unicorn-47606.exe
1076	Unicorn-10418.exe
1112	Unicorn-30284.exe
2852	Unicorn-52842.exe
708	Unicorn-9012.exe
2484	Unicorn-63688.exe
760	Unicorn-12541.exe
1956	Unicorn-27486.exe
1864	Unicorn-16626.exe
1288	Unicorn-15234.exe
1304	Unicorn-35100.exe
2028	Unicorn-63195.exe
996	Unicorn-63195.exe
1508	Unicorn-31077.exe
1604	Unicorn-35183.exe
2392	Unicorn-4456.exe
2584	Unicorn-19401.exe
348	Unicorn-27015.exe
2152	Unicorn-41959.exe
2596	Unicorn-45297.exe
1916	Unicorn-29515.exe
2712	Unicorn-6402.exe
2400	Unicorn-28961.exe
2244	Unicorn-59687.exe
2592	Unicorn-28961.exe
2640	Unicorn-43906.exe
2524	Unicorn-13179.exe
2388	Unicorn-48587.exe
1520	Unicorn-16469.exe
2736	Unicorn-36335.exe
2768	Unicorn-55364.exe
2116	Unicorn-14653.exe
2728	Unicorn-49464.exe
2364	Unicorn-37212.exe
328	Unicorn-21430.exe
1852	Unicorn-11446.exe
1776	Unicorn-13070.exe
2960	Unicorn-20684.exe
1364	Unicorn-47326.exe
1332	Unicorn-59578.exe
1476	Unicorn-31544.exe
1940	Unicorn-47326.exe
916	Unicorn-50019.exe
2504	Unicorn-8431.exe
1256	Unicorn-39158.exe
2176	Unicorn-62292.exe
1708	Unicorn-31566.exe
2192	Unicorn-46511.exe
2416	Unicorn-839.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exeUnicorn-38037.exeUnicorn-1171.exeUnicorn-50927.exeUnicorn-20798.exeUnicorn-35742.exeUnicorn-50216.exeUnicorn-53553.exe

description	pid	process	target process
PID 2040 wrote to memory of 2196	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-38037.exe
PID 2040 wrote to memory of 2196	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-38037.exe
PID 2040 wrote to memory of 2196	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-38037.exe
PID 2040 wrote to memory of 2196	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-38037.exe
PID 2196 wrote to memory of 2124	2196	Unicorn-38037.exe	Unicorn-1171.exe
PID 2196 wrote to memory of 2124	2196	Unicorn-38037.exe	Unicorn-1171.exe
PID 2196 wrote to memory of 2124	2196	Unicorn-38037.exe	Unicorn-1171.exe
PID 2196 wrote to memory of 2124	2196	Unicorn-38037.exe	Unicorn-1171.exe
PID 2040 wrote to memory of 2288	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-50927.exe
PID 2040 wrote to memory of 2288	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-50927.exe
PID 2040 wrote to memory of 2288	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-50927.exe
PID 2040 wrote to memory of 2288	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	Unicorn-50927.exe
PID 2040 wrote to memory of 2452	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	WerFault.exe
PID 2040 wrote to memory of 2452	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	WerFault.exe
PID 2040 wrote to memory of 2452	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	WerFault.exe
PID 2040 wrote to memory of 2452	2040	54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe	WerFault.exe
PID 2196 wrote to memory of 2864	2196	Unicorn-38037.exe	Unicorn-35742.exe
PID 2196 wrote to memory of 2864	2196	Unicorn-38037.exe	Unicorn-35742.exe
PID 2196 wrote to memory of 2864	2196	Unicorn-38037.exe	Unicorn-35742.exe
PID 2196 wrote to memory of 2864	2196	Unicorn-38037.exe	Unicorn-35742.exe
PID 2124 wrote to memory of 2796	2124	Unicorn-1171.exe	Unicorn-20798.exe
PID 2124 wrote to memory of 2796	2124	Unicorn-1171.exe	Unicorn-20798.exe
PID 2124 wrote to memory of 2796	2124	Unicorn-1171.exe	Unicorn-20798.exe
PID 2124 wrote to memory of 2796	2124	Unicorn-1171.exe	Unicorn-20798.exe
PID 2196 wrote to memory of 3064	2196	Unicorn-38037.exe	WerFault.exe
PID 2196 wrote to memory of 3064	2196	Unicorn-38037.exe	WerFault.exe
PID 2196 wrote to memory of 3064	2196	Unicorn-38037.exe	WerFault.exe
PID 2196 wrote to memory of 3064	2196	Unicorn-38037.exe	WerFault.exe
PID 2288 wrote to memory of 1584	2288	Unicorn-50927.exe	Unicorn-50216.exe
PID 2288 wrote to memory of 1584	2288	Unicorn-50927.exe	Unicorn-50216.exe
PID 2288 wrote to memory of 1584	2288	Unicorn-50927.exe	Unicorn-50216.exe
PID 2288 wrote to memory of 1584	2288	Unicorn-50927.exe	Unicorn-50216.exe
PID 2796 wrote to memory of 2624	2796	Unicorn-20798.exe	Unicorn-53553.exe
PID 2796 wrote to memory of 2624	2796	Unicorn-20798.exe	Unicorn-53553.exe
PID 2796 wrote to memory of 2624	2796	Unicorn-20798.exe	Unicorn-53553.exe
PID 2796 wrote to memory of 2624	2796	Unicorn-20798.exe	Unicorn-53553.exe
PID 2124 wrote to memory of 3068	2124	Unicorn-1171.exe	Unicorn-2961.exe
PID 2124 wrote to memory of 3068	2124	Unicorn-1171.exe	Unicorn-2961.exe
PID 2124 wrote to memory of 3068	2124	Unicorn-1171.exe	Unicorn-2961.exe
PID 2124 wrote to memory of 3068	2124	Unicorn-1171.exe	Unicorn-2961.exe
PID 2864 wrote to memory of 2564	2864	Unicorn-35742.exe	Unicorn-57637.exe
PID 2864 wrote to memory of 2564	2864	Unicorn-35742.exe	Unicorn-57637.exe
PID 2864 wrote to memory of 2564	2864	Unicorn-35742.exe	Unicorn-57637.exe
PID 2864 wrote to memory of 2564	2864	Unicorn-35742.exe	Unicorn-57637.exe
PID 2288 wrote to memory of 1620	2288	Unicorn-50927.exe	WerFault.exe
PID 2288 wrote to memory of 1620	2288	Unicorn-50927.exe	WerFault.exe
PID 2288 wrote to memory of 1620	2288	Unicorn-50927.exe	WerFault.exe
PID 2288 wrote to memory of 1620	2288	Unicorn-50927.exe	WerFault.exe
PID 2124 wrote to memory of 1860	2124	Unicorn-1171.exe	WerFault.exe
PID 2124 wrote to memory of 1860	2124	Unicorn-1171.exe	WerFault.exe
PID 2124 wrote to memory of 1860	2124	Unicorn-1171.exe	WerFault.exe
PID 2124 wrote to memory of 1860	2124	Unicorn-1171.exe	WerFault.exe
PID 1584 wrote to memory of 2856	1584	Unicorn-50216.exe	Unicorn-32339.exe
PID 1584 wrote to memory of 2856	1584	Unicorn-50216.exe	Unicorn-32339.exe
PID 1584 wrote to memory of 2856	1584	Unicorn-50216.exe	Unicorn-32339.exe
PID 1584 wrote to memory of 2856	1584	Unicorn-50216.exe	Unicorn-32339.exe
PID 2624 wrote to memory of 808	2624	Unicorn-53553.exe	Unicorn-15811.exe
PID 2624 wrote to memory of 808	2624	Unicorn-53553.exe	Unicorn-15811.exe
PID 2624 wrote to memory of 808	2624	Unicorn-53553.exe	Unicorn-15811.exe
PID 2624 wrote to memory of 808	2624	Unicorn-53553.exe	Unicorn-15811.exe
PID 2796 wrote to memory of 2900	2796	Unicorn-20798.exe	Unicorn-48161.exe
PID 2796 wrote to memory of 2900	2796	Unicorn-20798.exe	Unicorn-48161.exe
PID 2796 wrote to memory of 2900	2796	Unicorn-20798.exe	Unicorn-48161.exe
PID 2796 wrote to memory of 2900	2796	Unicorn-20798.exe	Unicorn-48161.exe

C:\Users\Admin\AppData\Local\Temp\54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe
"C:\Users\Admin\AppData\Local\Temp\54d29216d004cf79e830c2121025c85bfdef7b882a08edd44d252769ccdf5817.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52842.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11446.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
10⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6877.exe
11⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 220
12⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
11⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
10⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54269.exe
9⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
10⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
11⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
12⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
13⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
14⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54875.exe
15⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 236
14⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
13⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 236
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
11⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
10⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
9⤵
- Program crash
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13070.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55660.exe
9⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25684.exe
11⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
12⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32357.exe
13⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63069.exe
14⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 236
14⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
12⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
11⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 236
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47697.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12855.exe
10⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9425.exe
11⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7059.exe
12⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 236
13⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
12⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 220
9⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
8⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14653.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
9⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
10⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
11⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
12⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
13⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
14⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9483.exe
15⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
15⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
14⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
13⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
12⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
11⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
10⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8275.exe
9⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
10⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28445.exe
11⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4786.exe
12⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
13⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
14⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
14⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
12⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 216
10⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
9⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
8⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50816.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
11⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28331.exe
12⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11958.exe
13⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe
14⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
14⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
12⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
11⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
10⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
9⤵
- Program crash
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
8⤵
- Program crash
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
7⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9012.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37212.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65198.exe
9⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
10⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50935.exe
11⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
12⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4921.exe
13⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12560.exe
14⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 236
14⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 236
13⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
11⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27.exe
10⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22965.exe
11⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49898.exe
12⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27112.exe
13⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
12⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 236
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
8⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33572.exe
11⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61719.exe
12⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
13⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 236
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
12⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
10⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
9⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
8⤵
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21430.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59062.exe
10⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50370.exe
11⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22924.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11185.exe
13⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
11⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
10⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
8⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
7⤵
- Program crash
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
6⤵
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27015.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59578.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37186.exe
9⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
10⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64111.exe
11⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35710.exe
12⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32555.exe
13⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-832.exe
14⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
14⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
13⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 220
12⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
11⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4959.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6358.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
11⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
12⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29530.exe
13⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39136.exe
14⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
12⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 220
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
8⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25522.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9731.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
11⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28295.exe
12⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19515.exe
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 216
13⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
11⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
10⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
8⤵
- Program crash
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31544.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
8⤵
PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 220
9⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24009.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43115.exe
9⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20360.exe
10⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11859.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
12⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 236
12⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 236
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 220
8⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
7⤵
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24934.exe
8⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14521.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
12⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17169.exe
13⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
13⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
11⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41553.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51029.exe
11⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29997.exe
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
11⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
7⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-655.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13841.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14817.exe
10⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
11⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 216
12⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
9⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
8⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
6⤵
- Program crash
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47606.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16626.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62292.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe
9⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2601.exe
10⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19270.exe
11⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56872.exe
12⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23635.exe
13⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21653.exe
14⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
14⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 236
12⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
11⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
9⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24912.exe
8⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-847.exe
9⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-4770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4770.exe
10⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
11⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59405.exe
12⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
13⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 236
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
11⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 216
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
8⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46511.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29655.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4132.exe
10⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
11⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20978.exe
12⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
13⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
12⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
11⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
8⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
7⤵
- Program crash
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43906.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39158.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60813.exe
8⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
11⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30002.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41149.exe
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 236
13⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
8⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2930.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53805.exe
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18990.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
11⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 236
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
11⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
10⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
7⤵
- Program crash
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
6⤵
- Program crash
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31566.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20850.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45772.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62248.exe
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21689.exe
12⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54517.exe
13⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 236
13⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
11⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
8⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23542.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31382.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27438.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42674.exe
10⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
11⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62493.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
11⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
8⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
7⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
6⤵
- Program crash
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
5⤵
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12541.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45297.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35650.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1067.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38071.exe
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52648.exe
11⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53878.exe
12⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32654.exe
13⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23438.exe
14⤵
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
13⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
12⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 236
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
10⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
10⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63914.exe
11⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
12⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-56364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56364.exe
13⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
13⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
12⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
11⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
9⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34258.exe
7⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
8⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
9⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 220
10⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15265.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47775.exe
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28912.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe
11⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62477.exe
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
12⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
11⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
10⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
8⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
7⤵
- Program crash
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29515.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
8⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60764.exe
11⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
12⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
13⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
13⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 236
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
11⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38399.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62803.exe
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17210.exe
10⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
11⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10038.exe
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
11⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 220
8⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15182.exe
7⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43058.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46898.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12679.exe
10⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe
11⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
12⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 220
12⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
8⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
7⤵
- Program crash
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
6⤵
- Program crash
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
8⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14334.exe
10⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe
11⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
12⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 236
13⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58820.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23079.exe
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43878.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
11⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15331.exe
12⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
12⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 220
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 220
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
8⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
7⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41161.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28725.exe
9⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32472.exe
11⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
12⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
11⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
10⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
8⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15784.exe
6⤵
- Executes dropped EXE
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28442.exe
7⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18219.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22301.exe
11⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-30433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30433.exe
12⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12005.exe
13⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
13⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
12⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
11⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55722.exe
7⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21927.exe
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36504.exe
9⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3068.exe
10⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11247.exe
11⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
11⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
9⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
7⤵
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
6⤵
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
5⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24358.exe
8⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4020.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
10⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
11⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46203.exe
12⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24102.exe
13⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15596.exe
14⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 216
14⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
12⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
11⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
9⤵
- Program crash
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65253.exe
11⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe
12⤵
PID:10676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30044.exe
13⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-408.exe
7⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32609.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46431.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59550.exe
11⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58398.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-500.exe
13⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
12⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 236
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
8⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53413.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22695.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9062.exe
11⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28186.exe
12⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60687.exe
13⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 236
12⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
11⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
9⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43854.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
8⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
9⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
10⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21912.exe
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 236
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
10⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
9⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
8⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 220
7⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
6⤵
- Program crash
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13179.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2375.exe
7⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43442.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21984.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28284.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1652.exe
11⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26121.exe
12⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 236
12⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
8⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
7⤵
- Program crash
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
6⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
5⤵
- Program crash
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36335.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56838.exe
8⤵
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11804.exe
9⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50240.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
11⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42913.exe
12⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22457.exe
13⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44678.exe
14⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
14⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
12⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
11⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
10⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 236
9⤵
- Program crash
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
8⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
10⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19260.exe
11⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61434.exe
12⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37361.exe
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
12⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
11⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
9⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59531.exe
7⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30204.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38751.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
11⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
12⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36894.exe
13⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 220
13⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
11⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
10⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
8⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
7⤵
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe
7⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57422.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28445.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49327.exe
11⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
12⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
13⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
13⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 236
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
8⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12359.exe
7⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18528.exe
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4578.exe
9⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
10⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55596.exe
11⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
11⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
10⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
8⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
7⤵
- Program crash
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 240
6⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31077.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49464.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55276.exe
7⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11236.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59441.exe
11⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
12⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1891.exe
13⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
13⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
11⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
10⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
9⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
8⤵
- Program crash
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45800.exe
7⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24558.exe
8⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12684.exe
9⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36281.exe
10⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51128.exe
11⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5264.exe
12⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
11⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
10⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
9⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
8⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6630.exe
6⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36885.exe
7⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
8⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25814.exe
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
10⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
11⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
12⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
10⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
9⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
8⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
7⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
6⤵
- Program crash
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
5⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10418.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63195.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50808.exe
7⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52837.exe
8⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51851.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51859.exe
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-11013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11013.exe
11⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
12⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58777.exe
13⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 220
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
11⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 220
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 236
9⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
8⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51446.exe
7⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39358.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52710.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43214.exe
10⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
11⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 216
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
9⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
8⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
7⤵
- Program crash
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18690.exe
6⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48753.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12956.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56130.exe
10⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6104.exe
11⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9192.exe
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 216
12⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
11⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 220
10⤵
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 220
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
8⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
7⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12279.exe
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35217.exe
9⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
10⤵
PID:9280

C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36842.exe
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9280 -s 216
11⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
10⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
9⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
8⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
7⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
6⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16469.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3553.exe
6⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
7⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5507.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9394.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
10⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26541.exe
11⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17268.exe
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
12⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 216
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
9⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
8⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
7⤵
- Program crash
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53392.exe
6⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe
7⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
8⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36691.exe
9⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25040.exe
10⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38596.exe
11⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
10⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
9⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
8⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
7⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 220
6⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 240
5⤵
- Program crash
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
4⤵
- Program crash
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
2⤵
- Program crash
PID:2452

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe

Filesize
184KB

MD5
00d9c0c335b7c7f3824c06b754874f29

SHA1
f270a7913f59c07fb7bec6ed2e16e3e639e7eec9

SHA256
505dbc25bd149f624fdbc98c3b0988c24fcc0cb1fc51d91a9d3a32826c3e225e

SHA512
8e10294159090676e80d8ed206cd858a9ffe9728fa893303614bc4225c98b793b1de9fbb460fdf610f743f37ecbee20591e2ced25d030b6c011df7954c39fc54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17267.exe

Filesize
184KB

MD5
e80e857502dcf8d456b461abfd805378

SHA1
5fa2fb1b4b35274ae5b0b49c0f6b5794cb68640d

SHA256
8ef5876a7a7884d1925fc71821af15c5279679b9b02cd1325affa4f72536436a

SHA512
e437a1df4db42c93bf62ac5b7f3e3790b31215371b4619e2b38d835eaf8b54d1923526436c82081bfc3f5fd07c4128a6692e56e863fc298ae3ef1c54651a866d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20798.exe

Filesize
184KB

MD5
8bb93b74af3b15eaa07734cc09daa709

SHA1
4d0bfb51ab9ac72ae355826f1c499bf0a2d6a04f

SHA256
0212ad10c8a780ddbb5009203ad7a49542e9a2dd42e537912d2e16e61c3fbc6b

SHA512
9fe81e131b6b41466adecbab0afca7c3b658c723f9e0e40b102ae4f20333ebc68ae564bccd0667311f20d96004911cadcce8673676a121e9a3ab9bf82a18ac03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2269.exe

Filesize
184KB

MD5
f5a670aec6b24b8597f78c23177715bc

SHA1
652075a5074dc59a1430e08f19fd4d1c002542e3

SHA256
2ca8ade2c4a6d1cf9224960fbd5700e13e19a682da09c3c8a64d2b2b7f192091

SHA512
d05449642ca816ef4fd77eba681f63a4e0844f4b7b2101f571ee39434cda338cbf010b9f517e174e5e66dc13a560a0ed417dc325a1a5caa0de1c7323017866e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30609.exe

Filesize
184KB

MD5
8d34c102859c55338c51f1d2ccdb37a3

SHA1
8d63c7099f92b9d476eaf595815360fa37a8e2eb

SHA256
28f0501a72ba4baec5a64784aa28b01f72914c99fdbe8710474a410e89b5a1ee

SHA512
6cb0a4009d4dfc1eb15814e88306e5d81ee77ecfef6dcc1e57bbd585a07cbdcf275c01370b548db7bf9474d991cb493d1b6d4084947e28ccbadbcdbab1e87aac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40763.exe

Filesize
184KB

MD5
89790c19f069bd8fda0b25a136605c64

SHA1
205650269dd5af2e086aa22ac07b8bbf3a4b63a2

SHA256
5b34f04090fbddae8d7578db9c257574d7841bb710addefa6efe472cad4220ec

SHA512
e451cd736322abc0fbe034638ce1a9d386634245800a8d53fb67107a535ab1916b18ce669f1de82d19b37a3c9c7146dae8ade9570242083833d3197eb68c4cb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48907.exe

Filesize
184KB

MD5
5137e564bda02359d61e2dc028d9d454

SHA1
2419a35b794c1f83ae029680120abd74e25d5d54

SHA256
c18c009755ded2c12c81790c15993d9f47baea3a355bd1f9302c6d4efb8ea4aa

SHA512
b8014fdc6227b09869770f574de58d860ba09d875fae58e846166acffc8d252944b579b644d4b1721b88a7769e312a357f61b37671d9172a6b0b1e19637e4502

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49146.exe

Filesize
184KB

MD5
d21761a82ae83f716af233d76ae82888

SHA1
8e200d0475f9618bd971a3a5c335b1ab579db85e

SHA256
2a9117b199c5fc958afa5d903d472153d761ed5a7cf5475222b70aefd2e14311

SHA512
7bc39aeb89be72202cb9ff484c746267241bc2d88f9d1d80229f84bbbed68cda51727fc423250980cc84dc510dfa3986e97a4faccecaefaa0bd25f2deb2bab31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53074.exe

Filesize
184KB

MD5
66390648580da1fa4576d932a806d114

SHA1
9cac6cd1a67c4499b015b615a857749287e24a6b

SHA256
2a014f2cd4061f219c982e91646ba7d5442a83cba7db6ff6578fecf22fe47dd5

SHA512
bb7bfd13b85807469b118402842c6c6d1da2c2a1897c06ac45ec0397a453391143251009fac91c3ada70bbb1d978c71aaed617e21bb8306bc20f5a07d305aa30

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5691.exe

Filesize
184KB

MD5
f5fac74eb553724d4edcc0d46b3c4632

SHA1
dd961e23d68e7a664bfc5fb8ce7cd95047537687

SHA256
1ff4152bba16ae59ac338f2888ee31c2e3ecbac786def758152087d26365c485

SHA512
1e5e157515ca6240da086289f58be8fd82816af46df091f91a3c2dbbb542a945a98de967f3b18c33e33137bcadbd68b38d0258af1902cbc00e4cfb974db7eb0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe

Filesize
184KB

MD5
5d96d1a236d82a5a367fc5ff6df3e955

SHA1
66b12d9e3fa2e0fc88603c9db7b1ecc22d6b9f87

SHA256
e24028602156c7c4635d82de1ab1c5f7aeaa8cdd40f530b904009ece95584ed2

SHA512
8d84f8274b1cdd7fafc654fa8b38c99dded6633d2f7880d6322315fa2ed4d020cf1160608b070a146e46de2b6dda7e600a44028d269d633bc10d59d158b17dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5883.exe

Filesize
184KB

MD5
3c3898bd9720e4860001635f82697864

SHA1
832afe7d11a26fc57c5dc688031e5190dc687cce

SHA256
cf2230c9e144c9a87f8c1b7d0199214bf9875903611630ccc24a40cbcf7935d1

SHA512
4ae843309129d87cfc393080882219f099ac4be7b8d0aa9876c2f66c28bec21573758ae213cc694c449ac9b806f4951943adea85a05dfc58c6e34004c90a6447

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5891.exe

Filesize
184KB

MD5
b9d2051702f2ad0c5b297349e9bb48d7

SHA1
c19d682f4463f1206254b1623f66a5add1147de8

SHA256
469b8a773c89e88d6255e6c1fcc624a3897a66653ac551f42b2f23801e68becb

SHA512
3b649f58ec1d55e0d467cdf9d5acc60bd8e733610be4559bdac3e5b62aae82ae91474b0a54dbc6e233b7b248bbfb3bf3ea6cb0db478aa892a952ca0df30c92b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6402.exe

Filesize
184KB

MD5
b7e46b475ba07d6a292f2771996d717c

SHA1
d4d5130040cb245692bd5cb744a36d04704dd9f5

SHA256
1a154ad895e1665d41760d8103a6c25af2664e7b594fd99ce99254fd9c9986db

SHA512
67ba8fc64c7fa5f4f231fd8af256a2b69e39e0556fc7fd8d4e53e2a167b825fcb26434c6f54f863214daf1011b1b4d3f36d1d26e7374d043428c7a0d791e9165

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1171.exe

Filesize
184KB

MD5
59fd1c6d077de7b98be402c3bc39f7a2

SHA1
792605cf7506d185f4629de705b7b2cc10bb854c

SHA256
ea40a4ffe7eb9c33760c83dcbcb686bfe0732010f7187ec5c4ba679dcca14d11

SHA512
507989ea9d5bccaf71a147510b4e3f27284844084264f8eaeea6acbaf232048e6e180952675d8ca5f6a81d4556d8d1c0fc29be89b36d25463f7b79e1db1543eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe

Filesize
184KB

MD5
6a7f75b42e8154e20e23c6fea6850fc4

SHA1
0f39aff72903f5995132dbcf94b8fb0841f7edac

SHA256
787e529e7e026d20d8e24c4eb0ae53bd5c219f6aa2ba5aca58ba02a3e1132da9

SHA512
c1a76ef31476a670ba451d45442fe01624e897fd2f53916f4b1edab6fc6671e3d28774196fbc15283ebf87cabc05c63f62da783a1c91b555ad7726326c2e027a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe

Filesize
184KB

MD5
c1d3b24746c5b43c26a997259ecb55f1

SHA1
eb12ad1956e83233ee9fe3fb4e27cefd4c2e46dd

SHA256
490bbe9e2f3a13170290a3d26b639af68c35ae7b45921571ee6dffd25fb4c4a2

SHA512
1655febc8dc4929bef1ff35cbd9ba7c0c91ef933a4e8ed3681446e67d2845167e1807c1bc595bcb466f08301c9c3a9433674109e4a6a4714d15156f478c116b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32339.exe

Filesize
184KB

MD5
5d803e78654d4334d22cc5f75693385b

SHA1
a969ffa879851be91f03adbd37b58628b73e5252

SHA256
a678431f2f497778ab86585e0a524c4e4dcdc57814cf94703eb4b72880305b1c

SHA512
1e3831b0da5ba91f948c60a7372bd6f16632ed1149383dadcdc51fe6c703183f43d852c0d97251f51c41638b22f39a5d44ee65ce3f00462a15447246c65a00a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35742.exe

Filesize
184KB

MD5
c2775a57283e29febc050d62fcc912c2

SHA1
6d10d3a409b33d4af181aaa0808ae14e4ec406b1

SHA256
4004ab0ff963e73041699263a1cb6df5837d5b4218567ae6e7384511a041bf59

SHA512
16b0ac171452c786de8a819f8bef861714b1561ddbcba451a384ea15ab8915b9f6095e4dd8c939c9b49817bc6003de2aecda235c4746845da850d2bb14812bb0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38037.exe

Filesize
184KB

MD5
3d1c2e78e8aba74037f41e1a264db314

SHA1
89c42079647c7b33491136185a16a852d7fcbfdd

SHA256
245f43fbe642f6ff035bfd774209ea0c74e7fbc8016e50cd14dc46cf36fb3ba8

SHA512
134b86c08085270758be5b056320f5ee2b28fca92e632b0f3f8116a2b2d2b23ccdab4faac46992f74edb46ff3985acd7668b8064b63f12887ce03d06973b9088

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48161.exe

Filesize
184KB

MD5
4039b6338d2aa48bb4168b542143f9ea

SHA1
c6e5132d3e6c24fd18b254068a0db5563f0497c5

SHA256
857ae4d358bd27f7b87a2d301da1813eceaa7f043c7e76846c6903b2d5c169c4

SHA512
7508993cd1a2e6d6092a274e6608a433fd388a68a9feb6eb1d6e8ae36da36cc0dd8958e16ad3087a32fb7a1a2c0b6ee3e92a60da17f8b4779b1d0cb6ae88707c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50216.exe

Filesize
184KB

MD5
69ffc128f005f1c6eb9283ec761752b5

SHA1
1c52424af59d5c2d332973ba40c332c55faa0ae1

SHA256
97cb8c8ebb5f5dc30d504928f5fd7c50b4486f8b88b9f042d8e344d1c90a05e1

SHA512
7fc56e7268ae723c00f451fd115d0004069ac95e8e229e15b0bd2a82523940393afedb0baf8e5ba967ebe47adead3326890d02d2193f8b12a46d242787d956ea

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50927.exe

Filesize
184KB

MD5
8e7b4c3dff15d2af452fa8bd02794eec

SHA1
6cbf80e9f4f1838836e0c353a01312117ef9f269

SHA256
346958e63edc2293b9210aa1d3f00292fff3f1b79d0c54c32e054745e9f2fcfe

SHA512
139dae85a2f2a5a5e55c47023497ce8611985327a63b2f7cbb42e1886ed04323da3bcefb8611aad1be26ba63d1b1a77fa898b37b390d4e5343e6d2cd4d171d22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53553.exe

Filesize
184KB

MD5
094ee9c401cfc3a9c488d07ebba5605c

SHA1
7ae5fddf566f6f0f4873f637472487df441ad219

SHA256
63cbc68e69910bcf366d9f1749d14582fa8786dae2d7dc78584bb7036f6b42ed

SHA512
fc604bc7c5fde64f85e4aff8f0f7bc9180f360b01805c0a6370b31050fddc5b74ac662df996338772d3f6d146235317c4939121f2ba9a9187039d94a99348a3a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe

Filesize
184KB

MD5
00408f3aaade50d23ad3e26e3d8f3f53

SHA1
2525823ce9e2f627e4acad6de030b40f5ac45e73

SHA256
3929b9d02b45f866f8afd63f387e73ba0f01f273e1d89572a50253901a587602

SHA512
bb58ab6c59145afc3301e4189b4773f12abbb7871113369510875bfdbabd6b51e8d61bc6a709c427486a8f91dd51c5288d05719ef418e63ce4edb9904cf21a65

Download Submit