6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
Size

184KB
MD5

c37f850835606ab97e43cbe00c1cdc7f
SHA1

41891a0c9c414760d4e0395ee97fee73c5b7cb39
SHA256

6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454
SHA512

ad9856731c58aedc5de75b8f1d0bcf25d545183e73f76cf94a061b8a33b692f629658def4d41fa65debe94a5e38c0825e49c78ac0110ed2d58269994d188e983
SSDEEP

1536:X7S/6GZAuli2o6x1zVpAlaw8lLIyvZcl1mdJxq2R2VfbUhl5hj5Vizpvb:LdUli2oWlVpTdlEWeQq2RebUhlnniFD

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-20329.exeUnicorn-64459.exeUnicorn-13867.exeUnicorn-33624.exeUnicorn-2897.exeUnicorn-48569.exeUnicorn-40639.exeUnicorn-60505.exeUnicorn-25695.exeUnicorn-62129.exeUnicorn-64589.exeUnicorn-39099.exeUnicorn-19233.exeUnicorn-55435.exeUnicorn-35569.exeUnicorn-60095.exeUnicorn-9503.exeUnicorn-64179.exeUnicorn-2726.exeUnicorn-8455.exeUnicorn-62871.exeUnicorn-17200.exeUnicorn-41704.exeUnicorn-41704.exeUnicorn-60925.exeUnicorn-15253.exeUnicorn-30198.exeUnicorn-19338.exeUnicorn-34282.exeUnicorn-54148.exeUnicorn-3556.exeUnicorn-49078.exeUnicorn-64023.exeUnicorn-43925.exeUnicorn-45549.exeUnicorn-65414.exeUnicorn-57801.exeUnicorn-16406.exeUnicorn-44672.exeUnicorn-55300.exeUnicorn-22113.exeUnicorn-31481.exeUnicorn-15699.exeUnicorn-39649.exeUnicorn-13006.exeUnicorn-47817.exeUnicorn-17091.exeUnicorn-62762.exeUnicorn-21175.exeUnicorn-49161.exeUnicorn-6737.exeUnicorn-8320.exeUnicorn-63359.exeUnicorn-1906.exeUnicorn-36717.exeUnicorn-51662.exeUnicorn-59830.exeUnicorn-53053.exeUnicorn-8128.exeUnicorn-57884.exeUnicorn-16297.exeUnicorn-59275.exeUnicorn-44070.exeUnicorn-33209.exe

pid	process
2604	Unicorn-20329.exe
2384	Unicorn-64459.exe
2712	Unicorn-13867.exe
2268	Unicorn-33624.exe
2792	Unicorn-2897.exe
2688	Unicorn-48569.exe
2816	Unicorn-40639.exe
2864	Unicorn-60505.exe
2580	Unicorn-25695.exe
2404	Unicorn-62129.exe
1528	Unicorn-64589.exe
824	Unicorn-39099.exe
1760	Unicorn-19233.exe
2936	Unicorn-55435.exe
2380	Unicorn-35569.exe
536	Unicorn-60095.exe
1932	Unicorn-9503.exe
1176	Unicorn-64179.exe
292	Unicorn-2726.exe
776	Unicorn-8455.exe
2156	Unicorn-62871.exe
1524	Unicorn-17200.exe
1744	Unicorn-41704.exe
2348	Unicorn-41704.exe
896	Unicorn-60925.exe
992	Unicorn-15253.exe
1864	Unicorn-30198.exe
2036	Unicorn-19338.exe
2072	Unicorn-34282.exe
1476	Unicorn-54148.exe
2416	Unicorn-3556.exe
3020	Unicorn-49078.exe
2724	Unicorn-64023.exe
2636	Unicorn-43925.exe
2548	Unicorn-45549.exe
2532	Unicorn-65414.exe
2640	Unicorn-57801.exe
3004	Unicorn-16406.exe
2776	Unicorn-44672.exe
1676	Unicorn-55300.exe
2880	Unicorn-22113.exe
1836	Unicorn-31481.exe
1608	Unicorn-15699.exe
2788	Unicorn-39649.exe
1436	Unicorn-13006.exe
1972	Unicorn-47817.exe
1300	Unicorn-17091.exe
2032	Unicorn-62762.exe
2924	Unicorn-21175.exe
1668	Unicorn-49161.exe
1160	Unicorn-6737.exe
2272	Unicorn-8320.exe
2948	Unicorn-63359.exe
2960	Unicorn-1906.exe
3024	Unicorn-36717.exe
1988	Unicorn-51662.exe
2484	Unicorn-59830.exe
2916	Unicorn-53053.exe
2868	Unicorn-8128.exe
2632	Unicorn-57884.exe
2684	Unicorn-16297.exe
1820	Unicorn-59275.exe
2888	Unicorn-44070.exe
2240	Unicorn-33209.exe

Loads dropped DLL 64 IoCs

Processes:

6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exeUnicorn-20329.exeUnicorn-64459.exeUnicorn-13867.exeWerFault.exeUnicorn-2897.exeUnicorn-33624.exeUnicorn-48569.exeWerFault.exeWerFault.exeUnicorn-25695.exeUnicorn-60505.exeUnicorn-64589.exeUnicorn-40639.exeUnicorn-62129.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
2604	Unicorn-20329.exe
2604	Unicorn-20329.exe
1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
2384	Unicorn-64459.exe
2712	Unicorn-13867.exe
2384	Unicorn-64459.exe
2712	Unicorn-13867.exe
2604	Unicorn-20329.exe
2604	Unicorn-20329.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
1808	WerFault.exe
2792	Unicorn-2897.exe
2792	Unicorn-2897.exe
2712	Unicorn-13867.exe
2712	Unicorn-13867.exe
2268	Unicorn-33624.exe
2268	Unicorn-33624.exe
2384	Unicorn-64459.exe
2384	Unicorn-64459.exe
2688	Unicorn-48569.exe
2688	Unicorn-48569.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1692	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1956	WerFault.exe
1692	WerFault.exe
1956	WerFault.exe
2580	Unicorn-25695.exe
2580	Unicorn-25695.exe
2792	Unicorn-2897.exe
2792	Unicorn-2897.exe
2864	Unicorn-60505.exe
2864	Unicorn-60505.exe
2268	Unicorn-33624.exe
2268	Unicorn-33624.exe
2688	Unicorn-48569.exe
2688	Unicorn-48569.exe
1528	Unicorn-64589.exe
1528	Unicorn-64589.exe
2816	Unicorn-40639.exe
2816	Unicorn-40639.exe
2404	Unicorn-62129.exe
2404	Unicorn-62129.exe
876	WerFault.exe
876	WerFault.exe
876	WerFault.exe
876	WerFault.exe
876	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1184	WerFault.exe
1996	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2668	1640	WerFault.exe	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
1808	2604	WerFault.exe	Unicorn-20329.exe
1692	2384	WerFault.exe	Unicorn-64459.exe
1956	2712	WerFault.exe	Unicorn-13867.exe
876	2792	WerFault.exe	Unicorn-2897.exe
1184	2268	WerFault.exe	Unicorn-33624.exe
1996	2688	WerFault.exe	Unicorn-48569.exe
1848	2580	WerFault.exe	Unicorn-25695.exe
2060	2864	WerFault.exe	Unicorn-60505.exe
1724	1528	WerFault.exe	Unicorn-64589.exe
2144	2816	WerFault.exe	Unicorn-40639.exe
2740	2404	WerFault.exe	Unicorn-62129.exe
376	2072	WerFault.exe	Unicorn-34282.exe
572	824	WerFault.exe	Unicorn-39099.exe
1468	1760	WerFault.exe	Unicorn-19233.exe
2356	1932	WerFault.exe	Unicorn-9503.exe
1044	292	WerFault.exe	Unicorn-2726.exe
1488	2380	WerFault.exe	Unicorn-35569.exe
904	2936	WerFault.exe	Unicorn-55435.exe
2964	536	WerFault.exe	Unicorn-60095.exe
752	1176	WerFault.exe	Unicorn-64179.exe
1220	776	WerFault.exe	Unicorn-8455.exe
3032	1524	WerFault.exe	Unicorn-17200.exe
2276	2156	WerFault.exe	Unicorn-62871.exe
1028	1744	WerFault.exe	Unicorn-41704.exe
3016	2348	WerFault.exe	Unicorn-41704.exe
2744	2036	WerFault.exe	Unicorn-19338.exe
2884	2416	WerFault.exe	Unicorn-3556.exe
1380	1476	WerFault.exe	Unicorn-54148.exe
1732	992	WerFault.exe	Unicorn-15253.exe
2432	896	WerFault.exe	Unicorn-60925.exe
2820	1864	WerFault.exe	Unicorn-30198.exe
2204	3020	WerFault.exe	Unicorn-49078.exe
996	2724	WerFault.exe	Unicorn-64023.exe
3152	2548	WerFault.exe	Unicorn-45549.exe
3164	3004	WerFault.exe	Unicorn-16406.exe
3204	2640	WerFault.exe	Unicorn-57801.exe
3244	2880	WerFault.exe	Unicorn-22113.exe
3324	1676	WerFault.exe	Unicorn-55300.exe
3420	1436	WerFault.exe	Unicorn-13006.exe
3428	2788	WerFault.exe	Unicorn-39649.exe
3452	1972	WerFault.exe	Unicorn-47817.exe
3500	1608	WerFault.exe	Unicorn-15699.exe
3864	2776	WerFault.exe	Unicorn-44672.exe
4044	2636	WerFault.exe	Unicorn-43925.exe
2224	2924	WerFault.exe	Unicorn-21175.exe
3724	1300	WerFault.exe	Unicorn-17091.exe
3944	1160	WerFault.exe	Unicorn-6737.exe
3968	1668	WerFault.exe	Unicorn-49161.exe
3172	1836	WerFault.exe	Unicorn-31481.exe
3488	2960	WerFault.exe	Unicorn-1906.exe
3592	3056	WerFault.exe	Unicorn-31263.exe
3656	2324	WerFault.exe	Unicorn-57713.exe
3692	2032	WerFault.exe	Unicorn-62762.exe
3732	2888	WerFault.exe	Unicorn-44070.exe
3748	1820	WerFault.exe	Unicorn-59275.exe
3772	1716	WerFault.exe	Unicorn-46208.exe
3896	988	WerFault.exe	Unicorn-15481.exe
3964	2532	WerFault.exe	Unicorn-65414.exe
4056	2848	WerFault.exe	Unicorn-14734.exe
2840	2376	WerFault.exe	Unicorn-37847.exe
3516	2412	WerFault.exe	Unicorn-63598.exe
3580	3024	WerFault.exe	Unicorn-36717.exe
496	2472	WerFault.exe	Unicorn-13006.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exeUnicorn-20329.exeUnicorn-64459.exeUnicorn-13867.exeUnicorn-33624.exeUnicorn-2897.exeUnicorn-48569.exeUnicorn-25695.exeUnicorn-60505.exeUnicorn-40639.exeUnicorn-64589.exeUnicorn-62129.exeUnicorn-39099.exeUnicorn-19233.exeUnicorn-35569.exeUnicorn-55435.exeUnicorn-9503.exeUnicorn-60095.exeUnicorn-64179.exeUnicorn-2726.exeUnicorn-8455.exeUnicorn-62871.exeUnicorn-17200.exeUnicorn-41704.exeUnicorn-41704.exeUnicorn-19338.exeUnicorn-15253.exeUnicorn-60925.exeUnicorn-30198.exeUnicorn-34282.exeUnicorn-54148.exeUnicorn-3556.exeUnicorn-49078.exeUnicorn-64023.exeUnicorn-45549.exeUnicorn-43925.exeUnicorn-65414.exeUnicorn-57801.exeUnicorn-16406.exeUnicorn-44672.exeUnicorn-55300.exeUnicorn-22113.exeUnicorn-31481.exeUnicorn-15699.exeUnicorn-39649.exeUnicorn-47817.exeUnicorn-13006.exeUnicorn-17091.exeUnicorn-62762.exeUnicorn-21175.exeUnicorn-49161.exeUnicorn-6737.exeUnicorn-8320.exeUnicorn-63359.exeUnicorn-1906.exeUnicorn-36717.exeUnicorn-51662.exeUnicorn-59830.exeUnicorn-53053.exeUnicorn-57884.exeUnicorn-8128.exeUnicorn-16297.exeUnicorn-59275.exeUnicorn-33209.exe

pid	process
1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
2604	Unicorn-20329.exe
2384	Unicorn-64459.exe
2712	Unicorn-13867.exe
2268	Unicorn-33624.exe
2792	Unicorn-2897.exe
2688	Unicorn-48569.exe
2580	Unicorn-25695.exe
2864	Unicorn-60505.exe
2816	Unicorn-40639.exe
1528	Unicorn-64589.exe
2404	Unicorn-62129.exe
824	Unicorn-39099.exe
1760	Unicorn-19233.exe
2380	Unicorn-35569.exe
2936	Unicorn-55435.exe
1932	Unicorn-9503.exe
536	Unicorn-60095.exe
1176	Unicorn-64179.exe
292	Unicorn-2726.exe
776	Unicorn-8455.exe
2156	Unicorn-62871.exe
1524	Unicorn-17200.exe
1744	Unicorn-41704.exe
2348	Unicorn-41704.exe
2036	Unicorn-19338.exe
992	Unicorn-15253.exe
896	Unicorn-60925.exe
1864	Unicorn-30198.exe
2072	Unicorn-34282.exe
1476	Unicorn-54148.exe
2416	Unicorn-3556.exe
3020	Unicorn-49078.exe
2724	Unicorn-64023.exe
2548	Unicorn-45549.exe
2636	Unicorn-43925.exe
2532	Unicorn-65414.exe
2640	Unicorn-57801.exe
3004	Unicorn-16406.exe
2776	Unicorn-44672.exe
1676	Unicorn-55300.exe
2880	Unicorn-22113.exe
1836	Unicorn-31481.exe
1608	Unicorn-15699.exe
2788	Unicorn-39649.exe
1972	Unicorn-47817.exe
1436	Unicorn-13006.exe
1300	Unicorn-17091.exe
2032	Unicorn-62762.exe
2924	Unicorn-21175.exe
1668	Unicorn-49161.exe
1160	Unicorn-6737.exe
2272	Unicorn-8320.exe
2948	Unicorn-63359.exe
2960	Unicorn-1906.exe
3024	Unicorn-36717.exe
1988	Unicorn-51662.exe
2484	Unicorn-59830.exe
2916	Unicorn-53053.exe
2632	Unicorn-57884.exe
2868	Unicorn-8128.exe
2684	Unicorn-16297.exe
1820	Unicorn-59275.exe
2240	Unicorn-33209.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exeUnicorn-20329.exeUnicorn-64459.exeUnicorn-13867.exeUnicorn-2897.exeUnicorn-33624.exeUnicorn-48569.exeUnicorn-25695.exe

description	pid	process	target process
PID 1640 wrote to memory of 2604	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-20329.exe
PID 1640 wrote to memory of 2604	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-20329.exe
PID 1640 wrote to memory of 2604	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-20329.exe
PID 1640 wrote to memory of 2604	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-20329.exe
PID 2604 wrote to memory of 2384	2604	Unicorn-20329.exe	Unicorn-64459.exe
PID 2604 wrote to memory of 2384	2604	Unicorn-20329.exe	Unicorn-64459.exe
PID 2604 wrote to memory of 2384	2604	Unicorn-20329.exe	Unicorn-64459.exe
PID 2604 wrote to memory of 2384	2604	Unicorn-20329.exe	Unicorn-64459.exe
PID 1640 wrote to memory of 2712	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-13867.exe
PID 1640 wrote to memory of 2712	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-13867.exe
PID 1640 wrote to memory of 2712	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-13867.exe
PID 1640 wrote to memory of 2712	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	Unicorn-13867.exe
PID 1640 wrote to memory of 2668	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	WerFault.exe
PID 1640 wrote to memory of 2668	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	WerFault.exe
PID 1640 wrote to memory of 2668	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	WerFault.exe
PID 1640 wrote to memory of 2668	1640	6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe	WerFault.exe
PID 2384 wrote to memory of 2268	2384	Unicorn-64459.exe	Unicorn-33624.exe
PID 2384 wrote to memory of 2268	2384	Unicorn-64459.exe	Unicorn-33624.exe
PID 2384 wrote to memory of 2268	2384	Unicorn-64459.exe	Unicorn-33624.exe
PID 2384 wrote to memory of 2268	2384	Unicorn-64459.exe	Unicorn-33624.exe
PID 2712 wrote to memory of 2792	2712	Unicorn-13867.exe	Unicorn-2897.exe
PID 2712 wrote to memory of 2792	2712	Unicorn-13867.exe	Unicorn-2897.exe
PID 2712 wrote to memory of 2792	2712	Unicorn-13867.exe	Unicorn-2897.exe
PID 2712 wrote to memory of 2792	2712	Unicorn-13867.exe	Unicorn-2897.exe
PID 2604 wrote to memory of 2688	2604	Unicorn-20329.exe	Unicorn-48569.exe
PID 2604 wrote to memory of 2688	2604	Unicorn-20329.exe	Unicorn-48569.exe
PID 2604 wrote to memory of 2688	2604	Unicorn-20329.exe	Unicorn-48569.exe
PID 2604 wrote to memory of 2688	2604	Unicorn-20329.exe	Unicorn-48569.exe
PID 2604 wrote to memory of 1808	2604	Unicorn-20329.exe	WerFault.exe
PID 2604 wrote to memory of 1808	2604	Unicorn-20329.exe	WerFault.exe
PID 2604 wrote to memory of 1808	2604	Unicorn-20329.exe	WerFault.exe
PID 2604 wrote to memory of 1808	2604	Unicorn-20329.exe	WerFault.exe
PID 2712 wrote to memory of 2816	2712	Unicorn-13867.exe	Unicorn-40639.exe
PID 2712 wrote to memory of 2816	2712	Unicorn-13867.exe	Unicorn-40639.exe
PID 2712 wrote to memory of 2816	2712	Unicorn-13867.exe	Unicorn-40639.exe
PID 2712 wrote to memory of 2816	2712	Unicorn-13867.exe	Unicorn-40639.exe
PID 2792 wrote to memory of 2580	2792	Unicorn-2897.exe	Unicorn-25695.exe
PID 2792 wrote to memory of 2580	2792	Unicorn-2897.exe	Unicorn-25695.exe
PID 2792 wrote to memory of 2580	2792	Unicorn-2897.exe	Unicorn-25695.exe
PID 2792 wrote to memory of 2580	2792	Unicorn-2897.exe	Unicorn-25695.exe
PID 2268 wrote to memory of 2864	2268	Unicorn-33624.exe	Unicorn-60505.exe
PID 2268 wrote to memory of 2864	2268	Unicorn-33624.exe	Unicorn-60505.exe
PID 2268 wrote to memory of 2864	2268	Unicorn-33624.exe	Unicorn-60505.exe
PID 2268 wrote to memory of 2864	2268	Unicorn-33624.exe	Unicorn-60505.exe
PID 2384 wrote to memory of 2404	2384	Unicorn-64459.exe	Unicorn-62129.exe
PID 2384 wrote to memory of 2404	2384	Unicorn-64459.exe	Unicorn-62129.exe
PID 2384 wrote to memory of 2404	2384	Unicorn-64459.exe	Unicorn-62129.exe
PID 2384 wrote to memory of 2404	2384	Unicorn-64459.exe	Unicorn-62129.exe
PID 2688 wrote to memory of 1528	2688	Unicorn-48569.exe	Unicorn-64589.exe
PID 2688 wrote to memory of 1528	2688	Unicorn-48569.exe	Unicorn-64589.exe
PID 2688 wrote to memory of 1528	2688	Unicorn-48569.exe	Unicorn-64589.exe
PID 2688 wrote to memory of 1528	2688	Unicorn-48569.exe	Unicorn-64589.exe
PID 2384 wrote to memory of 1692	2384	Unicorn-64459.exe	WerFault.exe
PID 2384 wrote to memory of 1692	2384	Unicorn-64459.exe	WerFault.exe
PID 2384 wrote to memory of 1692	2384	Unicorn-64459.exe	WerFault.exe
PID 2384 wrote to memory of 1692	2384	Unicorn-64459.exe	WerFault.exe
PID 2712 wrote to memory of 1956	2712	Unicorn-13867.exe	WerFault.exe
PID 2712 wrote to memory of 1956	2712	Unicorn-13867.exe	WerFault.exe
PID 2712 wrote to memory of 1956	2712	Unicorn-13867.exe	WerFault.exe
PID 2712 wrote to memory of 1956	2712	Unicorn-13867.exe	WerFault.exe
PID 2580 wrote to memory of 824	2580	Unicorn-25695.exe	Unicorn-39099.exe
PID 2580 wrote to memory of 824	2580	Unicorn-25695.exe	Unicorn-39099.exe
PID 2580 wrote to memory of 824	2580	Unicorn-25695.exe	Unicorn-39099.exe
PID 2580 wrote to memory of 824	2580	Unicorn-25695.exe	Unicorn-39099.exe

C:\Users\Admin\AppData\Local\Temp\6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe
"C:\Users\Admin\AppData\Local\Temp\6e176e821b74f33d3bd0599b3d54fa2e41639596308d648ec2ce854a5b8ef454.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49545.exe
9⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
10⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52581.exe
11⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35040.exe
12⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
13⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
14⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7057.exe
14⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
15⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 236
15⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 240
14⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
13⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
12⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
11⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41075.exe
10⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
11⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
12⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11214.exe
13⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14385.exe
14⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
14⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
11⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
10⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
9⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 236
8⤵
- Program crash
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
7⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
8⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
9⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
10⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41995.exe
11⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-60054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60054.exe
12⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15046.exe
13⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29497.exe
14⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 216
14⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
13⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
12⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20271.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-5430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5430.exe
10⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
12⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 216
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
12⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
10⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
8⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11823.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26972.exe
11⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
12⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
13⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 236
12⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
8⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15481.exe
7⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42000.exe
8⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57324.exe
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4911.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
11⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21469.exe
12⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
13⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 220
13⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
10⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
8⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
7⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
6⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35569.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57801.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53053.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
8⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33967.exe
11⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29406.exe
12⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
13⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
12⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
11⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27174.exe
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
11⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27219.exe
12⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
7⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64506.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26977.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31113.exe
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 220
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 236
11⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
7⤵
- Program crash
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
6⤵
- Program crash
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55300.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52114.exe
9⤵
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
10⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
11⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
12⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
13⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24941.exe
14⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 236
14⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
11⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 236
10⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
9⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38383.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29743.exe
10⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
12⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56487.exe
13⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 216
13⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
12⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
9⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
8⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44070.exe
7⤵
- Executes dropped EXE
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
8⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59182.exe
10⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25986.exe
11⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37530.exe
12⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
13⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
13⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 236
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
9⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
8⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
7⤵
- Program crash
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55077.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62062.exe
10⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-817.exe
11⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
11⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
9⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9690.exe
7⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-40433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40433.exe
9⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50625.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
11⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
11⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
10⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
8⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
6⤵
- Program crash
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60925.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17091.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31263.exe
7⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
8⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32732.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe
11⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27224.exe
12⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59066.exe
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 216
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
8⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19996.exe
7⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52856.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57428.exe
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22094.exe
10⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54888.exe
11⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
12⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 216
12⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
10⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
7⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
6⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
7⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44880.exe
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52519.exe
10⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27307.exe
11⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
12⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
12⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 236
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
9⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
8⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
7⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
5⤵
- Program crash
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60095.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19338.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31481.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
9⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30791.exe
10⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
11⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44076.exe
12⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
13⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
14⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 216
14⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
13⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
12⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
11⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
10⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
9⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
8⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59566.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48824.exe
11⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51419.exe
12⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
13⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 216
13⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 236
12⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 236
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 216
9⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 220
8⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
7⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
8⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62970.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42846.exe
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54574.exe
11⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19056.exe
12⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61396.exe
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 216
13⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
11⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
8⤵
- Program crash
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
7⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
7⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
8⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-63458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63458.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31440.exe
11⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
12⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12963.exe
13⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
13⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 236
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
10⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24080.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1242.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54631.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
10⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
11⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
12⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
10⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
8⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 220
7⤵
- Program crash
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
6⤵
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34282.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
6⤵
- Program crash
PID:376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
5⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9503.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41704.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
8⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
11⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45503.exe
12⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52662.exe
13⤵
PID:11664

C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57032.exe
14⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
13⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
12⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
11⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
10⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9581.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
10⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
11⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
12⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45081.exe
13⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 236
12⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
11⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 220
8⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
7⤵
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37615.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55954.exe
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
11⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
12⤵
PID:11712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
13⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
12⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 236
8⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
7⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59830.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22566.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1159.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24652.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6473.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
11⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13300.exe
12⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
13⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
13⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
11⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45264.exe
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18010.exe
10⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
11⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
12⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 216
12⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
9⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
6⤵
- Program crash
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44672.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33209.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1434.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42950.exe
10⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
11⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14914.exe
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
12⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20463.exe
7⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62991.exe
8⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
9⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54193.exe
10⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22554.exe
11⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 220
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
10⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
8⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 220
7⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
6⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
7⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35664.exe
8⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe
9⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50576.exe
10⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7452.exe
11⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
10⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
9⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
8⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
7⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
6⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 220
5⤵
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8455.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49078.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63598.exe
9⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
10⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52664.exe
11⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47314.exe
12⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
13⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42374.exe
14⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12584.exe
15⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
15⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
14⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 236
13⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
12⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
11⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
10⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61413.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38274.exe
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
11⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
12⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9216.exe
13⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
14⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
14⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
12⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
11⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
10⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
9⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
8⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54636.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4039.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55482.exe
11⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-46214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46214.exe
12⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33254.exe
13⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe
14⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 216
14⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
12⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
10⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
9⤵
- Program crash
PID:496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
8⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
8⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44496.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51590.exe
11⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14309.exe
12⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57265.exe
13⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
14⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 236
14⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
13⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
12⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 236
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
10⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62534.exe
10⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33251.exe
11⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
12⤵
PID:11856

C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10545.exe
13⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 236
12⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
11⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
9⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
8⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
7⤵
- Program crash
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64023.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24896.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53624.exe
10⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19302.exe
11⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
12⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
13⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40784.exe
14⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
14⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 236
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
12⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
10⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57340.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29437.exe
11⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-25413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25413.exe
12⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
12⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
11⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 236
10⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 220
9⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
8⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41507.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42140.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26785.exe
10⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12062.exe
11⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43067.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26970.exe
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
13⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 236
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
9⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
8⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
6⤵
- Program crash
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65414.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8128.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19442.exe
8⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-34403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34403.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3046.exe
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 220
13⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16187.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1346.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46925.exe
10⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65075.exe
11⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8547.exe
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 216
12⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
11⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38470.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51782.exe
9⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7210.exe
10⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58417.exe
11⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-33815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33815.exe
12⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 236
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
9⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
8⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
7⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36629.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26619.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12498.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
11⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37904.exe
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 216
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
7⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23220.exe
8⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
9⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34616.exe
10⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
11⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
10⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
8⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
6⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
5⤵
- Program crash
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17200.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43925.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1906.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48689.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59929.exe
10⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
11⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 220
12⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
11⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
9⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60453.exe
7⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28653.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14065.exe
9⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44268.exe
10⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-197.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
10⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
8⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
7⤵
- Program crash
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51662.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-15611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15611.exe
7⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8891.exe
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61787.exe
9⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8414.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24427.exe
11⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
12⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
10⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
9⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
8⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
7⤵
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
6⤵
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45549.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63359.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
7⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53619.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34619.exe
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 236
12⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
11⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
8⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
7⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63930.exe
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53235.exe
9⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24315.exe
10⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65215.exe
11⤵
PID:11340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29383.exe
12⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 236
11⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
10⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
9⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
8⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
7⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
6⤵
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35285.exe
7⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
9⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41471.exe
10⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37255.exe
11⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11204 -s 236
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
11⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 236
10⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
9⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
8⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
7⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
6⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
5⤵
- Program crash
PID:1468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64179.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38658.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60142.exe
10⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-29961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29961.exe
11⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15054.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61178.exe
13⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 220
13⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
9⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 216
7⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3037.exe
6⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11273.exe
7⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65409.exe
8⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 240
9⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
8⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
7⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
8⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
9⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
10⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
11⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
11⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
10⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
9⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
8⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
6⤵
- Program crash
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62762.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
6⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37916.exe
7⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4594.exe
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39722.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7402.exe
10⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41697.exe
11⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56134.exe
12⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10512 -s 216
12⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 236
9⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 216
8⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61880.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
8⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27273.exe
9⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32595.exe
10⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
11⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
10⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
9⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
8⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
7⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65113.exe
6⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
7⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25332.exe
8⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51450.exe
9⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-19139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19139.exe
10⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3425.exe
11⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
9⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
8⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
7⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
5⤵
- Program crash
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3556.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39649.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5222.exe
6⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33391.exe
9⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34621.exe
10⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52086.exe
11⤵
PID:11584

C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3856.exe
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 236
11⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
10⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
9⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
8⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
7⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
6⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
5⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
6⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13494.exe
7⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
8⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
9⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
10⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 236
10⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 236
9⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
8⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
7⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6073.exe
6⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33827.exe
7⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39442.exe
8⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64055.exe
9⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-15106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15106.exe
10⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
9⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
8⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
7⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
6⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
5⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
4⤵
- Program crash
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
2⤵
- Program crash
PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2197.exe

Filesize
184KB

MD5
a0273374217d97a5a168cd3a35461402

SHA1
f8adf8489e7c77f9cce97185073044afee062cc7

SHA256
1aa05f3c9c921f4c992b48d11271cedbfdf86c7ef89a01aedbe9147343d0a6ad

SHA512
38d7250c362ad7bc6210b2bdb9e9c9e9ca70532afab6f1bcafd671ad2cb202a28cd80f9248b8e95098f9829f507c29111d6c70e8710a7e08567093ee54591257

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36534.exe

Filesize
184KB

MD5
6751e9d1233ee49c0eaa9adac9c1d6de

SHA1
fa5ce3bedf0ea375c7dc8ef20f1398f6753a1005

SHA256
7a932cfdf357b351633774cb16c4ed56bba1c6594eed00a64fa6713484e29de9

SHA512
3a43ca8463f9fc6ba568e50ef926c1291499e5a7ac73d86638686e68c820ef05d611fd9db1a5c1ae430788b72b2a0f88789eede021c89b88af62de75c9cc700f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37579.exe

Filesize
184KB

MD5
ac13f80fbc1bc6b0a35f555762131230

SHA1
ade610ef14f3b83dac5c19fd1b6c21f578606e88

SHA256
bfeccbbcf074bc6c7d9dbbd080b5a329fe0bfef6f776b2f7b52c4212d0c6ae45

SHA512
0484ce97ef7635928d22b4caa84c1ec00e635ca0f39cd2da0741a68fc9d0c47a1674ed99e87872be231bec1153d4ff387990db5a3f65a2904681b2478bb6c6b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39099.exe

Filesize
184KB

MD5
51816c005766f079e8654057880bd065

SHA1
e3656eec66a11d784ff24e6f72ed4c70acb0dd55

SHA256
611ea6ed9f89755e210e4706106c28c0e5e05dea07a76c4ede0f02fc95daec04

SHA512
e2321e845cda2e2322d13ec799df6f0797e3f3daade96fa9deebf9cff740c132f2fb961eb7db1af5668bda12d09b10558690298058dbd62a56efed05fd94e93e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40639.exe

Filesize
184KB

MD5
10f68c032afd53697c6a2382c232e1c6

SHA1
ca77105c861949d443997f28de0dfb0c550501c4

SHA256
32f102d148be0597ca1767d81ad6a1eeda0d15aa1ab4dfeae929bf528725aa00

SHA512
44b61b0c21d8f0af5c94c81c4b42ab179ad242390a063a538d5cd34e18d0dc62bdb37e6f03b46116ae13a5c7592de897fcb3bcce086ef50da7f8e1d0a204e1e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43033.exe

Filesize
184KB

MD5
efbc27b62400896397001a06b04de194

SHA1
0e7cb546c5aeb9d4154bac368b93ae3222e52a9f

SHA256
c0a973215a6ae2ea8eaa11f4d30a50deebe9bf683ce0fd11db77f5912de49735

SHA512
e34a3c2d51d32700cb3115e388bd8920b63c95fca9969a25322f61b0b2d4892246d0b6d615c949d26c6177e77d9822e9b75cdcc1399d4ec1af50ba40b75997ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe

Filesize
184KB

MD5
c58f91dc174f67fb87a516fffe2a702a

SHA1
d1eebf2bd491bfdd6fb0a1899a78560d6d518540

SHA256
aec6a115af1c95de20f8e12350599d9f6189074d314c210b8f33aee11050ebf4

SHA512
e4572857bd1116a7e123a40fbbd87524fc1a3bd4d2749c7fb4ff5b760a5adf7ec313d5f09fff3d684745f51d46e109059bd0d799f5175c835845f30419d56459

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5565.exe

Filesize
184KB

MD5
588564b84749803b3838955891d9ac84

SHA1
fd4950896b9a9469302136aa6a41263918d2731b

SHA256
eaa4bbd7b6de536cdd5c3c701e1930bcf83c72635404bb99b7f45cbf8b860bd9

SHA512
b9c52d58b72be6a7f122a62699ea0e75a0f88aabfeb84d5b5fb36925ac171fe9b88b1b7c65481e461af06c9f5b2a71a1a6a42a70db84a4562f93e0441f044b07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe

Filesize
184KB

MD5
639d3487fddcd1b8882e067bcd80ebdb

SHA1
ce4f8ad11bf6131fdd7babb03ad5e9968e8468f8

SHA256
3d3e3319ba4cb1097bb57c2dd37a61267dfc3cca30a6f0bedbb8e2cf215cd235

SHA512
317c2acf5a4ae0b4af3ebd64f6c33e90bc13ecc739cd6862b1ba9eb3ea16cd75e55d466de6808dea310cdbd19fc11f094d83901ee4bfe52509356a44b78295c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62129.exe

Filesize
184KB

MD5
2e3392cbf91bb62d3589c13b8c07ccb1

SHA1
763a940f1cb555a4c9c14e83acf9466bdfee547e

SHA256
8ffbaf87b75c58f6f922b6d232d627bf3a7e20a09fb4952d45b7cc441a750cd5

SHA512
420194acd10b402b13f62eb4edd4d12213928c01dc6834b93c4d98f9ff79c1d491e7c9e55b9fbf8b85369e11636838986c10b2cb65f7c2f07030d70c7c514615

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64589.exe

Filesize
184KB

MD5
c998c2d230c8b8a8ada1df8d7860b7a2

SHA1
42006937cff77c65a63e8b4b0945eba8e135de0c

SHA256
4702b4921d8f8949f32c56e80aaa6a84a9fb41107ca8ef4f5134b8b70c8a677f

SHA512
c3cc86e86f874380ddc498369ace697c4fd55f1eceb5fccba480c68c50a24c77779e3b3d29bd92c528b184fdc2e8d349622fb7fc77191cb744482d9d7b6842a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe

Filesize
184KB

MD5
ba2fbdb9a05285b7ec7ad88c67aa40e1

SHA1
4e4c1578a9b6fef82fecbfbc3b3a862f0db62b9f

SHA256
cc2c99f53453bbdfb09a4e203d109f6462012189cf59b46b8b981d98a232a1cb

SHA512
552057116e4729f8c48cc7d5d86de9642d616c01f21f3cda6e9797ae0c116f7f1d8f13660dc3a4766ee542ac8fa811bda01a9898a51c8b32bdb81b867533ebde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8604.exe

Filesize
184KB

MD5
67cbd21b156e9523f9558bc21d91981e

SHA1
952a25a34735ae67b8de6b2d0701593fc25150d6

SHA256
fa66864e1a0286e0095e8a33bae7b5c2338f4f7d3dd1da458e69c9863524b694

SHA512
8f20e9aad929f340e2212c8d92125ca4180ffa42e70da28b6a8cc6f63a4b5fe208e135d7f4dd883256977ab05e4e88e9d464a4d97afe04b9946eae509230b0af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13867.exe

Filesize
184KB

MD5
0f5a53c84bcf5e231c84cce306541987

SHA1
0412dbbafb2996ce8c801a5c212d27a4d2035c6c

SHA256
451470d76687df4ae88078e66e9edece6282659287cef4b2a474eff931860b51

SHA512
7903d9735b3c84314b9a1292a9a094bcf16414ac2b7e67da224dd24111531cb08c0fe95e6c6b00216662144c862002b0e78b4e74388856ca51ca2ddb4b2a60e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19233.exe

Filesize
184KB

MD5
1db4fab24d21103ba40628038d73877d

SHA1
13fecad5b9cc1ab1ec4f82f14b0a76b1aebed811

SHA256
8d927d7fc08c02825cd1337b37fea11c39ded0714fdce24f30bf35cdb7b7cf00

SHA512
d20512e882d94e3527dfe66a7a82a25c6163a2e92df503bbc24d36b72185961f2e107f15913f1b1d64d05e9abb641cef59f163afabb2599e92e65d8d9e4384df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20329.exe

Filesize
184KB

MD5
d7f198fab16485f4681399a9aef5dd36

SHA1
95d14e385b6f961933427664b63aed0a82f0bea0

SHA256
3d933622fe478f437e65ef0083e5203a56a2b3a55e92540e5c8d8b73648a4390

SHA512
1960e45584e9a00cd3c8763f4987d3e04fc85d04c02149116dec01f80d359660af3532f0f54d09e3f1f007d4c82ae24f8be303acef1360583c97e8264b76e884

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe

Filesize
184KB

MD5
e3a74112576553db4274f2fe3562d95f

SHA1
aaaabafca7b63c68ec6124a452057183213e61f9

SHA256
59308a477d36899f44e8c2961a7b7f0c501e4629688ddae0e36d2c9acbc9eb05

SHA512
f1175ba88145956b89eaa2733f583ddbb58ef3d432a6602c328c8c9a549941efd0ae161b038510c7cbcc9e8c214036cd926237d254d50f116680109ca0784d2e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2897.exe

Filesize
184KB

MD5
bce8bb6ae261d80c47fc675f808db830

SHA1
9c40ac042740f0d911281332791e5a285739de38

SHA256
621ddec75ed424c64318bc28674c599d960e5a60f8374c9d9d2c47277cc59f91

SHA512
677256f8b36ca3a5d7ec8c9402b44a44cca6bd39804d771a27d4bd024ce00fe15b68dad2cbb1b63e42f652872e3baa7517bcd2fc50757828404ff7b64228597a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33624.exe

Filesize
184KB

MD5
baca4d4d175b688724e2da9895767ce1

SHA1
7619298ef353e59d3cbbc59152df2f81413138e9

SHA256
e04b4e31a13bff2ba6b3341de07678c1724008def02f7c45ea0fac49e47dc7ba

SHA512
2ff13be35a83c23b9c85cc6c9dfa22aaf4538181ec5b8e83328ac932360e9de789b1a3341a344c349cb2c7e13c2f75b391da56a67e4765626da745cb70a68c37

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48569.exe

Filesize
184KB

MD5
eddc0ea5d13bc384212b3b84a14fb5c8

SHA1
845f2345a388bec3da14d4bf1793a420817f207c

SHA256
bb5e442b971e463857cd2660056c15a743e1eda02a7016d1bf1f8a0502228bc7

SHA512
c5b4b164855de3082cbab525db1e12cada9a3a613eb7bc6a7cf484407e558ea582d6419be52f6efad2fa223f03712271eff3ae538aba61497cc22e48924e3a80

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55435.exe

Filesize
184KB

MD5
2d2018fba2a4bc0ac9ddd7d33f86aed5

SHA1
069dd7af7ab20d7d4fb1239c1c0914470c74f854

SHA256
ddc5b9e2b6e858e034e626901fdd5940e463bf6afda33e7fdb3ce0329fb95157

SHA512
2bdb5c643fa63b4719d870f8510e9b787040b13ed7b5be36e36a5edda061db6cef99bd2fd13ae3699a14ad336c9b1f849b9c404cb855192c808b52889e42bc52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60505.exe

Filesize
184KB

MD5
f05acb5f3e85995e42a156a3f5bd4b9d

SHA1
8af29551bb886613dec5f60f228a2e81a0fe86cd

SHA256
23b80c54f0e5648ba2bec480a4094148f273b208a619fb848d2cb081beb442a5

SHA512
aa1992d37cc57267d9c0ac63a75cfac446b14f8217c940e65d71b112663c5a6644d554e54c438ab4a67d491ba3cd1fe4c6a2823b4f072ca519cd0b75b20314a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64459.exe

Filesize
184KB

MD5
ec1b7e737fb1aa2fe1473c47de6fa75b

SHA1
6897b4726c2133606e0e05136a4ed1a58096cb5f

SHA256
10f71c63261792856b448dad0dc9853a1e757e650c7f88174b9644572d8af8c0

SHA512
3f4dd36ed0b48bf7a1f176cdfe4b63e56646b7fac2672d51141acb2494f2fd6fd52ba7a387a8f164500edfc3fc26be97c7d25eec1133d06551753170c014d1c1

Download Submit