8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
Size

184KB
MD5

38c67bcda3ad6a385100d4ec899baf60
SHA1

01ae0ed8b45126e285efda96e5fd46fe8c440dd9
SHA256

8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458
SHA512

d2b314fca3120c481492d00da95fab64f56d549afd2814534e480075d54c29482547f49c4d6d7f74cde0968468ba5e91e71b81f4d69213b68789612d97c50c6f
SSDEEP

3072:cxV3T8os74hAdFa7e8uLdtsXGlnViF+n3:cxGoP8FaOLXsXGlnViF+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-9317.exeUnicorn-52439.exeUnicorn-32573.exeUnicorn-13435.exeUnicorn-40632.exeUnicorn-25688.exeUnicorn-45869.exeUnicorn-8365.exeUnicorn-54037.exeUnicorn-39092.exeUnicorn-57649.exeUnicorn-46144.exeUnicorn-472.exeUnicorn-51619.exeUnicorn-16809.exeUnicorn-27669.exeUnicorn-32351.exeUnicorn-59548.exeUnicorn-57924.exeUnicorn-28821.exeUnicorn-8723.exeUnicorn-1686.exeUnicorn-62.exeUnicorn-27259.exeUnicorn-47125.exeUnicorn-59076.exeUnicorn-51463.exeUnicorn-1707.exeUnicorn-44686.exeUnicorn-55547.exeUnicorn-53394.exeUnicorn-34920.exeUnicorn-109.exeUnicorn-58225.exeUnicorn-39196.exeUnicorn-39196.exeUnicorn-31582.exeUnicorn-51448.exeUnicorn-38703.exeUnicorn-27005.exeUnicorn-57753.exeUnicorn-46056.exeUnicorn-51531.exeUnicorn-55423.exeUnicorn-36949.exeUnicorn-2138.exeUnicorn-12999.exeUnicorn-43725.exeUnicorn-63591.exeUnicorn-55978.exeUnicorn-10306.exeUnicorn-21167.exeUnicorn-53285.exeUnicorn-14390.exeUnicorn-14390.exeUnicorn-61645.exeUnicorn-6969.exeUnicorn-6969.exeUnicorn-57561.exeUnicorn-2885.exeUnicorn-30125.exeUnicorn-40985.exeUnicorn-64935.exeUnicorn-1536.exe

pid	process
2680	Unicorn-9317.exe
2684	Unicorn-52439.exe
2704	Unicorn-32573.exe
2840	Unicorn-13435.exe
2628	Unicorn-40632.exe
2540	Unicorn-25688.exe
2800	Unicorn-45869.exe
1620	Unicorn-8365.exe
2676	Unicorn-54037.exe
1420	Unicorn-39092.exe
908	Unicorn-57649.exe
2236	Unicorn-46144.exe
1232	Unicorn-472.exe
2896	Unicorn-51619.exe
1460	Unicorn-16809.exe
536	Unicorn-27669.exe
1728	Unicorn-32351.exe
1908	Unicorn-59548.exe
692	Unicorn-57924.exe
2368	Unicorn-28821.exe
1704	Unicorn-8723.exe
960	Unicorn-1686.exe
1540	Unicorn-62.exe
1580	Unicorn-27259.exe
852	Unicorn-47125.exe
2448	Unicorn-59076.exe
2088	Unicorn-51463.exe
2036	Unicorn-1707.exe
1536	Unicorn-44686.exe
1044	Unicorn-55547.exe
1904	Unicorn-53394.exe
2700	Unicorn-34920.exe
2496	Unicorn-109.exe
2752	Unicorn-58225.exe
2408	Unicorn-39196.exe
2604	Unicorn-39196.exe
2488	Unicorn-31582.exe
2532	Unicorn-51448.exe
2592	Unicorn-38703.exe
836	Unicorn-27005.exe
1900	Unicorn-57753.exe
2176	Unicorn-46056.exe
1788	Unicorn-51531.exe
2364	Unicorn-55423.exe
756	Unicorn-36949.exe
1476	Unicorn-2138.exe
1776	Unicorn-12999.exe
1304	Unicorn-43725.exe
1072	Unicorn-63591.exe
804	Unicorn-55978.exe
3060	Unicorn-10306.exe
324	Unicorn-21167.exe
1292	Unicorn-53285.exe
752	Unicorn-14390.exe
1560	Unicorn-14390.exe
2180	Unicorn-61645.exe
2988	Unicorn-6969.exe
2996	Unicorn-6969.exe
2848	Unicorn-57561.exe
316	Unicorn-2885.exe
2756	Unicorn-30125.exe
2688	Unicorn-40985.exe
2728	Unicorn-64935.exe
1896	Unicorn-1536.exe

Loads dropped DLL 64 IoCs

Processes:

8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exeUnicorn-9317.exeUnicorn-52439.exeUnicorn-32573.exeWerFault.exeUnicorn-25688.exeUnicorn-40632.exeWerFault.exeWerFault.exeUnicorn-45869.exeUnicorn-8365.exeUnicorn-54037.exeUnicorn-39092.exeWerFault.exeWerFault.exeUnicorn-57649.exeUnicorn-46144.exe

pid	process
840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
2680	Unicorn-9317.exe
2680	Unicorn-9317.exe
840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
2684	Unicorn-52439.exe
2684	Unicorn-52439.exe
2680	Unicorn-9317.exe
2680	Unicorn-9317.exe
2704	Unicorn-32573.exe
2704	Unicorn-32573.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2032	WerFault.exe
2684	Unicorn-52439.exe
2684	Unicorn-52439.exe
2704	Unicorn-32573.exe
2540	Unicorn-25688.exe
2704	Unicorn-32573.exe
2540	Unicorn-25688.exe
2628	Unicorn-40632.exe
2628	Unicorn-40632.exe
2012	WerFault.exe
2012	WerFault.exe
2012	WerFault.exe
2012	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2012	WerFault.exe
2380	WerFault.exe
2800	Unicorn-45869.exe
2800	Unicorn-45869.exe
1620	Unicorn-8365.exe
2540	Unicorn-25688.exe
1620	Unicorn-8365.exe
2540	Unicorn-25688.exe
2676	Unicorn-54037.exe
2676	Unicorn-54037.exe
1420	Unicorn-39092.exe
1420	Unicorn-39092.exe
2628	Unicorn-40632.exe
2628	Unicorn-40632.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
1568	WerFault.exe
2852	WerFault.exe
2852	WerFault.exe
2852	WerFault.exe
2852	WerFault.exe
2852	WerFault.exe
908	Unicorn-57649.exe
908	Unicorn-57649.exe
2800	Unicorn-45869.exe
2800	Unicorn-45869.exe
2236	Unicorn-46144.exe
2236	Unicorn-46144.exe
1620	Unicorn-8365.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2744	840	WerFault.exe	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
2032	2680	WerFault.exe	Unicorn-9317.exe
2012	2684	WerFault.exe	Unicorn-52439.exe
2380	2704	WerFault.exe	Unicorn-32573.exe
1568	2540	WerFault.exe	Unicorn-25688.exe
2852	2628	WerFault.exe	Unicorn-40632.exe
2416	1232	WerFault.exe	Unicorn-472.exe
2868	2800	WerFault.exe	Unicorn-45869.exe
580	1620	WerFault.exe	Unicorn-8365.exe
2392	2676	WerFault.exe	Unicorn-54037.exe
1428	1420	WerFault.exe	Unicorn-39092.exe
2476	908	WerFault.exe	Unicorn-57649.exe
2580	2236	WerFault.exe	Unicorn-46144.exe
2816	1460	WerFault.exe	Unicorn-16809.exe
1864	2896	WerFault.exe	Unicorn-51619.exe
2160	536	WerFault.exe	Unicorn-27669.exe
1724	1728	WerFault.exe	Unicorn-32351.exe
1868	1908	WerFault.exe	Unicorn-59548.exe
2640	692	WerFault.exe	Unicorn-57924.exe
3008	2368	WerFault.exe	Unicorn-28821.exe
2732	960	WerFault.exe	Unicorn-1686.exe
2492	1704	WerFault.exe	Unicorn-8723.exe
1800	852	WerFault.exe	Unicorn-47125.exe
2804	1540	WerFault.exe	Unicorn-62.exe
2784	1580	WerFault.exe	Unicorn-27259.exe
1676	2448	WerFault.exe	Unicorn-59076.exe
1108	2036	WerFault.exe	Unicorn-1707.exe
848	2088	WerFault.exe	Unicorn-51463.exe
1740	1044	WerFault.exe	Unicorn-55547.exe
2920	2496	WerFault.exe	Unicorn-109.exe
2056	1904	WerFault.exe	Unicorn-53394.exe
2624	2700	WerFault.exe	Unicorn-34920.exe
2568	1536	WerFault.exe	Unicorn-44686.exe
2612	2752	WerFault.exe	Unicorn-58225.exe
292	2408	WerFault.exe	Unicorn-39196.exe
1956	2488	WerFault.exe	Unicorn-31582.exe
2372	2604	WerFault.exe	Unicorn-39196.exe
2484	2532	WerFault.exe	Unicorn-51448.exe
3680	2592	WerFault.exe	Unicorn-38703.exe
3832	836	WerFault.exe	Unicorn-27005.exe
3960	1900	WerFault.exe	Unicorn-57753.exe
4000	2176	WerFault.exe	Unicorn-46056.exe
4040	1788	WerFault.exe	Unicorn-51531.exe
3436	756	WerFault.exe	Unicorn-36949.exe
3464	2364	WerFault.exe	Unicorn-55423.exe
3540	1560	WerFault.exe	Unicorn-14390.exe
3580	804	WerFault.exe	Unicorn-55978.exe
3612	1776	WerFault.exe	Unicorn-12999.exe
3668	752	WerFault.exe	Unicorn-14390.exe
3988	2688	WerFault.exe	Unicorn-40985.exe
3148	3060	WerFault.exe	Unicorn-10306.exe
3816	2180	WerFault.exe	Unicorn-61645.exe
3840	2756	WerFault.exe	Unicorn-30125.exe
3948	1304	WerFault.exe	Unicorn-43725.exe
3992	1608	WerFault.exe	Unicorn-35662.exe
4052	1032	WerFault.exe	Unicorn-9382.exe
3200	1572	WerFault.exe	Unicorn-10965.exe
3260	1700	WerFault.exe	Unicorn-15049.exe
3756	2988	WerFault.exe	Unicorn-6969.exe
3872	2076	WerFault.exe	Unicorn-56637.exe
3104	1772	WerFault.exe	Unicorn-52361.exe
3956	2740	WerFault.exe	Unicorn-55890.exe
4132	1072	WerFault.exe	Unicorn-63591.exe
4164	1640	WerFault.exe	Unicorn-54499.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exeUnicorn-9317.exeUnicorn-52439.exeUnicorn-32573.exeUnicorn-40632.exeUnicorn-13435.exeUnicorn-25688.exeUnicorn-45869.exeUnicorn-8365.exeUnicorn-54037.exeUnicorn-39092.exeUnicorn-57649.exeUnicorn-46144.exeUnicorn-472.exeUnicorn-16809.exeUnicorn-51619.exeUnicorn-27669.exeUnicorn-32351.exeUnicorn-59548.exeUnicorn-57924.exeUnicorn-28821.exeUnicorn-8723.exeUnicorn-1686.exeUnicorn-27259.exeUnicorn-62.exeUnicorn-47125.exeUnicorn-59076.exeUnicorn-51463.exeUnicorn-1707.exeUnicorn-44686.exeUnicorn-55547.exeUnicorn-53394.exeUnicorn-34920.exeUnicorn-109.exeUnicorn-58225.exeUnicorn-39196.exeUnicorn-31582.exeUnicorn-39196.exeUnicorn-51448.exeUnicorn-38703.exeUnicorn-27005.exeUnicorn-57753.exeUnicorn-46056.exeUnicorn-51531.exeUnicorn-55423.exeUnicorn-36949.exeUnicorn-12999.exeUnicorn-2138.exeUnicorn-43725.exeUnicorn-63591.exeUnicorn-10306.exeUnicorn-55978.exeUnicorn-21167.exeUnicorn-53285.exeUnicorn-14390.exeUnicorn-14390.exeUnicorn-6969.exeUnicorn-61645.exeUnicorn-57561.exeUnicorn-6969.exeUnicorn-2885.exeUnicorn-30125.exeUnicorn-40985.exeUnicorn-64935.exe

pid	process
840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
2680	Unicorn-9317.exe
2684	Unicorn-52439.exe
2704	Unicorn-32573.exe
2628	Unicorn-40632.exe
2840	Unicorn-13435.exe
2540	Unicorn-25688.exe
2800	Unicorn-45869.exe
1620	Unicorn-8365.exe
2676	Unicorn-54037.exe
1420	Unicorn-39092.exe
908	Unicorn-57649.exe
2236	Unicorn-46144.exe
1232	Unicorn-472.exe
1460	Unicorn-16809.exe
2896	Unicorn-51619.exe
536	Unicorn-27669.exe
1728	Unicorn-32351.exe
1908	Unicorn-59548.exe
692	Unicorn-57924.exe
2368	Unicorn-28821.exe
1704	Unicorn-8723.exe
960	Unicorn-1686.exe
1580	Unicorn-27259.exe
1540	Unicorn-62.exe
852	Unicorn-47125.exe
2448	Unicorn-59076.exe
2088	Unicorn-51463.exe
2036	Unicorn-1707.exe
1536	Unicorn-44686.exe
1044	Unicorn-55547.exe
1904	Unicorn-53394.exe
2700	Unicorn-34920.exe
2496	Unicorn-109.exe
2752	Unicorn-58225.exe
2604	Unicorn-39196.exe
2488	Unicorn-31582.exe
2408	Unicorn-39196.exe
2532	Unicorn-51448.exe
2592	Unicorn-38703.exe
836	Unicorn-27005.exe
1900	Unicorn-57753.exe
2176	Unicorn-46056.exe
1788	Unicorn-51531.exe
2364	Unicorn-55423.exe
756	Unicorn-36949.exe
1776	Unicorn-12999.exe
1476	Unicorn-2138.exe
1304	Unicorn-43725.exe
1072	Unicorn-63591.exe
3060	Unicorn-10306.exe
804	Unicorn-55978.exe
324	Unicorn-21167.exe
1292	Unicorn-53285.exe
752	Unicorn-14390.exe
1560	Unicorn-14390.exe
2988	Unicorn-6969.exe
2180	Unicorn-61645.exe
2848	Unicorn-57561.exe
2996	Unicorn-6969.exe
316	Unicorn-2885.exe
2756	Unicorn-30125.exe
2688	Unicorn-40985.exe
2728	Unicorn-64935.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exeUnicorn-9317.exeUnicorn-52439.exeUnicorn-32573.exeUnicorn-25688.exeUnicorn-40632.exeUnicorn-45869.exeUnicorn-8365.exe

description	pid	process	target process
PID 840 wrote to memory of 2680	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-9317.exe
PID 840 wrote to memory of 2680	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-9317.exe
PID 840 wrote to memory of 2680	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-9317.exe
PID 840 wrote to memory of 2680	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-9317.exe
PID 2680 wrote to memory of 2684	2680	Unicorn-9317.exe	Unicorn-52439.exe
PID 2680 wrote to memory of 2684	2680	Unicorn-9317.exe	Unicorn-52439.exe
PID 2680 wrote to memory of 2684	2680	Unicorn-9317.exe	Unicorn-52439.exe
PID 2680 wrote to memory of 2684	2680	Unicorn-9317.exe	Unicorn-52439.exe
PID 840 wrote to memory of 2704	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-32573.exe
PID 840 wrote to memory of 2704	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-32573.exe
PID 840 wrote to memory of 2704	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-32573.exe
PID 840 wrote to memory of 2704	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	Unicorn-32573.exe
PID 840 wrote to memory of 2744	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	WerFault.exe
PID 840 wrote to memory of 2744	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	WerFault.exe
PID 840 wrote to memory of 2744	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	WerFault.exe
PID 840 wrote to memory of 2744	840	8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe	WerFault.exe
PID 2684 wrote to memory of 2840	2684	Unicorn-52439.exe	Unicorn-13435.exe
PID 2684 wrote to memory of 2840	2684	Unicorn-52439.exe	Unicorn-13435.exe
PID 2684 wrote to memory of 2840	2684	Unicorn-52439.exe	Unicorn-13435.exe
PID 2684 wrote to memory of 2840	2684	Unicorn-52439.exe	Unicorn-13435.exe
PID 2680 wrote to memory of 2628	2680	Unicorn-9317.exe	Unicorn-40632.exe
PID 2680 wrote to memory of 2628	2680	Unicorn-9317.exe	Unicorn-40632.exe
PID 2680 wrote to memory of 2628	2680	Unicorn-9317.exe	Unicorn-40632.exe
PID 2680 wrote to memory of 2628	2680	Unicorn-9317.exe	Unicorn-40632.exe
PID 2704 wrote to memory of 2540	2704	Unicorn-32573.exe	Unicorn-25688.exe
PID 2704 wrote to memory of 2540	2704	Unicorn-32573.exe	Unicorn-25688.exe
PID 2704 wrote to memory of 2540	2704	Unicorn-32573.exe	Unicorn-25688.exe
PID 2704 wrote to memory of 2540	2704	Unicorn-32573.exe	Unicorn-25688.exe
PID 2680 wrote to memory of 2032	2680	Unicorn-9317.exe	WerFault.exe
PID 2680 wrote to memory of 2032	2680	Unicorn-9317.exe	WerFault.exe
PID 2680 wrote to memory of 2032	2680	Unicorn-9317.exe	WerFault.exe
PID 2680 wrote to memory of 2032	2680	Unicorn-9317.exe	WerFault.exe
PID 2684 wrote to memory of 2800	2684	Unicorn-52439.exe	Unicorn-45869.exe
PID 2684 wrote to memory of 2800	2684	Unicorn-52439.exe	Unicorn-45869.exe
PID 2684 wrote to memory of 2800	2684	Unicorn-52439.exe	Unicorn-45869.exe
PID 2684 wrote to memory of 2800	2684	Unicorn-52439.exe	Unicorn-45869.exe
PID 2704 wrote to memory of 2676	2704	Unicorn-32573.exe	Unicorn-54037.exe
PID 2704 wrote to memory of 2676	2704	Unicorn-32573.exe	Unicorn-54037.exe
PID 2704 wrote to memory of 2676	2704	Unicorn-32573.exe	Unicorn-54037.exe
PID 2704 wrote to memory of 2676	2704	Unicorn-32573.exe	Unicorn-54037.exe
PID 2540 wrote to memory of 1620	2540	Unicorn-25688.exe	Unicorn-8365.exe
PID 2540 wrote to memory of 1620	2540	Unicorn-25688.exe	Unicorn-8365.exe
PID 2540 wrote to memory of 1620	2540	Unicorn-25688.exe	Unicorn-8365.exe
PID 2540 wrote to memory of 1620	2540	Unicorn-25688.exe	Unicorn-8365.exe
PID 2628 wrote to memory of 1420	2628	Unicorn-40632.exe	Unicorn-39092.exe
PID 2628 wrote to memory of 1420	2628	Unicorn-40632.exe	Unicorn-39092.exe
PID 2628 wrote to memory of 1420	2628	Unicorn-40632.exe	Unicorn-39092.exe
PID 2628 wrote to memory of 1420	2628	Unicorn-40632.exe	Unicorn-39092.exe
PID 2684 wrote to memory of 2012	2684	Unicorn-52439.exe	WerFault.exe
PID 2684 wrote to memory of 2012	2684	Unicorn-52439.exe	WerFault.exe
PID 2684 wrote to memory of 2012	2684	Unicorn-52439.exe	WerFault.exe
PID 2684 wrote to memory of 2012	2684	Unicorn-52439.exe	WerFault.exe
PID 2704 wrote to memory of 2380	2704	Unicorn-32573.exe	WerFault.exe
PID 2704 wrote to memory of 2380	2704	Unicorn-32573.exe	WerFault.exe
PID 2704 wrote to memory of 2380	2704	Unicorn-32573.exe	WerFault.exe
PID 2704 wrote to memory of 2380	2704	Unicorn-32573.exe	WerFault.exe
PID 2800 wrote to memory of 908	2800	Unicorn-45869.exe	Unicorn-57649.exe
PID 2800 wrote to memory of 908	2800	Unicorn-45869.exe	Unicorn-57649.exe
PID 2800 wrote to memory of 908	2800	Unicorn-45869.exe	Unicorn-57649.exe
PID 2800 wrote to memory of 908	2800	Unicorn-45869.exe	Unicorn-57649.exe
PID 1620 wrote to memory of 1232	1620	Unicorn-8365.exe	Unicorn-472.exe
PID 1620 wrote to memory of 1232	1620	Unicorn-8365.exe	Unicorn-472.exe
PID 1620 wrote to memory of 1232	1620	Unicorn-8365.exe	Unicorn-472.exe
PID 1620 wrote to memory of 1232	1620	Unicorn-8365.exe	Unicorn-472.exe

C:\Users\Admin\AppData\Local\Temp\8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe
"C:\Users\Admin\AppData\Local\Temp\8091c972ec7cab25df05c2931cb75522043012bb9e65b72c6458a2113b6fe458.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59076.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38703.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60934.exe
10⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34567.exe
11⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
12⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6378.exe
13⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62211.exe
14⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
15⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
15⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
14⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
13⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
12⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
11⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22869.exe
10⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50348.exe
11⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
12⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
13⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
14⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
14⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
13⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
12⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
11⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
10⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53321.exe
9⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
10⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27406.exe
11⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
12⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20411.exe
13⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7930.exe
14⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
14⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
13⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 236
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
11⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
10⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
9⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
10⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33576.exe
11⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40857.exe
12⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
12⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
10⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
9⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
8⤵
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27005.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64935.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
9⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44489.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20006.exe
11⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32528.exe
12⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
13⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20614.exe
14⤵
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
14⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
13⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
12⤵
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
11⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51007.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24552.exe
11⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20842.exe
12⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-577.exe
13⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 216
13⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 220
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
11⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26870.exe
8⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40042.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-1910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1910.exe
11⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-374.exe
12⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48579.exe
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
11⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
10⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
9⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
8⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
7⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-51463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51463.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51531.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60659.exe
8⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25932.exe
9⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8796.exe
11⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42699.exe
12⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
13⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7466.exe
14⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
14⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
12⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
11⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3025.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32917.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56321.exe
11⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9440.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35528.exe
13⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
13⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
9⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18318.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2470.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8687.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43322.exe
11⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
12⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3029.exe
13⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
9⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
8⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5983.exe
7⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45236.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6191.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22740.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17189.exe
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
8⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
7⤵
- Program crash
PID:848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
6⤵
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59548.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57753.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
8⤵
- Executes dropped EXE
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38184.exe
9⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18807.exe
10⤵
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 220
11⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55667.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25787.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30821.exe
12⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29641.exe
13⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
13⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
11⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14234.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39419.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53721.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56897.exe
11⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
12⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe
13⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
13⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
11⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
9⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
8⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12397.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46544.exe
8⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36041.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11640.exe
11⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-47053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47053.exe
12⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7354.exe
13⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
13⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
12⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
10⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7301.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37847.exe
10⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21693.exe
11⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53810.exe
12⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10708 -s 216
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 220
9⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
8⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
7⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46056.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9704.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15818.exe
8⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-27167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27167.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56243.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39181.exe
12⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42469.exe
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
13⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19553.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22611.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13586.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58921.exe
11⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 236
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 236
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42927.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-29399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29399.exe
10⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29773.exe
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
11⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
10⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
8⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
6⤵
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
5⤵
- Program crash
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55423.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37608.exe
9⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63456.exe
10⤵
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
11⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59367.exe
12⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51661.exe
13⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55242.exe
14⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
15⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 216
15⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
14⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
13⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
12⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
11⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-503.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33384.exe
11⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8127.exe
12⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
13⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
14⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 236
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 236
12⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 220
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21032.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63923.exe
10⤵
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
10⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
9⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60913.exe
8⤵
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
9⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35936.exe
10⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7172.exe
11⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30717.exe
12⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27967.exe
13⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
13⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
12⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11209.exe
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26498.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
12⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30811.exe
13⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
9⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12999.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35662.exe
8⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30784.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56954.exe
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28745.exe
11⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
12⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
12⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
13⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
13⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 220
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
11⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
10⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
9⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
8⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
7⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58225.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53285.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
8⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53342.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10446.exe
10⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
11⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
12⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
13⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7165.exe
14⤵
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 236
14⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
12⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8220.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63373.exe
11⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22928.exe
12⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14238.exe
13⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1681.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16493.exe
10⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
11⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20375.exe
12⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
12⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
10⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
8⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9382.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27982.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13430.exe
10⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64204.exe
11⤵
PID:9816

C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9816 -s 216
12⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
10⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
8⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
7⤵
- Program crash
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
6⤵
- Program crash
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34920.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
8⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3176.exe
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3555.exe
11⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-50691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50691.exe
12⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6223.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
12⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 236
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52678.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
11⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51137.exe
11⤵
PID:10280

C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
12⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 216
12⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 220
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 220
8⤵
- Program crash
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62667.exe
7⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59071.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57146.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61500.exe
10⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe
11⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2715.exe
12⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
12⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
11⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
8⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55978.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62304.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51588.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55755.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33685.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7888.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12346.exe
12⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37316.exe
13⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
13⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31805.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43031.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54375.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
11⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33089.exe
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 220
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 236
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 220
8⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21416.exe
7⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28921.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
9⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6617.exe
11⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8309.exe
12⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 216
12⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
10⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
8⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
7⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
6⤵
- Program crash
PID:2732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
5⤵
- Program crash
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61645.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59974.exe
8⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54411.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62299.exe
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34666.exe
11⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5081.exe
12⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29934.exe
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
13⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
12⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
11⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
10⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45356.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
11⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27687.exe
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 220
8⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
7⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
7⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60737.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56046.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58558.exe
11⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3965.exe
11⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10338.exe
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 216
12⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 240
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
7⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50732.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
9⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
10⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
10⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
9⤵
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
8⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
7⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
6⤵
- Program crash
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
5⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
6⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28821.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
8⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18143.exe
10⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 200
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 216
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63134.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3368.exe
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32912.exe
10⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39316.exe
11⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
12⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
8⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54499.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9870.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32450.exe
9⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36036.exe
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37863.exe
11⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4277.exe
12⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
12⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 220
11⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
8⤵
- Program crash
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
7⤵
- Program crash
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
7⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46243.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48594.exe
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6186.exe
10⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23665.exe
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
10⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
9⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
8⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65272.exe
7⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30312.exe
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
9⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44277.exe
10⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
11⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
11⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
10⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
9⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
5⤵
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57924.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44686.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10306.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-25164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25164.exe
8⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47950.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10742.exe
10⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11588.exe
11⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1656.exe
12⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe
13⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
13⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
11⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
10⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35574.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54993.exe
12⤵
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
10⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
9⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
8⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17550.exe
7⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34135.exe
8⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 220
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 236
8⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
7⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21167.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-37416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37416.exe
7⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53529.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53991.exe
10⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29861.exe
11⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
12⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 236
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 216
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
7⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1422.exe
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3321.exe
8⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3804.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
10⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
11⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
10⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
9⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 220
8⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
7⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
6⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55547.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36949.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60166.exe
7⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
8⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7608.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
12⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 236
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29025.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32393.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63685.exe
11⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
12⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
8⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14810.exe
7⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14722.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65288.exe
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
10⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
11⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe
12⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 236
12⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 236
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
10⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
8⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
7⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17742.exe
6⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14063.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10638.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29492.exe
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43981.exe
10⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8174.exe
11⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
11⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
10⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
8⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
8⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37463.exe
9⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16540.exe
10⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5704.exe
11⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
11⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
10⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
9⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
8⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
7⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 220
6⤵
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
5⤵
- Program crash
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39196.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29248.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57312.exe
10⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26171.exe
11⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20515.exe
12⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26517.exe
13⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 216
13⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
9⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52361.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42159.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38672.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61801.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4842.exe
11⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42933.exe
12⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 220
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
8⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6969.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10965.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60462.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55579.exe
10⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6404.exe
11⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
12⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
11⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
10⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
9⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
8⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
7⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-40426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40426.exe
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
9⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34416.exe
10⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9513.exe
11⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
10⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
9⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
8⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
7⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14390.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31578.exe
7⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27721.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64281.exe
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65340.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
11⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50803.exe
12⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 236
11⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
10⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
9⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
8⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
7⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19880.exe
6⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44105.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28750.exe
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-10353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10353.exe
9⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31148.exe
10⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58330.exe
11⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
11⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
10⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
9⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
8⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 236
7⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
6⤵
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
5⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51448.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-15049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15049.exe
7⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25844.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10078.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4266.exe
11⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-146.exe
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26377.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8028.exe
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
9⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21994.exe
10⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 216
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
10⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
9⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
8⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
7⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56637.exe
6⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7348.exe
7⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24277.exe
9⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55797.exe
10⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28735.exe
11⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 220
11⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
10⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 236
9⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
8⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
7⤵
- Program crash
PID:3872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
6⤵
- Program crash
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
6⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32429.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22035.exe
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55662.exe
9⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37562.exe
10⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58029.exe
11⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
10⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
9⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
8⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
7⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43289.exe
6⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24365.exe
7⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59938.exe
8⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe
9⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
10⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
10⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
9⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
8⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
7⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
6⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
5⤵
- Program crash
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
4⤵
- Program crash
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
2⤵
- Program crash
PID:2744

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24324.exe

Filesize
184KB

MD5
abacece7ab8d53d29fa5c4b7dac160c4

SHA1
d205c971412c0695709421e59cc2a599228250fe

SHA256
04971cb7271e44883e4c088a87186febcd1c3463f64ed2383593f520b378fd9d

SHA512
6332c8370a1b5da2097ac8a4338d5064636efe7540654cc9f38991546d08717a16f0fa670acc9270e760678f0e554083a148794f3e53a8015353949e0f5fe703

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37365.exe

Filesize
184KB

MD5
afd72d68665c5df609f12bc95eebbd8c

SHA1
52058e255109e7e8fc209172f8b89cb6e1ec6cac

SHA256
1f94fc1fa6f707c4cee622b8a925622e0f3fb10747bcb1e1811b46fcd0598d7b

SHA512
e951e75460a3499697d7232df65edbf6f4bff06f217d7fd9ff18d94c1857cd8060aecbfdd26d459fbe34cf1fbda7c522f95dda67cdf54136917ae29aafcbf5c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39092.exe

Filesize
184KB

MD5
9c954d4c99ae566116cc609d911e4d2d

SHA1
55c3d46ad99732f2a2bfe997aa6507381401a918

SHA256
025d501e31e35092d33494987e1db20affc64497ed50246930e409572e380525

SHA512
27dec3345a0d1c9ab184d60fcd31e2f549e111dc7a302d10048f83d73e4ec5d380c5bba198e035c68243a4477cf82c6b02d7f07196a1bc012b03242074243c31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40985.exe

Filesize
184KB

MD5
8fa7aec4bae83844648e939c93546520

SHA1
8bd515d1b46fd8c71d16ca07e7175d03cf5c279f

SHA256
8a8adc605343bc3ed69082bda1d79c2faf74136d08e2cd088f7a1ef1aac4dcfd

SHA512
2066a1cbb26b254ed696e1e80b49277e316dd518f314fd5a03b3ed03d5b038fb63bab25cf36025c87b66d7e1fd0c5ca2f7a73a568f00a920bd3046e89918fb62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52439.exe

Filesize
184KB

MD5
0f2bc8832cefc02c5695849de32ff0b5

SHA1
73ef0f5dffa36405584e5611b9fc0d4ef930a3c4

SHA256
01d19cf4774be8a35414cbb7fb2439c576a4d2009db75cf5805d98297d3d2f1a

SHA512
5ae27d710da7e403b970cbbd3e6b47c6955af82c211afadb120043db83770b7ce4660a1120587c0e4dfe9fc72a43f29b71739eac7c9cea7120b378bd3d76a768

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54775.exe

Filesize
184KB

MD5
2e5a88946e0ce46d103d9a5b12961524

SHA1
def499bb3d10cd59c9da212c492a60c3456aebc2

SHA256
2fb2a8fcdc2e7c18d0124e0d161b6dc8ee11ee8d5f8368036922babd1be913cb

SHA512
163a6f56e6d8d1d52b7007f9c43b3e0b6897cc5b1bd28e2186ed60c0396bf5eff7dfe2804dde3dfbf227f066fbf10983ebc57f0f0626f7969133aeb4652a7dbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5786.exe

Filesize
184KB

MD5
36fb4dfe74eb8f4a89001c5895478915

SHA1
4bf8fd53991ee16ac692ba3af1e24f2b42ca2b68

SHA256
0c032bb644f80fb75bc6d783f4416e2b939dab51d8ee10fb1c38df38416b996d

SHA512
b6ebfe2c22e8ea75753d66b2c60fab15ac28828e47a6f386bdd5d619c7b1536a6e76963a4a7d0b187c4e525e7b794dcffe743597cb0702f7ec09e9870ffa97bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60089.exe

Filesize
184KB

MD5
6732260df5dd738a85423ade73f980ff

SHA1
605f8c7378dccb2e7f17ece88e9c36683638261b

SHA256
33a86b2ad754375973c9f561d862f5c36e884a3f7c3a6adfa0c92918eeb58003

SHA512
d7e6eb981723918e30d225d2b1d01d4df7bd74d63db564a81a2d54705d279d8294fe94e2e734b1282a56a0ec50298f2f72d36a3958654c59ac8caa37ef26b636

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6170.exe

Filesize
184KB

MD5
ca13dd7a9b440b47debf2ddf566d2712

SHA1
3900ac160a0f132afa3557577ecf7498ee455d7f

SHA256
c7d8b444c9023577d7501171d2490fc3c4ad9dc995a47861ffa88a937092c40c

SHA512
de1365e419778fc7ee4f1131b7629a55c1d770237ee4b3f928d4268bcfa0841a4d439bc57cf521223ea2dd5ff85283d53a6212f2f5cfd0cd256fc0487610eb86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6179.exe

Filesize
184KB

MD5
556d6192113c4d16acf9ef6615f81d86

SHA1
9d7a2f187c9ef04de4963030e288c2ad27ea9179

SHA256
ec6d2803cc568d4a20db562b567e4bd3e499c7d24ed76cb9517fc622d0a214b5

SHA512
7bb8657db5739bd3cbe45b12361571c634909b801f033f3cb1f0bdea2b6d51aa9100a5de4a9a875450a0eac44e8886d2b2527f3789af0c2a0b10f9fb2d6a8f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe

Filesize
184KB

MD5
65557de046cad794159ed75053eefac8

SHA1
878040020e85370d424a80fc40958ac60688a061

SHA256
9c46e68ef40d40f280439f5be45879cfbf6bb6daf016da95887adfc07a786677

SHA512
8bd52956e947f4f32cb35043fd3a07d41b7d714b03f90269cfc0fa01f3db0f240f2190b10d835cb25151beefd83063646705dd78bc7a4329af8986d52fb9cd1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9247.exe

Filesize
184KB

MD5
929fd3155706d4e9b110eb4b07f26f01

SHA1
553a1b7d4c17b12e8e263632431f9b4f063ab7b7

SHA256
ec87b23abc4a6c4dc43d003ca7d13cf9fae00a63b1f18b58f99b664e1824437f

SHA512
b85dd17757be313f225ddaa1c57e30560a733506f44242d4aaddfa06900abdea4cbb88ffed47540aeafe3f3cdd10d7f23e1daaab6ad9d95a6f95ce891e914307

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-943.exe

Filesize
184KB

MD5
230d3eff2f6a675a6b8d37babe1c921e

SHA1
f97a2dfc465a0e1df7e6ae913a7d8f65f2518fb5

SHA256
89ad9afc28ebb1c677b186a8d731f304f5d4cb9ccb370aa15c617486d427205f

SHA512
d77331248db9379f324280f8d543929a4103b7fccd702ef029d7915ce103ff4fee1b7210a9a1bcc8c9cc4570e704968bc9336216ba94405bf288f4434202d316

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe

Filesize
184KB

MD5
7635b878aadbc7774f8f15816773e4e9

SHA1
9fb8a7f0205847e66b2d5498323f561cdf87bf60

SHA256
fe4ff3dd76e194cbe345ae086bddd7b02ab2ac7f47685dc78980c76400416eb6

SHA512
f4344e7d04091b2a3dbdd411b6a05659f6692dbba7edb6f22331c75ca7acc5c955d2f3e5009dcecfde6f408c34f74456a80783a34f1c1ce96d21c065e558c83d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe

Filesize
184KB

MD5
f1fbaac26009f56f9cacbf0a86bbfecf

SHA1
f2603dfa22e02e6de41ed15e78d65db9f1b6e514

SHA256
3a6b270818703ba82136a68fb756eb69fde104128726b9262661148d39139572

SHA512
0005d5356809457de24ebf81b5df6d728f1879bc5b29a5aeac48afb649845fd000b67f526a42b067dd2884814a0bb4a6eb039163e263d2ef7005b76a5426f97f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32573.exe

Filesize
184KB

MD5
e7a1f52cad811079593d841ee1cde517

SHA1
f942f1d9a826e0dc98492eef8767d76505cc5b12

SHA256
61e27935d8dc52ded770fb25b0dce0a7bc58ed773a0ae826273363ed0750ad59

SHA512
c3fcfe6a6fa6101b44c0fa70d130520dddeb271d9ac74514dc9da64c7bc033c5c0f9b9a8887887048cfec4c6261110bec95e7f7ad857e9af1a96e9eb0697425a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40632.exe

Filesize
184KB

MD5
cc74a1e9fbd696215f5ff9642a73d068

SHA1
86dede8cc88c9823eb2d740457b97d23fd672765

SHA256
de28f362fdd6ed54c4d3dc2648309c57adb1ff422c65fa34a0120b6d094a6134

SHA512
58d632276c39fa623bd7986e7ae80f68c9453325ba251edaa9d67fed2b120044591647943b5825e13348b3ecb93f1f6e61996b113f9981fdb801efcfdbd45dd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45869.exe

Filesize
184KB

MD5
1eabe21707eceb867e199ff30018e739

SHA1
41f57cdcaeb58087d4e36075fd76b090399dac72

SHA256
435ee699a3249d3847032ce5d8f7abe32a61df5f23ba7a96984da2382e2ca52e

SHA512
34be202beb07ed4a9c5e5e8291cd1d9390a840818dcda094d5d6e93a20cb124b1383da4a034921efaf82a5c7cc3e147b29aa66eac5fa46be65d5984cb2a27fd5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46144.exe

Filesize
184KB

MD5
4c0b92e9c080db9a39f9b96c5c0846c7

SHA1
c6b36b33048fa1a11fa09469aac752f498e3365d

SHA256
715770865f6cce964ef0bd6ba2b4df8cc37416fac80870ce275d1124da5528ab

SHA512
6de1a8c6ec220a59ba5430e78a1c6044a5a340f2e4f797ff1455324bc913292ab9ead7fac6d7c06cc028f53c01c6987e8455c93ebadf26865bf0c5f2441ce30f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-472.exe

Filesize
184KB

MD5
fbc12c984a047052a518058cf4771351

SHA1
95ebcd00fb01c1749751b8a977415c41ddd0821c

SHA256
bf93d2f2afbd657c6c84c130f0e70baa0f4c38c01a00fb914192ab1d8baddcb0

SHA512
94415ab814eed054e98b72e4fe57de286ba2850930f07692ae2e20da5ffbb4b713e8b1fa036160ee3566baa6fec71a8db55d2554a597c086943c39e0e45304ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe

Filesize
184KB

MD5
35b0435afbc19054013eb669ef6109be

SHA1
67b302c3fc65ee76354515646f087e76809eda93

SHA256
93e43fa4418c2306a8482cd496a592d6aabdb8966a0b72ab66f5c9b062e72f10

SHA512
9d443e907ca559908bee6e7d04ebeefb2d42011daecd0f66cd4f4e0e2ec995ceafe3bad95ab9ced9e96aa3f6b863679191f0d4611592a2e7ad3a1f7fdf93d561

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe

Filesize
184KB

MD5
63a099713ea8b691b8d42fe647ff4c98

SHA1
352d033d4553a8fc58a7524c9baf7a8d18a02b9c

SHA256
b183b37ed0ca42d4a513d11c0c83291430dddb6db9ea6f4837145de597c3db12

SHA512
e14874e704eff2b5f2a2be05af60a84a35341fa7aec8b9f5da80404096253d95f6106bf858e27a8144adc633214599f6f3b037db995792504d70af8b621afa9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57649.exe

Filesize
184KB

MD5
8048b659dcab765ff5fbeccf3a249f6b

SHA1
23380e4035d97119b8a493c2b9c3e796182daec4

SHA256
e94c2013b952d21c083261dea95322ec8872108b2714f5068c9881b92086614b

SHA512
d7e9ca6516d78c7a89cbb039be824dcf7b292bf7ce64b82433c31ccf9a49613a7da28531a5d14c76c87663413ffe03952be77bc2d9ea5119002b722bb77b8d75

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9317.exe

Filesize
184KB

MD5
495abe1cc32e0555c3a9499811ca189b

SHA1
8de2e884da2b0638c623168543f4bb4a713acf8a

SHA256
1b8681c7ba1ebaad3ba9825e96bc580c7b1ce0baf9c6c5e0ff7167f287a5a725

SHA512
8b74f583d05307ca24b2d31d57a74ebc805cb309bc242407d971412b7e3cb44695389626cc090918731e9f1f43ea87a8394ccafb16962d71790080df76a3be50

Download Submit