76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
Size

184KB
MD5

df7eda4cab87539b9d71f9c7dab0a2fa
SHA1

66c764bd90bb62ade9028d3a0a2b7e513a27835f
SHA256

76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad
SHA512

5e90504d5813d59fddaefb8802e6a44c68a059b1b8bdb2c98a3d23c6c42242d3a0556adcf8b6701cbc3f8282136748685593d47644118991e66acd7aaa3fbf54
SSDEEP

3072:hwfnigocNO2UdRjYeaqlaFwNCYYxPuCH+B0O5qxUbehlnVOFr:hwNoIQRjVoFwNAeKLhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-53627.exeUnicorn-62947.exeUnicorn-43081.exeUnicorn-28028.exeUnicorn-28028.exeUnicorn-47057.exeUnicorn-41432.exeUnicorn-25650.exeUnicorn-3092.exeUnicorn-49600.exeUnicorn-2620.exeUnicorn-48292.exeUnicorn-13481.exeUnicorn-37431.exeUnicorn-19149.exeUnicorn-30009.exeUnicorn-21334.exeUnicorn-32194.exeUnicorn-52060.exeUnicorn-25418.exeUnicorn-56144.exeUnicorn-36278.exeUnicorn-60228.exeUnicorn-13720.exeUnicorn-64312.exeUnicorn-30654.exeUnicorn-61380.exeUnicorn-45599.exeUnicorn-4011.exeUnicorn-23040.exeUnicorn-8095.exeUnicorn-27124.exeUnicorn-27124.exeUnicorn-46990.exeUnicorn-12179.exeUnicorn-61935.exeUnicorn-16264.exeUnicorn-16264.exeUnicorn-26653.exeUnicorn-57379.exeUnicorn-41597.exeUnicorn-50342.exeUnicorn-23699.exeUnicorn-37535.exeUnicorn-10892.exeUnicorn-14976.exeUnicorn-60648.exeUnicorn-25837.exeUnicorn-49787.exeUnicorn-23145.exeUnicorn-19061.exeUnicorn-53871.exeUnicorn-23145.exeUnicorn-34005.exeUnicorn-7363.exeUnicorn-27229.exeUnicorn-38089.exeUnicorn-31313.exeUnicorn-42173.exeUnicorn-18568.exeUnicorn-3362.exeUnicorn-27312.exeUnicorn-46341.exeUnicorn-35480.exe

pid	process
3064	Unicorn-53627.exe
2860	Unicorn-62947.exe
2908	Unicorn-43081.exe
2556	Unicorn-28028.exe
2548	Unicorn-28028.exe
2684	Unicorn-47057.exe
2748	Unicorn-41432.exe
2288	Unicorn-25650.exe
1204	Unicorn-3092.exe
2316	Unicorn-49600.exe
2492	Unicorn-2620.exe
1196	Unicorn-48292.exe
1756	Unicorn-13481.exe
2896	Unicorn-37431.exe
2084	Unicorn-19149.exe
2140	Unicorn-30009.exe
344	Unicorn-21334.exe
2272	Unicorn-32194.exe
1040	Unicorn-52060.exe
2628	Unicorn-25418.exe
2252	Unicorn-56144.exe
1876	Unicorn-36278.exe
272	Unicorn-60228.exe
2312	Unicorn-13720.exe
568	Unicorn-64312.exe
892	Unicorn-30654.exe
2296	Unicorn-61380.exe
1588	Unicorn-45599.exe
2620	Unicorn-4011.exe
1604	Unicorn-23040.exe
2916	Unicorn-8095.exe
2580	Unicorn-27124.exe
2536	Unicorn-27124.exe
2920	Unicorn-46990.exe
2656	Unicorn-12179.exe
2476	Unicorn-61935.exe
2676	Unicorn-16264.exe
2696	Unicorn-16264.exe
2500	Unicorn-26653.exe
1180	Unicorn-57379.exe
1688	Unicorn-41597.exe
2984	Unicorn-50342.exe
852	Unicorn-23699.exe
1696	Unicorn-37535.exe
2136	Unicorn-10892.exe
1620	Unicorn-14976.exe
948	Unicorn-60648.exe
860	Unicorn-25837.exe
1580	Unicorn-49787.exe
2956	Unicorn-23145.exe
2332	Unicorn-19061.exe
1936	Unicorn-53871.exe
1496	Unicorn-23145.exe
936	Unicorn-34005.exe
2220	Unicorn-7363.exe
1656	Unicorn-27229.exe
1552	Unicorn-38089.exe
1440	Unicorn-31313.exe
1584	Unicorn-42173.exe
2004	Unicorn-18568.exe
1712	Unicorn-3362.exe
1616	Unicorn-27312.exe
2764	Unicorn-46341.exe
1212	Unicorn-35480.exe

Loads dropped DLL 64 IoCs

Processes:

76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exeUnicorn-53627.exeUnicorn-62947.exeUnicorn-43081.exeWerFault.exeUnicorn-28028.exeUnicorn-47057.exeWerFault.exeWerFault.exeUnicorn-41432.exeUnicorn-28028.exeUnicorn-25650.exeUnicorn-3092.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-48292.exe

pid	process
1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
3064	Unicorn-53627.exe
3064	Unicorn-53627.exe
1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
2860	Unicorn-62947.exe
2908	Unicorn-43081.exe
2860	Unicorn-62947.exe
3064	Unicorn-53627.exe
2908	Unicorn-43081.exe
3064	Unicorn-53627.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2444	WerFault.exe
2548	Unicorn-28028.exe
2548	Unicorn-28028.exe
2908	Unicorn-43081.exe
2908	Unicorn-43081.exe
2684	Unicorn-47057.exe
2684	Unicorn-47057.exe
2860	Unicorn-62947.exe
2860	Unicorn-62947.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2192	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2204	WerFault.exe
2192	WerFault.exe
2204	WerFault.exe
2748	Unicorn-41432.exe
2548	Unicorn-28028.exe
2748	Unicorn-41432.exe
2548	Unicorn-28028.exe
2556	Unicorn-28028.exe
2556	Unicorn-28028.exe
2288	Unicorn-25650.exe
2288	Unicorn-25650.exe
1204	Unicorn-3092.exe
1204	Unicorn-3092.exe
2684	Unicorn-47057.exe
2684	Unicorn-47057.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
1948	WerFault.exe
584	WerFault.exe
584	WerFault.exe
960	WerFault.exe
960	WerFault.exe
584	WerFault.exe
584	WerFault.exe
960	WerFault.exe
960	WerFault.exe
584	WerFault.exe
960	WerFault.exe
1196	Unicorn-48292.exe
1196	Unicorn-48292.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2644	1576	WerFault.exe	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
2444	3064	WerFault.exe	Unicorn-53627.exe
2192	2908	WerFault.exe	Unicorn-43081.exe
2204	2860	WerFault.exe	Unicorn-62947.exe
1948	2548	WerFault.exe	Unicorn-28028.exe
584	2684	WerFault.exe	Unicorn-47057.exe
960	2556	WerFault.exe	Unicorn-28028.exe
1452	2748	WerFault.exe	Unicorn-41432.exe
3044	2288	WerFault.exe	Unicorn-25650.exe
1500	2316	WerFault.exe	Unicorn-49600.exe
2232	1204	WerFault.exe	Unicorn-3092.exe
3068	1196	WerFault.exe	Unicorn-48292.exe
2080	2492	WerFault.exe	Unicorn-2620.exe
2024	1756	WerFault.exe	Unicorn-13481.exe
952	2896	WerFault.exe	Unicorn-37431.exe
2000	2084	WerFault.exe	Unicorn-19149.exe
940	2140	WerFault.exe	Unicorn-30009.exe
2168	2272	WerFault.exe	Unicorn-32194.exe
2524	344	WerFault.exe	Unicorn-21334.exe
2440	2628	WerFault.exe	Unicorn-25418.exe
2472	1040	WerFault.exe	Unicorn-52060.exe
768	2252	WerFault.exe	Unicorn-56144.exe
2760	1876	WerFault.exe	Unicorn-36278.exe
2624	2312	WerFault.exe	Unicorn-13720.exe
2428	272	WerFault.exe	Unicorn-60228.exe
2452	568	WerFault.exe	Unicorn-64312.exe
2360	2296	WerFault.exe	Unicorn-61380.exe
2344	892	WerFault.exe	Unicorn-30654.exe
2256	1588	WerFault.exe	Unicorn-45599.exe
1536	2916	WerFault.exe	Unicorn-8095.exe
268	2620	WerFault.exe	Unicorn-4011.exe
2400	2676	WerFault.exe	Unicorn-16264.exe
2164	2656	WerFault.exe	Unicorn-12179.exe
1544	1604	WerFault.exe	Unicorn-23040.exe
1100	2580	WerFault.exe	Unicorn-27124.exe
1888	2536	WerFault.exe	Unicorn-27124.exe
2976	2696	WerFault.exe	Unicorn-16264.exe
4000	1180	WerFault.exe	Unicorn-57379.exe
4016	2500	WerFault.exe	Unicorn-26653.exe
4040	3492	WerFault.exe	Unicorn-38014.exe
4056	1688	WerFault.exe	Unicorn-41597.exe
4088	2984	WerFault.exe	Unicorn-50342.exe
3076	852	WerFault.exe	Unicorn-23699.exe
3120	1696	WerFault.exe	Unicorn-37535.exe
3136	2136	WerFault.exe	Unicorn-10892.exe
3208	1580	WerFault.exe	Unicorn-49787.exe
3228	1656	WerFault.exe	Unicorn-27229.exe
3256	1620	WerFault.exe	Unicorn-14976.exe
3360	860	WerFault.exe	Unicorn-25837.exe
3372	2956	WerFault.exe	Unicorn-23145.exe
3508	936	WerFault.exe	Unicorn-34005.exe
3488	1496	WerFault.exe	Unicorn-23145.exe
3536	2220	WerFault.exe	Unicorn-7363.exe
3576	1584	WerFault.exe	Unicorn-42173.exe
3976	1552	WerFault.exe	Unicorn-38089.exe
2920	1936	WerFault.exe	Unicorn-53871.exe
3980	1440	WerFault.exe	Unicorn-31313.exe
4644	1672	WerFault.exe	Unicorn-10783.exe
4664	2436	WerFault.exe	Unicorn-52371.exe
4692	2828	WerFault.exe	Unicorn-62506.exe
4708	2340	WerFault.exe	Unicorn-7830.exe
4740	596	WerFault.exe	Unicorn-18952.exe
4760	2248	WerFault.exe	Unicorn-41510.exe
4752	1364	WerFault.exe	Unicorn-17560.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exeUnicorn-53627.exeUnicorn-43081.exeUnicorn-62947.exeUnicorn-28028.exeUnicorn-28028.exeUnicorn-47057.exeUnicorn-41432.exeUnicorn-25650.exeUnicorn-3092.exeUnicorn-49600.exeUnicorn-2620.exeUnicorn-48292.exeUnicorn-13481.exeUnicorn-37431.exeUnicorn-19149.exeUnicorn-30009.exeUnicorn-21334.exeUnicorn-32194.exeUnicorn-25418.exeUnicorn-52060.exeUnicorn-56144.exeUnicorn-36278.exeUnicorn-13720.exeUnicorn-60228.exeUnicorn-64312.exeUnicorn-30654.exeUnicorn-61380.exeUnicorn-45599.exeUnicorn-4011.exeUnicorn-23040.exeUnicorn-8095.exeUnicorn-27124.exeUnicorn-27124.exeUnicorn-46990.exeUnicorn-12179.exeUnicorn-16264.exeUnicorn-61935.exeUnicorn-16264.exeUnicorn-26653.exeUnicorn-57379.exeUnicorn-41597.exeUnicorn-50342.exeUnicorn-23699.exeUnicorn-37535.exeUnicorn-10892.exeUnicorn-14976.exeUnicorn-23145.exeUnicorn-49787.exeUnicorn-25837.exeUnicorn-60648.exeUnicorn-38089.exeUnicorn-27229.exeUnicorn-53871.exeUnicorn-19061.exeUnicorn-34005.exeUnicorn-23145.exeUnicorn-7363.exeUnicorn-42173.exeUnicorn-31313.exeUnicorn-18568.exeUnicorn-3362.exeUnicorn-27312.exeUnicorn-46341.exe

pid	process
1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
3064	Unicorn-53627.exe
2908	Unicorn-43081.exe
2860	Unicorn-62947.exe
2548	Unicorn-28028.exe
2556	Unicorn-28028.exe
2684	Unicorn-47057.exe
2748	Unicorn-41432.exe
2288	Unicorn-25650.exe
1204	Unicorn-3092.exe
2316	Unicorn-49600.exe
2492	Unicorn-2620.exe
1196	Unicorn-48292.exe
1756	Unicorn-13481.exe
2896	Unicorn-37431.exe
2084	Unicorn-19149.exe
2140	Unicorn-30009.exe
344	Unicorn-21334.exe
2272	Unicorn-32194.exe
2628	Unicorn-25418.exe
1040	Unicorn-52060.exe
2252	Unicorn-56144.exe
1876	Unicorn-36278.exe
2312	Unicorn-13720.exe
272	Unicorn-60228.exe
568	Unicorn-64312.exe
892	Unicorn-30654.exe
2296	Unicorn-61380.exe
1588	Unicorn-45599.exe
2620	Unicorn-4011.exe
1604	Unicorn-23040.exe
2916	Unicorn-8095.exe
2580	Unicorn-27124.exe
2536	Unicorn-27124.exe
2920	Unicorn-46990.exe
2656	Unicorn-12179.exe
2676	Unicorn-16264.exe
2476	Unicorn-61935.exe
2696	Unicorn-16264.exe
2500	Unicorn-26653.exe
1180	Unicorn-57379.exe
1688	Unicorn-41597.exe
2984	Unicorn-50342.exe
852	Unicorn-23699.exe
1696	Unicorn-37535.exe
2136	Unicorn-10892.exe
1620	Unicorn-14976.exe
2956	Unicorn-23145.exe
1580	Unicorn-49787.exe
860	Unicorn-25837.exe
948	Unicorn-60648.exe
1552	Unicorn-38089.exe
1656	Unicorn-27229.exe
1936	Unicorn-53871.exe
2332	Unicorn-19061.exe
936	Unicorn-34005.exe
1496	Unicorn-23145.exe
2220	Unicorn-7363.exe
1584	Unicorn-42173.exe
1440	Unicorn-31313.exe
2004	Unicorn-18568.exe
1712	Unicorn-3362.exe
1616	Unicorn-27312.exe
2764	Unicorn-46341.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exeUnicorn-53627.exeUnicorn-62947.exeUnicorn-43081.exeUnicorn-28028.exeUnicorn-47057.exeUnicorn-41432.exe

description	pid	process	target process
PID 1576 wrote to memory of 3064	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-53627.exe
PID 1576 wrote to memory of 3064	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-53627.exe
PID 1576 wrote to memory of 3064	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-53627.exe
PID 1576 wrote to memory of 3064	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-53627.exe
PID 3064 wrote to memory of 2860	3064	Unicorn-53627.exe	Unicorn-62947.exe
PID 3064 wrote to memory of 2860	3064	Unicorn-53627.exe	Unicorn-62947.exe
PID 3064 wrote to memory of 2860	3064	Unicorn-53627.exe	Unicorn-62947.exe
PID 3064 wrote to memory of 2860	3064	Unicorn-53627.exe	Unicorn-62947.exe
PID 1576 wrote to memory of 2908	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-43081.exe
PID 1576 wrote to memory of 2908	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-43081.exe
PID 1576 wrote to memory of 2908	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-43081.exe
PID 1576 wrote to memory of 2908	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	Unicorn-43081.exe
PID 1576 wrote to memory of 2644	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	WerFault.exe
PID 1576 wrote to memory of 2644	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	WerFault.exe
PID 1576 wrote to memory of 2644	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	WerFault.exe
PID 1576 wrote to memory of 2644	1576	76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe	WerFault.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-62947.exe	Unicorn-28028.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-62947.exe	Unicorn-28028.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-62947.exe	Unicorn-28028.exe
PID 2860 wrote to memory of 2556	2860	Unicorn-62947.exe	Unicorn-28028.exe
PID 2908 wrote to memory of 2548	2908	Unicorn-43081.exe	Unicorn-28028.exe
PID 2908 wrote to memory of 2548	2908	Unicorn-43081.exe	Unicorn-28028.exe
PID 2908 wrote to memory of 2548	2908	Unicorn-43081.exe	Unicorn-28028.exe
PID 2908 wrote to memory of 2548	2908	Unicorn-43081.exe	Unicorn-28028.exe
PID 3064 wrote to memory of 2684	3064	Unicorn-53627.exe	Unicorn-47057.exe
PID 3064 wrote to memory of 2684	3064	Unicorn-53627.exe	Unicorn-47057.exe
PID 3064 wrote to memory of 2684	3064	Unicorn-53627.exe	Unicorn-47057.exe
PID 3064 wrote to memory of 2684	3064	Unicorn-53627.exe	Unicorn-47057.exe
PID 3064 wrote to memory of 2444	3064	Unicorn-53627.exe	WerFault.exe
PID 3064 wrote to memory of 2444	3064	Unicorn-53627.exe	WerFault.exe
PID 3064 wrote to memory of 2444	3064	Unicorn-53627.exe	WerFault.exe
PID 3064 wrote to memory of 2444	3064	Unicorn-53627.exe	WerFault.exe
PID 2548 wrote to memory of 2748	2548	Unicorn-28028.exe	Unicorn-41432.exe
PID 2548 wrote to memory of 2748	2548	Unicorn-28028.exe	Unicorn-41432.exe
PID 2548 wrote to memory of 2748	2548	Unicorn-28028.exe	Unicorn-41432.exe
PID 2548 wrote to memory of 2748	2548	Unicorn-28028.exe	Unicorn-41432.exe
PID 2908 wrote to memory of 2288	2908	Unicorn-43081.exe	Unicorn-25650.exe
PID 2908 wrote to memory of 2288	2908	Unicorn-43081.exe	Unicorn-25650.exe
PID 2908 wrote to memory of 2288	2908	Unicorn-43081.exe	Unicorn-25650.exe
PID 2908 wrote to memory of 2288	2908	Unicorn-43081.exe	Unicorn-25650.exe
PID 2684 wrote to memory of 2316	2684	Unicorn-47057.exe	Unicorn-49600.exe
PID 2684 wrote to memory of 2316	2684	Unicorn-47057.exe	Unicorn-49600.exe
PID 2684 wrote to memory of 2316	2684	Unicorn-47057.exe	Unicorn-49600.exe
PID 2684 wrote to memory of 2316	2684	Unicorn-47057.exe	Unicorn-49600.exe
PID 2860 wrote to memory of 1204	2860	Unicorn-62947.exe	Unicorn-3092.exe
PID 2860 wrote to memory of 1204	2860	Unicorn-62947.exe	Unicorn-3092.exe
PID 2860 wrote to memory of 1204	2860	Unicorn-62947.exe	Unicorn-3092.exe
PID 2860 wrote to memory of 1204	2860	Unicorn-62947.exe	Unicorn-3092.exe
PID 2908 wrote to memory of 2192	2908	Unicorn-43081.exe	WerFault.exe
PID 2860 wrote to memory of 2204	2860	Unicorn-62947.exe	WerFault.exe
PID 2908 wrote to memory of 2192	2908	Unicorn-43081.exe	WerFault.exe
PID 2908 wrote to memory of 2192	2908	Unicorn-43081.exe	WerFault.exe
PID 2908 wrote to memory of 2192	2908	Unicorn-43081.exe	WerFault.exe
PID 2860 wrote to memory of 2204	2860	Unicorn-62947.exe	WerFault.exe
PID 2860 wrote to memory of 2204	2860	Unicorn-62947.exe	WerFault.exe
PID 2860 wrote to memory of 2204	2860	Unicorn-62947.exe	WerFault.exe
PID 2748 wrote to memory of 2492	2748	Unicorn-41432.exe	Unicorn-2620.exe
PID 2748 wrote to memory of 2492	2748	Unicorn-41432.exe	Unicorn-2620.exe
PID 2748 wrote to memory of 2492	2748	Unicorn-41432.exe	Unicorn-2620.exe
PID 2748 wrote to memory of 2492	2748	Unicorn-41432.exe	Unicorn-2620.exe
PID 2548 wrote to memory of 1196	2548	Unicorn-28028.exe	Unicorn-48292.exe
PID 2548 wrote to memory of 1196	2548	Unicorn-28028.exe	Unicorn-48292.exe
PID 2548 wrote to memory of 1196	2548	Unicorn-28028.exe	Unicorn-48292.exe
PID 2548 wrote to memory of 1196	2548	Unicorn-28028.exe	Unicorn-48292.exe

C:\Users\Admin\AppData\Local\Temp\76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe
"C:\Users\Admin\AppData\Local\Temp\76ff896950e6e5106c567be4f6bb7c3cd031483874e30a818c25f7b170b4bcad.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-53627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53627.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25418.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4011.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2615.exe
9⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
10⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60293.exe
11⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
12⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31010.exe
13⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
14⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 220
14⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
13⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
12⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61424.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33407.exe
11⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5602.exe
12⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
13⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 236
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
10⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34912.exe
10⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
11⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26687.exe
12⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23636.exe
13⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29153.exe
14⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
13⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
12⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
11⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
10⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
9⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52371.exe
8⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20548.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27813.exe
10⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50366.exe
11⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
12⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
13⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
13⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
12⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
11⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
9⤵
- Program crash
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
8⤵
- Program crash
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25837.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61691.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12711.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
11⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 220
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
10⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
9⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 216
8⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
7⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
8⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64377.exe
10⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-34501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34501.exe
11⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 220
12⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64932.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17973.exe
10⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
11⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
12⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
12⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
11⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54351.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
10⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18021.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29682.exe
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
11⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 220
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50809.exe
7⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31238.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38420.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17180.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
11⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
12⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
13⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 220
11⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62109.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
10⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8114.exe
11⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 220
10⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 220
8⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 220
7⤵
- Program crash
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
6⤵
- Program crash
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19149.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-19061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19061.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
9⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
10⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9914.exe
11⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53848.exe
12⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27637.exe
13⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57746.exe
14⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 236
14⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
13⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
12⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
11⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
10⤵
- Program crash
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38014.exe
9⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 200
10⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
8⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8679.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23537.exe
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20709.exe
11⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3822.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
13⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
11⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55010.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
10⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64066.exe
11⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30097.exe
12⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 220
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 220
11⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
8⤵
- Program crash
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-7363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7363.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
8⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9146.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38970.exe
11⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 220
12⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
11⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1035.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19396.exe
11⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48332.exe
12⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 220
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 220
9⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 240
7⤵
- Program crash
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
6⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35480.exe
7⤵
- Executes dropped EXE
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16020.exe
8⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13557.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
12⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 220
11⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28668.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20880.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
10⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3023.exe
11⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47937.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38747.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
11⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 220
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 220
10⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
6⤵
- Program crash
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
5⤵
- Program crash
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
5⤵
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64312.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16264.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31313.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23612.exe
8⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
10⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-734.exe
11⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
12⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
13⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
12⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
11⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38673.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38690.exe
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 384
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
10⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 220
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
9⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43023.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1679.exe
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
11⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7830.exe
7⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40968.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-36749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36749.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34845.exe
11⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15946.exe
12⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 216
12⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
8⤵
- Program crash
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
7⤵
- Program crash
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42173.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5137.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40776.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
11⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
7⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
8⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23402.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14481.exe
10⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17461.exe
11⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 204
11⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 220
10⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
9⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
8⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
7⤵
- Program crash
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
6⤵
- Program crash
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23145.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49678.exe
7⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41195.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62016.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
11⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1939.exe
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 216
12⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
10⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54035.exe
10⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
11⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
10⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
9⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
8⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11372.exe
7⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32774.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
9⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3630.exe
10⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
11⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 236
11⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
10⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
9⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
8⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
7⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
6⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-511.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22084.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
9⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27118.exe
10⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 220
11⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
10⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
8⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14470.exe
7⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
8⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4123.exe
9⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18608.exe
10⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
10⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
9⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
7⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
5⤵
- Program crash
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10892.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41702.exe
9⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
10⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5171.exe
11⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7859.exe
12⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
13⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
14⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53273.exe
15⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
14⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 216
13⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
12⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
11⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32560.exe
10⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
11⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
12⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54170.exe
13⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
13⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
11⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64081.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3225.exe
10⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12327.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46422.exe
12⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
13⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
11⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
9⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52563.exe
8⤵
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41160.exe
9⤵
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25784.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30802.exe
11⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
12⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
13⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
13⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
12⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
11⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 236
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48897.exe
9⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24964.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54206.exe
11⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64860.exe
12⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
12⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 220
9⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
8⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60648.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
8⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57880.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65062.exe
10⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-44829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44829.exe
11⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6453.exe
12⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54824.exe
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
13⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 236
12⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
11⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-656.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53189.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24290.exe
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 236
12⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 220
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30252.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19941.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56941.exe
11⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13817.exe
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 236
11⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
9⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
7⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64068.exe
8⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14901.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
11⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
12⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 216
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
12⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
11⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56764.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34693.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6526.exe
12⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
10⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46183.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55332.exe
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34523.exe
10⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
11⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18416.exe
12⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
9⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
8⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48287.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23070.exe
8⤵
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 240
9⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14745.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47626.exe
9⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-226.exe
10⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
10⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 236
9⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
8⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
7⤵
- Program crash
PID:1888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
6⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32194.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30654.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18568.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48692.exe
9⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56126.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24388.exe
11⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24165.exe
12⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23060.exe
13⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
14⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
13⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
12⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3427.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56173.exe
11⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 236
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 236
11⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32910.exe
8⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58648.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
10⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52177.exe
11⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64284.exe
12⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
13⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
12⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
9⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
8⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3362.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30410.exe
8⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1279.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27294.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
11⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42866.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58020.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
10⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44632.exe
11⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 204
11⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 220
8⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
7⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23699.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12921.exe
7⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32176.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34471.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53786.exe
11⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
12⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
10⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
9⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-45355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45355.exe
7⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59691.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-838.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-693.exe
11⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
12⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
8⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
7⤵
- Program crash
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
6⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
5⤵
- Program crash
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27312.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57052.exe
9⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62732.exe
10⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
11⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
12⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50086.exe
13⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
12⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
11⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55119.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47522.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32608.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25774.exe
12⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 220
9⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
8⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46341.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65220.exe
8⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17808.exe
9⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59198.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
11⤵
PID:8028

C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47948.exe
12⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47819.exe
13⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
10⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-32752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32752.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
10⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62338.exe
11⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 220
10⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
8⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
7⤵
- Program crash
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39564.exe
7⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
8⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3417.exe
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27102.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
11⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 220
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
10⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49089.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53744.exe
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
10⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23491.exe
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 220
10⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 240
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21294.exe
7⤵
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39982.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57060.exe
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65005.exe
10⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5161.exe
11⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28577.exe
12⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
11⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
10⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
8⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
7⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
6⤵
- Program crash
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23755.exe
8⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45384.exe
10⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34663.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21882.exe
12⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 220
11⤵
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40728.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49276.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28140.exe
10⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 204
11⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
10⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
8⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59390.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
10⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
11⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52697.exe
12⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
11⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
9⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
7⤵
- Program crash
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
6⤵
- Program crash
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
5⤵
- Program crash
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56144.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46990.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
7⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32316.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
11⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 220
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
11⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
10⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33132.exe
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
10⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 220
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10783.exe
7⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22359.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
10⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35229.exe
11⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16330.exe
12⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 236
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 236
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
8⤵
- Program crash
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-682.exe
7⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13230.exe
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5135.exe
10⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50901.exe
11⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
11⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 220
10⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
9⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
8⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 220
7⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53871.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62506.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2073.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1746.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24143.exe
10⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57486.exe
11⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-19402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19402.exe
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
11⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
- Program crash
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55913.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50947.exe
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-371.exe
9⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
10⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46864.exe
11⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 216
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
10⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
9⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
8⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
7⤵
- Program crash
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
6⤵
- Program crash
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
5⤵
- Program crash
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-36278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36278.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12179.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49787.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33342.exe
7⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24632.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-978.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44014.exe
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45592.exe
11⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 220
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 220
11⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11839.exe
8⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18934.exe
9⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5965.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9484.exe
11⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 220
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
10⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
9⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12934.exe
7⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2924.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10381.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38062.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
11⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
10⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
9⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
8⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17560.exe
6⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49712.exe
7⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26822.exe
9⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59925.exe
10⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5639.exe
11⤵
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
10⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
9⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
8⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 216
7⤵
- Program crash
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
6⤵
- Program crash
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38089.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41510.exe
6⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6157.exe
7⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe
8⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61248.exe
9⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3926.exe
10⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
11⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
11⤵
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
10⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
9⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
8⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
7⤵
- Program crash
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
6⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
7⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-26438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26438.exe
8⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24155.exe
9⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29376.exe
10⤵
PID:2092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
10⤵
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
9⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
8⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
7⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
6⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
5⤵
- Program crash
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
4⤵
- Program crash
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
2⤵
- Program crash
PID:2644

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13481.exe

Filesize
184KB

MD5
c34aa62baf04d92353ada5b9fa89614f

SHA1
f93fd74962211e2c0c5993ebc3fa7c3a276d14fa

SHA256
8945e4f70ca198070639df64c31a1816b9956afd50e5457c5679c56b0fb39b16

SHA512
7af178d624aa001215d28b68e55f5ac5d00bbea049a188ceb3dd756b42280b66c8a6bb189d411a7fe330f94c4d809d515ba267083f6d533423495f66b8eed003

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19645.exe

Filesize
184KB

MD5
08edbeaccfba8e504540a6ee3cb3f42d

SHA1
e79c113c8737b72c7a0238ef12a9471b9d278ae2

SHA256
6ff239f54335569d8019762c6ce72cb1bb15a97bed9fa87cefdbe86bd75b7332

SHA512
24721ab224a89f60f2f5e11ed0efa524e301fa9b1fa3c3eaf34619c12e18a9ad4ba758fb569a70bff46b181547e86430680fe3aedf46834d59790f50e6657e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe

Filesize
184KB

MD5
1a125ef819c493b61c5e3022aaa1b97d

SHA1
5fc770badcab7cb673e8836747c1aa8db69a3f05

SHA256
a433f6724644e70436b1df2a18e6a8895c7cf3e2a958fdc9784cbce77fbee9cf

SHA512
4a4d2faf6e9c183347b16489d8dbd08c2ce2f83ccf4072b180709f64c9e1183bd0ee832f204a0bd61d09445728372d2f52630391d3d21a7863acdae3dd31eaf2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2620.exe

Filesize
184KB

MD5
de09def3a65502f560247780a4594b2f

SHA1
aa03053f6900bb2c84392b1d5c32186c65cc7595

SHA256
1563504a4e3656334890fe2910854be64370df023e242d7a536e1a4b1abd3437

SHA512
ea690b0b142b70b2b05c45a973e1a0b4e75385668dab4ebbff954739c9713ee2d61f16bb885f10bc9dc62b73bd1d9efaa27c6bf93a5fd25027418bc5910d1532

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44829.exe

Filesize
184KB

MD5
e4f338c12280e910892e929b8f02c262

SHA1
06582eceee4b264ab9b2ca23336e9cd72a4b7621

SHA256
d051a779370dd60a3c9d98fe153d22e6f0e1019e70e721d56347aaa1f3ee4563

SHA512
f02414d0f711fc4fe5fe72b3caea9ac029f21eefabd65991e8e5c4a2747fd3f633a3cf902a715aa3141e69ba2eb57cf5b2b8d9eadd5962a3e4e359fe0ffe5469

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe

Filesize
184KB

MD5
30b3b9c896b472b12a5b2a5f43046092

SHA1
691a26bec049e2b7e3f0ddf21ae8249a0794f071

SHA256
a275df865240cdf86139c8ec9f597eba5e99e27321e8e71b4461a3f52f410e12

SHA512
1bccdb13bac598a1917ee724b160191839758debf5129af56ff3f1b1812123641d243e58f8617e446fadd68f3c029db28546ae189bb5728b97e701b2b15aea4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47057.exe

Filesize
184KB

MD5
8a8b294b2b9409c60716b47006946a3f

SHA1
ba8c87f3a901a3831ff23234d781281a2878dcee

SHA256
2951a98db4df1b8ea82dc21a76c5bb1dda30df3ddb202b1f0e9745f9f4b2d2e4

SHA512
8f93de025be5e89e5313a858d8169f7c339e46f66382a8ba2a7fca3f73edb4ee8d5c8887dbc4d1ed53346bed0f386d98030a49fe3bb0e10ce56cfbfef8a7568e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48292.exe

Filesize
184KB

MD5
42d19de519e32579cbdaf9b486dd5451

SHA1
70c33da475f2149710eb3c73739a163854f89f13

SHA256
2be7376725cc0b39f5a3c517046503f0243095f48c37ba420e4d32417eccc19a

SHA512
7dbdf69f883c648c7581748698a344bb985b125492202b09af4c7300313f1b01632d20e7cde4009c4c62efb01594af9100624611ba31c2874dfb0e3d2f4a4451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49600.exe

Filesize
184KB

MD5
bd09b16bb5438da0962b07a31ed745bf

SHA1
1fb2175d45dc671d1754c2e51c4af5e0c987c70f

SHA256
c75bc8d56d2dcdfa531453c46849f28a4818802346286b52676413268756c90d

SHA512
a53c0aced46f64bc83129548fc05fdeb56ff26d6037223ead74ddfef4b47df123016089bf15f75872c37d9e14e1ceb8f2c8dc64570a6f284f5849d5c20b76078

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28028.exe

Filesize
184KB

MD5
2df9dbebd7635ad8bdf4c82e8aab72e9

SHA1
8573d3f443aaad378bb494982614431c9740ec0c

SHA256
4ac907c904bc3d7fa4ccacbda81db7e90a88d033f9ae269ab8193522218b2e74

SHA512
cd989cd1a37662f5ccf80f3dff3a04166fe17390e3df7834389d337dc31ab65aea6fd98f8adec29016c4bfb442a513588f28777b1c2e95549f0d7444b29af466

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3092.exe

Filesize
184KB

MD5
af08672af2d4eb9812b203df41dd033d

SHA1
2b2307ae6fa4706c5395b9046d71ef06d360213d

SHA256
4f888db420dbc563be6d3b747674f190c849c07e449d3b99bbc9c9de2b8fd53f

SHA512
bb34b8bf30c08c21e846ed9ca464786fcef569ccbfc3f722df35d614f738b2c6c177f849be2e9de40d842cd1d14dc55fe903dfac60be1410a8ffb6e6bd0f69a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37431.exe

Filesize
184KB

MD5
e2a43718a9ff764aef546d6675e573c4

SHA1
0ac5ece839fe253c455d53f38af6acc35fdc656d

SHA256
18703eb6de5d20725a663a9e6dcf1374a58da778a682cf059adcf864f2b88abb

SHA512
967ad3134a1c612a0783ea07919c2738304f2339b29e47ded33c638ef0c7ec55f1939b0598dce75f71c031ad0edb8ba07d16fcea2af08a9a64aff5e41bad7587

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe

Filesize
184KB

MD5
7c0c6d19b855f903091d02fe126ac16f

SHA1
5d98d114ae19f0f41ce2c145490cd987022d63ff

SHA256
34d7de388fb773fff6ada5db7740944a2252c2ea35ad8847aa3ba19942cb1598

SHA512
e2e28a2b1c6a066cc6e6486220897a9e1fcd03e84b4c6d56377cfe19ec8cc0d610cf604326c084ca961a9824b3662ff816697bc6b1b1ccec15a7680f3ae36382

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe

Filesize
184KB

MD5
aaf5e6ef68544b2098a4be36af9f8f92

SHA1
903789579c0770f8661c95bc69c09adeb92239ae

SHA256
10c6d82165f08708da07ecb4f96490d36e20873dbcb033060cbdf9fb44ecc9b6

SHA512
1f8e65670370e3b02d678ee1d596667dfb6500a533ff03f6ddccdd36fc7081e41042ee051828e1711748fdc187335d33e48954582823e32bac2cd64fa557f75a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53627.exe

Filesize
184KB

MD5
b15e68addf12daba4b08bcbe1d52f661

SHA1
863c98447de8a77b1eb71af6d22451b93d4f51db

SHA256
7ac16597c17ca279612ac7e84ab1f76e72cca3a8b7a9e0e97cb8ad92fdee4349

SHA512
e237f113c9a062e897de5b9ec98508499f4e074d2dace1cbed76a5d8fd3c1d3efe3795f9c08e3b3e0e9c525b3919adb291fdad30804d4863558523adfbb12964

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe

Filesize
184KB

MD5
54444bd4c18debe96d59aae45930f693

SHA1
5fa82ccdf1a0015de577dffb052c31af9c11c534

SHA256
2e0f7ee26a199258767a50699a07685e7ea54ff683dbd75d4543c51b6816ebdd

SHA512
da372860848eea9ce0adb29f13d3d94d1cc25733f845a2bf63d82743ab37005a9ea6cf8951c0f20502de10886050433714d2a75f17f3345cf5e9a7d4f4e53e29

Download Submit