82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
Size

184KB
MD5

469351395a3904d0983501588b8faf01
SHA1

76ed3f86948d0031803c2f026e81b7c61afb124d
SHA256

82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b
SHA512

97261e25e1af0021ca0df7a668476d851ffb948f568a370f335938e8dc4e2a663011e5e440834cdfacd1e35719d33f5f18db3238303a109c94ee1923571cbc18
SSDEEP

3072:xmt3Y8ofrYjmdFIWefwdRG5DhlnViFFn3:xm1o8yFIWd05DhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-107.exeUnicorn-37693.exeUnicorn-57559.exeUnicorn-61534.exeUnicorn-8249.exeUnicorn-19110.exeUnicorn-16178.exeUnicorn-36044.exeUnicorn-21846.exeUnicorn-34098.exeUnicorn-14232.exeUnicorn-36283.exeUnicorn-44451.exeUnicorn-2027.exeUnicorn-30637.exeUnicorn-41497.exeUnicorn-41497.exeUnicorn-61363.exeUnicorn-26553.exeUnicorn-28198.exeUnicorn-39058.exeUnicorn-36366.exeUnicorn-60055.exeUnicorn-57362.exeUnicorn-8161.exeUnicorn-19022.exeUnicorn-34804.exeUnicorn-16522.exeUnicorn-27382.exeUnicorn-47248.exeUnicorn-12437.exeUnicorn-23298.exeUnicorn-50346.exeUnicorn-61207.exeUnicorn-11451.exeUnicorn-54430.exeUnicorn-65291.exeUnicorn-1145.exeUnicorn-27788.exeUnicorn-7922.exeUnicorn-44316.exeUnicorn-36702.exeUnicorn-64736.exeUnicorn-11259.exeUnicorn-58322.exeUnicorn-58322.exeUnicorn-58322.exeUnicorn-54238.exeUnicorn-34372.exeUnicorn-65099.exeUnicorn-65099.exeUnicorn-46625.exeUnicorn-953.exeUnicorn-44399.exeUnicorn-25925.exeUnicorn-1975.exeUnicorn-52567.exeUnicorn-44762.exeUnicorn-60543.exeUnicorn-42069.exeUnicorn-52930.exeUnicorn-48846.exeUnicorn-27871.exeUnicorn-20257.exe

pid	process
2156	Unicorn-107.exe
2968	Unicorn-37693.exe
2272	Unicorn-57559.exe
2740	Unicorn-61534.exe
2516	Unicorn-8249.exe
2580	Unicorn-19110.exe
2528	Unicorn-16178.exe
1140	Unicorn-36044.exe
2656	Unicorn-21846.exe
2404	Unicorn-34098.exe
1256	Unicorn-14232.exe
1612	Unicorn-36283.exe
2340	Unicorn-44451.exe
2576	Unicorn-2027.exe
2028	Unicorn-30637.exe
1108	Unicorn-41497.exe
2800	Unicorn-41497.exe
1232	Unicorn-61363.exe
476	Unicorn-26553.exe
740	Unicorn-28198.exe
1316	Unicorn-39058.exe
3044	Unicorn-36366.exe
1776	Unicorn-60055.exe
1068	Unicorn-57362.exe
1292	Unicorn-8161.exe
656	Unicorn-19022.exe
2892	Unicorn-34804.exe
1356	Unicorn-16522.exe
2988	Unicorn-27382.exe
2864	Unicorn-47248.exe
1228	Unicorn-12437.exe
1812	Unicorn-23298.exe
2104	Unicorn-50346.exe
2680	Unicorn-61207.exe
2828	Unicorn-11451.exe
2736	Unicorn-54430.exe
2644	Unicorn-65291.exe
2468	Unicorn-1145.exe
2928	Unicorn-27788.exe
2532	Unicorn-7922.exe
1196	Unicorn-44316.exe
1648	Unicorn-36702.exe
2280	Unicorn-64736.exe
2392	Unicorn-11259.exe
1924	Unicorn-58322.exe
1868	Unicorn-58322.exe
1968	Unicorn-58322.exe
1624	Unicorn-54238.exe
1516	Unicorn-34372.exe
1808	Unicorn-65099.exe
1484	Unicorn-65099.exe
2244	Unicorn-46625.exe
1288	Unicorn-953.exe
2308	Unicorn-44399.exe
688	Unicorn-25925.exe
2868	Unicorn-1975.exe
1464	Unicorn-52567.exe
1640	Unicorn-44762.exe
2228	Unicorn-60543.exe
2260	Unicorn-42069.exe
1552	Unicorn-52930.exe
2620	Unicorn-48846.exe
2720	Unicorn-27871.exe
2640	Unicorn-20257.exe

Loads dropped DLL 64 IoCs

Processes:

82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exeUnicorn-107.exeUnicorn-37693.exeUnicorn-57559.exeWerFault.exeUnicorn-61534.exeUnicorn-19110.exeUnicorn-8249.exeWerFault.exeWerFault.exeUnicorn-16178.exeUnicorn-36044.exeUnicorn-34098.exeUnicorn-21846.exeUnicorn-14232.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
2156	Unicorn-107.exe
1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
2156	Unicorn-107.exe
2968	Unicorn-37693.exe
2968	Unicorn-37693.exe
2272	Unicorn-57559.exe
2272	Unicorn-57559.exe
2156	Unicorn-107.exe
2156	Unicorn-107.exe
2120	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2968	Unicorn-37693.exe
2968	Unicorn-37693.exe
2740	Unicorn-61534.exe
2740	Unicorn-61534.exe
2580	Unicorn-19110.exe
2580	Unicorn-19110.exe
2272	Unicorn-57559.exe
2272	Unicorn-57559.exe
2516	Unicorn-8249.exe
2516	Unicorn-8249.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2528	Unicorn-16178.exe
2528	Unicorn-16178.exe
1140	Unicorn-36044.exe
1140	Unicorn-36044.exe
2740	Unicorn-61534.exe
2740	Unicorn-61534.exe
2404	Unicorn-34098.exe
2404	Unicorn-34098.exe
2580	Unicorn-19110.exe
2516	Unicorn-8249.exe
2516	Unicorn-8249.exe
2580	Unicorn-19110.exe
2656	Unicorn-21846.exe
2656	Unicorn-21846.exe
1256	Unicorn-14232.exe
1256	Unicorn-14232.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
1340	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
840	WerFault.exe
2288	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2724	1600	WerFault.exe	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
2120	2156	WerFault.exe	Unicorn-107.exe
1936	2968	WerFault.exe	Unicorn-37693.exe
2292	2272	WerFault.exe	Unicorn-57559.exe
1340	2740	WerFault.exe	Unicorn-61534.exe
840	2580	WerFault.exe	Unicorn-19110.exe
2288	2516	WerFault.exe	Unicorn-8249.exe
2984	2528	WerFault.exe	Unicorn-16178.exe
2752	1140	WerFault.exe	Unicorn-36044.exe
2748	2404	WerFault.exe	Unicorn-34098.exe
2092	2656	WerFault.exe	Unicorn-21846.exe
2684	1256	WerFault.exe	Unicorn-14232.exe
1076	1612	WerFault.exe	Unicorn-36283.exe
664	2340	WerFault.exe	Unicorn-44451.exe
1632	2576	WerFault.exe	Unicorn-2027.exe
448	2028	WerFault.exe	Unicorn-30637.exe
604	2800	WerFault.exe	Unicorn-41497.exe
3064	476	WerFault.exe	Unicorn-26553.exe
1660	1108	WerFault.exe	Unicorn-41497.exe
1960	1232	WerFault.exe	Unicorn-61363.exe
1708	1516	WerFault.exe	Unicorn-34372.exe
2352	1840	WerFault.exe	Unicorn-65203.exe
2100	740	WerFault.exe	Unicorn-28198.exe
3028	1316	WerFault.exe	Unicorn-39058.exe
2696	3044	WerFault.exe	Unicorn-36366.exe
2496	1776	WerFault.exe	Unicorn-60055.exe
2960	1068	WerFault.exe	Unicorn-57362.exe
1412	1292	WerFault.exe	Unicorn-8161.exe
2772	656	WerFault.exe	Unicorn-19022.exe
1744	1356	WerFault.exe	Unicorn-16522.exe
2808	2864	WerFault.exe	Unicorn-47248.exe
1852	1812	WerFault.exe	Unicorn-23298.exe
2408	2892	WerFault.exe	Unicorn-34804.exe
2208	2988	WerFault.exe	Unicorn-27382.exe
1800	1228	WerFault.exe	Unicorn-12437.exe
3412	2736	WerFault.exe	Unicorn-54430.exe
3420	2680	WerFault.exe	Unicorn-61207.exe
3444	2828	WerFault.exe	Unicorn-11451.exe
3484	2928	WerFault.exe	Unicorn-27788.exe
3516	1648	WerFault.exe	Unicorn-36702.exe
3508	2280	WerFault.exe	Unicorn-64736.exe
3540	2104	WerFault.exe	Unicorn-50346.exe
3548	1924	WerFault.exe	Unicorn-58322.exe
3572	2392	WerFault.exe	Unicorn-11259.exe
3604	1484	WerFault.exe	Unicorn-65099.exe
3620	1288	WerFault.exe	Unicorn-953.exe
3612	1624	WerFault.exe	Unicorn-54238.exe
3636	1808	WerFault.exe	Unicorn-65099.exe
4000	1968	WerFault.exe	Unicorn-58322.exe
3124	1868	WerFault.exe	Unicorn-58322.exe
3360	2532	WerFault.exe	Unicorn-7922.exe
3388	2468	WerFault.exe	Unicorn-1145.exe
3436	2644	WerFault.exe	Unicorn-65291.exe
3396	2244	WerFault.exe	Unicorn-46625.exe
3716	2908	WerFault.exe	Unicorn-25733.exe
3708	2596	WerFault.exe	Unicorn-5312.exe
3784	2260	WerFault.exe	Unicorn-42069.exe
4076	620	WerFault.exe	Unicorn-34477.exe
3304	1220	WerFault.exe	Unicorn-22779.exe
3356	2712	WerFault.exe	Unicorn-34477.exe
4008	2952	WerFault.exe	Unicorn-8581.exe
3960	2640	WerFault.exe	Unicorn-20257.exe
3300	2396	WerFault.exe	Unicorn-38561.exe
3948	2052	WerFault.exe	Unicorn-63257.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exeUnicorn-107.exeUnicorn-37693.exeUnicorn-57559.exeUnicorn-61534.exeUnicorn-8249.exeUnicorn-19110.exeUnicorn-16178.exeUnicorn-36044.exeUnicorn-34098.exeUnicorn-21846.exeUnicorn-14232.exeUnicorn-36283.exeUnicorn-44451.exeUnicorn-2027.exeUnicorn-30637.exeUnicorn-41497.exeUnicorn-41497.exeUnicorn-26553.exeUnicorn-61363.exeUnicorn-28198.exeUnicorn-39058.exeUnicorn-36366.exeUnicorn-60055.exeUnicorn-57362.exeUnicorn-8161.exeUnicorn-19022.exeUnicorn-34804.exeUnicorn-16522.exeUnicorn-27382.exeUnicorn-47248.exeUnicorn-12437.exeUnicorn-23298.exeUnicorn-50346.exeUnicorn-61207.exeUnicorn-11451.exeUnicorn-54430.exeUnicorn-65291.exeUnicorn-1145.exeUnicorn-7922.exeUnicorn-27788.exeUnicorn-44316.exeUnicorn-36702.exeUnicorn-64736.exeUnicorn-11259.exeUnicorn-58322.exeUnicorn-54238.exeUnicorn-58322.exeUnicorn-58322.exeUnicorn-34372.exeUnicorn-65099.exeUnicorn-65099.exeUnicorn-46625.exeUnicorn-953.exeUnicorn-44399.exeUnicorn-25925.exeUnicorn-1975.exeUnicorn-52567.exeUnicorn-44762.exeUnicorn-60543.exeUnicorn-52930.exeUnicorn-42069.exeUnicorn-48846.exeUnicorn-27871.exe

pid	process
1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
2156	Unicorn-107.exe
2968	Unicorn-37693.exe
2272	Unicorn-57559.exe
2740	Unicorn-61534.exe
2516	Unicorn-8249.exe
2580	Unicorn-19110.exe
2528	Unicorn-16178.exe
1140	Unicorn-36044.exe
2404	Unicorn-34098.exe
2656	Unicorn-21846.exe
1256	Unicorn-14232.exe
1612	Unicorn-36283.exe
2340	Unicorn-44451.exe
2576	Unicorn-2027.exe
2028	Unicorn-30637.exe
2800	Unicorn-41497.exe
1108	Unicorn-41497.exe
476	Unicorn-26553.exe
1232	Unicorn-61363.exe
740	Unicorn-28198.exe
1316	Unicorn-39058.exe
3044	Unicorn-36366.exe
1776	Unicorn-60055.exe
1068	Unicorn-57362.exe
1292	Unicorn-8161.exe
656	Unicorn-19022.exe
2892	Unicorn-34804.exe
1356	Unicorn-16522.exe
2988	Unicorn-27382.exe
2864	Unicorn-47248.exe
1228	Unicorn-12437.exe
1812	Unicorn-23298.exe
2104	Unicorn-50346.exe
2680	Unicorn-61207.exe
2828	Unicorn-11451.exe
2736	Unicorn-54430.exe
2644	Unicorn-65291.exe
2468	Unicorn-1145.exe
2532	Unicorn-7922.exe
2928	Unicorn-27788.exe
1196	Unicorn-44316.exe
1648	Unicorn-36702.exe
2280	Unicorn-64736.exe
2392	Unicorn-11259.exe
1924	Unicorn-58322.exe
1624	Unicorn-54238.exe
1868	Unicorn-58322.exe
1968	Unicorn-58322.exe
1516	Unicorn-34372.exe
1484	Unicorn-65099.exe
1808	Unicorn-65099.exe
2244	Unicorn-46625.exe
1288	Unicorn-953.exe
2308	Unicorn-44399.exe
688	Unicorn-25925.exe
2868	Unicorn-1975.exe
1464	Unicorn-52567.exe
1640	Unicorn-44762.exe
2228	Unicorn-60543.exe
1552	Unicorn-52930.exe
2260	Unicorn-42069.exe
2620	Unicorn-48846.exe
2720	Unicorn-27871.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exeUnicorn-107.exeUnicorn-37693.exeUnicorn-57559.exeUnicorn-61534.exeUnicorn-19110.exeUnicorn-8249.exeUnicorn-16178.exe

description	pid	process	target process
PID 1600 wrote to memory of 2156	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-107.exe
PID 1600 wrote to memory of 2156	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-107.exe
PID 1600 wrote to memory of 2156	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-107.exe
PID 1600 wrote to memory of 2156	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-107.exe
PID 1600 wrote to memory of 2968	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-37693.exe
PID 1600 wrote to memory of 2968	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-37693.exe
PID 1600 wrote to memory of 2968	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-37693.exe
PID 1600 wrote to memory of 2968	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	Unicorn-37693.exe
PID 2156 wrote to memory of 2272	2156	Unicorn-107.exe	Unicorn-57559.exe
PID 2156 wrote to memory of 2272	2156	Unicorn-107.exe	Unicorn-57559.exe
PID 2156 wrote to memory of 2272	2156	Unicorn-107.exe	Unicorn-57559.exe
PID 2156 wrote to memory of 2272	2156	Unicorn-107.exe	Unicorn-57559.exe
PID 1600 wrote to memory of 2724	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	WerFault.exe
PID 1600 wrote to memory of 2724	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	WerFault.exe
PID 1600 wrote to memory of 2724	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	WerFault.exe
PID 1600 wrote to memory of 2724	1600	82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe	WerFault.exe
PID 2968 wrote to memory of 2740	2968	Unicorn-37693.exe	Unicorn-61534.exe
PID 2968 wrote to memory of 2740	2968	Unicorn-37693.exe	Unicorn-61534.exe
PID 2968 wrote to memory of 2740	2968	Unicorn-37693.exe	Unicorn-61534.exe
PID 2968 wrote to memory of 2740	2968	Unicorn-37693.exe	Unicorn-61534.exe
PID 2272 wrote to memory of 2516	2272	Unicorn-57559.exe	Unicorn-8249.exe
PID 2272 wrote to memory of 2516	2272	Unicorn-57559.exe	Unicorn-8249.exe
PID 2272 wrote to memory of 2516	2272	Unicorn-57559.exe	Unicorn-8249.exe
PID 2272 wrote to memory of 2516	2272	Unicorn-57559.exe	Unicorn-8249.exe
PID 2156 wrote to memory of 2580	2156	Unicorn-107.exe	Unicorn-19110.exe
PID 2156 wrote to memory of 2580	2156	Unicorn-107.exe	Unicorn-19110.exe
PID 2156 wrote to memory of 2580	2156	Unicorn-107.exe	Unicorn-19110.exe
PID 2156 wrote to memory of 2580	2156	Unicorn-107.exe	Unicorn-19110.exe
PID 2156 wrote to memory of 2120	2156	Unicorn-107.exe	WerFault.exe
PID 2156 wrote to memory of 2120	2156	Unicorn-107.exe	WerFault.exe
PID 2156 wrote to memory of 2120	2156	Unicorn-107.exe	WerFault.exe
PID 2156 wrote to memory of 2120	2156	Unicorn-107.exe	WerFault.exe
PID 2968 wrote to memory of 2528	2968	Unicorn-37693.exe	Unicorn-16178.exe
PID 2968 wrote to memory of 2528	2968	Unicorn-37693.exe	Unicorn-16178.exe
PID 2968 wrote to memory of 2528	2968	Unicorn-37693.exe	Unicorn-16178.exe
PID 2968 wrote to memory of 2528	2968	Unicorn-37693.exe	Unicorn-16178.exe
PID 2740 wrote to memory of 1140	2740	Unicorn-61534.exe	Unicorn-36044.exe
PID 2740 wrote to memory of 1140	2740	Unicorn-61534.exe	Unicorn-36044.exe
PID 2740 wrote to memory of 1140	2740	Unicorn-61534.exe	Unicorn-36044.exe
PID 2740 wrote to memory of 1140	2740	Unicorn-61534.exe	Unicorn-36044.exe
PID 2580 wrote to memory of 2656	2580	Unicorn-19110.exe	Unicorn-21846.exe
PID 2580 wrote to memory of 2656	2580	Unicorn-19110.exe	Unicorn-21846.exe
PID 2580 wrote to memory of 2656	2580	Unicorn-19110.exe	Unicorn-21846.exe
PID 2580 wrote to memory of 2656	2580	Unicorn-19110.exe	Unicorn-21846.exe
PID 2272 wrote to memory of 1256	2272	Unicorn-57559.exe	Unicorn-14232.exe
PID 2272 wrote to memory of 1256	2272	Unicorn-57559.exe	Unicorn-14232.exe
PID 2272 wrote to memory of 1256	2272	Unicorn-57559.exe	Unicorn-14232.exe
PID 2272 wrote to memory of 1256	2272	Unicorn-57559.exe	Unicorn-14232.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-8249.exe	Unicorn-34098.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-8249.exe	Unicorn-34098.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-8249.exe	Unicorn-34098.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-8249.exe	Unicorn-34098.exe
PID 2968 wrote to memory of 1936	2968	Unicorn-37693.exe	WerFault.exe
PID 2968 wrote to memory of 1936	2968	Unicorn-37693.exe	WerFault.exe
PID 2968 wrote to memory of 1936	2968	Unicorn-37693.exe	WerFault.exe
PID 2968 wrote to memory of 1936	2968	Unicorn-37693.exe	WerFault.exe
PID 2272 wrote to memory of 2292	2272	Unicorn-57559.exe	WerFault.exe
PID 2272 wrote to memory of 2292	2272	Unicorn-57559.exe	WerFault.exe
PID 2272 wrote to memory of 2292	2272	Unicorn-57559.exe	WerFault.exe
PID 2272 wrote to memory of 2292	2272	Unicorn-57559.exe	WerFault.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-16178.exe	Unicorn-36283.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-16178.exe	Unicorn-36283.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-16178.exe	Unicorn-36283.exe
PID 2528 wrote to memory of 1612	2528	Unicorn-16178.exe	Unicorn-36283.exe

C:\Users\Admin\AppData\Local\Temp\82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe
"C:\Users\Admin\AppData\Local\Temp\82af93b43e2b7627336159cc9ad9e71f4d5cb4b101d6305cb385b6c54325586b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-107.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65203.exe
9⤵
PID:1840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 200
10⤵
- Program crash
PID:2352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
8⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
9⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36719.exe
10⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
11⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50100.exe
12⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54148.exe
13⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55944.exe
14⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 236
13⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 236
12⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
10⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
9⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
8⤵
- Program crash
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9863.exe
9⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
10⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8605.exe
11⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
12⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
13⤵
PID:11660

C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
14⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
13⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
12⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
10⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
9⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51451.exe
8⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31483.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57798.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23354.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
12⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47070.exe
13⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 216
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
12⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
9⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 220
8⤵
- Program crash
PID:3516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
7⤵
- Program crash
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19022.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:656

C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64736.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34477.exe
8⤵
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
9⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57806.exe
11⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33764.exe
12⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 236
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
10⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 236
9⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35114.exe
8⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
11⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
12⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
11⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 216
9⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 220
8⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 236
7⤵
- Program crash
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
6⤵
- Program crash
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47248.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11918.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49298.exe
9⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8924.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64295.exe
11⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
12⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
13⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63162.exe
14⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
14⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
12⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
11⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35929.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23455.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54848.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
12⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
13⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
13⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
8⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37513.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31239.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26800.exe
11⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41159.exe
12⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
13⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 236
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
11⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
9⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
8⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
7⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41959.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33245.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
11⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
8⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 220
7⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34372.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-97.exe
8⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10961.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8984.exe
11⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24387.exe
12⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16806.exe
13⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 220
13⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 236
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
11⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 216
9⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
8⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
7⤵
- Program crash
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
6⤵
- Program crash
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:476

C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3750.exe
8⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
9⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60455.exe
10⤵
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12001.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
10⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
11⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
12⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18368.exe
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10296 -s 216
13⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
11⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
9⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25348.exe
8⤵
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
8⤵
- Program crash
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26863.exe
7⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-26740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26740.exe
8⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31291.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22415.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
12⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
13⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 216
13⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1695.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14246.exe
10⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
11⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33287.exe
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 220
12⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 220
8⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
7⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
7⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
10⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
11⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
12⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
12⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 220
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
8⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
7⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 240
6⤵
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27382.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1804.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20741.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15669.exe
12⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63380.exe
13⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
13⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
12⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
10⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
8⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45489.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
10⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
11⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-9384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9384.exe
12⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 216
12⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
11⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 220
7⤵
- Program crash
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
6⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
7⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25876.exe
10⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
12⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
12⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
11⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33983.exe
7⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55935.exe
8⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
9⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53468.exe
10⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
11⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 216
11⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
10⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
9⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
8⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 220
7⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
6⤵
- Program crash
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
5⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61363.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-953.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27138.exe
8⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47243.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53029.exe
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30152.exe
11⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
12⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59213.exe
13⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 236
13⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 236
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
11⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
8⤵
- Program crash
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
7⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14954.exe
9⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28909.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
11⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35705.exe
12⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35861.exe
13⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
13⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 216
12⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34175.exe
8⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 220
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 220
8⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
7⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46625.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20470.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47666.exe
10⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36369.exe
11⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4490.exe
12⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
12⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
11⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
10⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
8⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50045.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57523.exe
8⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
9⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-35902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35902.exe
10⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46846.exe
10⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
11⤵
PID:12200

C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33578.exe
12⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
11⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 240
10⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 236
9⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
8⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 220
7⤵
- Program crash
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
6⤵
- Program crash
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38561.exe
7⤵
PID:284

C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20710.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27399.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
10⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23869.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35707.exe
9⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
10⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
11⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
10⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 284 -s 240
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43823.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31867.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13592.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14054.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
11⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16567.exe
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
12⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
11⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
8⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 220
7⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-61674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61674.exe
6⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4373.exe
7⤵
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16661.exe
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5398.exe
9⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34340.exe
10⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49379.exe
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
11⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
9⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
8⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
7⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9064.exe
8⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6078.exe
9⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe
10⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22758.exe
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
10⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
9⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
8⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
7⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 220
6⤵
- Program crash
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
5⤵
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34804.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58322.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
7⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35100.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-34389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34389.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47308.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23074.exe
11⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
12⤵
PID:11500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
13⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 236
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 236
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
9⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
8⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37705.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49441.exe
10⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
11⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44579.exe
12⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
12⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
8⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
7⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8581.exe
6⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48395.exe
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
9⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38040.exe
10⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10401.exe
11⤵
PID:11624

C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37470.exe
12⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 236
10⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
9⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 216
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
7⤵
- Program crash
PID:4008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
6⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
6⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23263.exe
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32721.exe
9⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55798.exe
10⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2752.exe
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
10⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 220
9⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
8⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
7⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
6⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
5⤵
- Program crash
PID:604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-44451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44451.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36366.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50512.exe
9⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
10⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
11⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47282.exe
12⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14770.exe
13⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43432.exe
14⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
14⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
13⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
12⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14417.exe
11⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16333.exe
12⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
12⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26562.exe
8⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62126.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53888.exe
11⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37329.exe
12⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 216
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
12⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 236
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
9⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
8⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-39760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39760.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35523.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28393.exe
12⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
13⤵
PID:12272

C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61782.exe
14⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 236
13⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
12⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 236
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3942.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22412.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
10⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 300
11⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
10⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
7⤵
- Program crash
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65291.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
7⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65094.exe
8⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50541.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
11⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
12⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59633.exe
13⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 236
13⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 216
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
8⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38665.exe
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59752.exe
9⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
10⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-287.exe
11⤵
PID:11692

C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46239.exe
12⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 236
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
10⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
9⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 216
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
7⤵
- Program crash
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
6⤵
- Program crash
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1145.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60543.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61010.exe
8⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39651.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37653.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
11⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61060.exe
12⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32628.exe
13⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
13⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 216
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1119.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43875.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64817.exe
10⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15393.exe
11⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57459.exe
12⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
12⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37060.exe
7⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
8⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61477.exe
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
9⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31901.exe
10⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31673.exe
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
11⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
10⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
9⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
8⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36122.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33538.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53696.exe
10⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57064.exe
11⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 220
12⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 236
11⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54212.exe
7⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61498.exe
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21024.exe
9⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30422.exe
10⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7635.exe
11⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 236
11⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 236
10⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
9⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 236
8⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 220
7⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 240
5⤵
- Program crash
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57362.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27788.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27871.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
8⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
9⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61965.exe
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
10⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60510.exe
11⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
7⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41597.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
10⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55933.exe
11⤵
PID:10164

C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10164 -s 220
12⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
11⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
8⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
7⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20257.exe
6⤵
- Executes dropped EXE
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22656.exe
7⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39459.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41545.exe
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe
10⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
11⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
12⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11180 -s 220
12⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
11⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
10⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
7⤵
- Program crash
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
6⤵
- Program crash
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7922.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5312.exe
6⤵
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
7⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18586.exe
6⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
7⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
8⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63722.exe
9⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
10⤵
PID:11400

C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28534.exe
11⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
10⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
9⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
8⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
7⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
6⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
5⤵
- Program crash
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28198.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50346.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42069.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30284.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43002.exe
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55559.exe
10⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8958.exe
11⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35373.exe
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
12⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
11⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
10⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
7⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8732.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53797.exe
9⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26499.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59498.exe
11⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49047.exe
12⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 220
12⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
10⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 216
8⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
7⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64819.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3745.exe
8⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
9⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22939.exe
10⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6675.exe
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 220
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
10⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
9⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
8⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 216
7⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
6⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61207.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25925.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7341.exe
7⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49874.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16556.exe
10⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39083.exe
11⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52176.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38176.exe
7⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55084.exe
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14993.exe
9⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45907.exe
10⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 236
11⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
10⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
9⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
8⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
7⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
6⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16281.exe
9⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44646.exe
10⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47241.exe
11⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 236
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 236
10⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
9⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
7⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
6⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
5⤵
- Program crash
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39058.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52567.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18224.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35868.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30388.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9456.exe
10⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20033.exe
11⤵
PID:8904

C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36525.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 216
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
7⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48862.exe
8⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38237.exe
9⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47059.exe
10⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25150.exe
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
11⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
10⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
9⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
8⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
7⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49505.exe
6⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29345.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51083.exe
8⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50764.exe
9⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62155.exe
10⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25171.exe
11⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
11⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 216
10⤵
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
9⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 236
8⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 216
7⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
6⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
6⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50896.exe
7⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38097.exe
8⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
9⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-60458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60458.exe
10⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28866.exe
11⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
10⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
9⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
8⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
7⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
6⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe
7⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45720.exe
8⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
9⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
10⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 216
10⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
9⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
8⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
7⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
6⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
5⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
4⤵
- Program crash
PID:2984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
2⤵
- Program crash
PID:2724

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe

Filesize
184KB

MD5
fe98d03b8fda95f804ac754256946907

SHA1
2448298301910d8e23269d9977aa1fc212af5f3b

SHA256
1f28557f6c7d3ca6e0f7a83e0f8747c7927fd0e00dcbdc04752b9d2b86a93da2

SHA512
1afbca17710697e8f8ace1664602aa4c1e2d359147246d409a3ddac93c3884e9355887a3d63101cc3f5b36eacf3ff89a091546513b4b1e703a9f33c4e913a5f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1799.exe

Filesize
184KB

MD5
38b5eea08e23e1a7cd8980e9ff8ba692

SHA1
624158363a2e1bcda2f0e156af5366b35dddd31e

SHA256
a7195483662ae3a34d16abaf31a1e9ee7aa5d9aa5f4ba1701e1ccb2a07da929d

SHA512
d62cd101d001c1efc61a369c7b07a1db140713ace6d55717b1f6a9500bce2b08d9ce9365ac533d5c23296b8c6a2fff75a8b19818ccf3f0e94456cc6ea608b6f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19110.exe

Filesize
184KB

MD5
909b676eda620368b73b3b51c2ffdb7f

SHA1
e8e1505318f41732db810632d9394b0ae0494b0f

SHA256
e24b2bc8e0920eccd62efb0ff5bb247cff05572891596209d994be8fb3ac5347

SHA512
6c35533b56c3171accaa69934ce70620fd8f3001418199b0ee6d4e3e1be25519e9501b8202601b3b3369a74e6b7228a1b7c7fa38adeb547540844e564564ea6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39514.exe

Filesize
184KB

MD5
aecb081bf4446b5ae20d25880f3d50f4

SHA1
6d183c1c23384886a93a22008711cd7a4fbe617d

SHA256
34ef4dd78e39dd032333cd53af6ee401377c9ee345b62cbfabab048e35d6d023

SHA512
c2c2a6b359f477c804c7c0dd75d9b006e2a7eb6bf72e518e70c6d2ab0816df7a91cd81ef75bcbf192a7fc7e75c7887fd54ce33297f613b918ea665adb553f728

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe

Filesize
184KB

MD5
91e765dfc399a2c64552cd73e5390bdf

SHA1
86caef77b233d65c3bfd876c997b34fc132b4f42

SHA256
51b665e591cdcf69a5f302c72b30e6bb174bf714db6c538f0c213c7cfb4da028

SHA512
261385b24389dfd12f384202ac3c99ea52486ab1842cd1b2becbfaf45aa7b0af4f56c78be333b631e6ca74b3dc382ec1ca17dcca0eb2426403bd725a77a73dd2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44451.exe

Filesize
184KB

MD5
aa44ae49fbf8279903101e6215f947b4

SHA1
f056f7454585bda6d8fb43507381877e0398376e

SHA256
20c3a01b2e470338c4e73e0acf337a79b2cd40f0b4a9b5922baa38aaa786e588

SHA512
3a3e6a0b98605711b866821b4e2cac0f4766804ab7245c6bf467d0a32263382ddcad69858f2dd3cb51c3ca26475a7a5ca6ef55d3e87ad8fdbec92a860330ea76

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47111.exe

Filesize
184KB

MD5
97c7f729254f0fd8e524dbd42f8540d4

SHA1
8aafd0c6289e8ebccefab0823965326af942ec7e

SHA256
3a4121275d105c9434b66f3c1259a655a8c34f4e3b3883a82dc1e4079405928b

SHA512
13f3c24a65fdb2a79604e4616d298dd1f14df6e82b7746fc5ee8485c951d1611ca7760132e93e4b8fb545b82af1b74696bb7566b6d3aea680738fb4fdbddd43f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5992.exe

Filesize
184KB

MD5
1bf986ec22753b00f2bc50b3ab67f196

SHA1
ab6944900308d729d1758c361802db1c5a045831

SHA256
00c50dbf31fc3f21518456cc7b6e3c3ba819dd59e099293584596747c49143b5

SHA512
15ce8e4045962d29c64829ab0fe72855eb2f36b5b4088b1054d6b134679971b572123de822e4cf43b2cac5af79c2c66b5c77a3aabb0861100db20e2f71b3d4fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe

Filesize
184KB

MD5
39563bf9c0a50874eb5d2ee2ca0e2b9d

SHA1
5b75c3e017a5dc0bf9d1003028f728b36e99ac43

SHA256
00674217975a110bcdbba80f5bf5f222895a5a4ab800fc16b7cc4cb039316aa4

SHA512
3fb94c737593a043fdc887a657d676bc06b73b349fa72877b39c178364799204fcb1d35c7dd70a98df561beaaa2df898ff86702e076c38072e2a3bc75a9185e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63193.exe

Filesize
184KB

MD5
b5bc201f519e18ce98aa17085560c556

SHA1
27edacbfba4616f588c73fb0d4ccaffd04513710

SHA256
eec943b4417729ad79535b77d20646149fd48db494e6be54ce058ce16d47828e

SHA512
574de4920852d3fab78ccd5ccba992924ab42168d75474bb80daf1040af304098059b8497cff0c9f49c18eca1c3940ade004caf61d69b6ee7d7fd4f0d3aac8ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe

Filesize
184KB

MD5
3ced2bcc1534e5645920c966b220285c

SHA1
6815aad3708e3e252015c764effe4ba7097fe5f5

SHA256
3afa173dd0e47e0302528a0dd288fc6847f32aa2fc1a457d4818261458e44733

SHA512
7a6135c78c6fa057586018d30e3b2b1b1fcd80f59c4e261d5ff0f6a52f57e66bc3ed13996844c2b583ddeabcbf0a12e72defb944c6a74a34d54ccb992ab022a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-107.exe

Filesize
184KB

MD5
88af32ac1edbf9eef6b100ab0b4c3b03

SHA1
4f3c44cc4dd6f75e42e4f0c4c8453add8dedcedc

SHA256
e6f7ccdfb84979e1f0ab7d6e982ebe0b0ccbacee7bcdde7427d743b27c8f127f

SHA512
24ee6a35023f5683fb91b87bdc3769b056e39b805d0debebe9b6268e77eb6e4f9c04e732b41f7f0e090d32dfd22de7e8380ae6628b55c1aadb5bc077d36c3c69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe

Filesize
184KB

MD5
9fdb361b5b7a65cca89e30925870abcb

SHA1
804627030ebc6ba2aa198796e3af6f1491ab9492

SHA256
e4a73908c2d9fc6881e658bd1d22cb6b7d6108d7dc2fa0fa1cdec1e3f810bd54

SHA512
bdbdbd1ef5803fc7b1fa3fd1e48b8ffaf8dbd491c1b2c879293ef7ca9329059bcf5c726a3112c86e0fddd44db144bb07bfa5aa9833d93f92f437dc046c713410

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe

Filesize
184KB

MD5
e1d4fdfbd4bb36cba22c173ce0b105ab

SHA1
e22d00faf9a9128ee66706441d90de8115c1708d

SHA256
b9d7518868377806fe466678aecc09a74efdbe5a9c43feb02db3f4742759a03e

SHA512
a49582681675ad188dc865f51b68e2e80b5b849b64bc29dd4b802ab19e160cddef69b9a44309d1ef088c8a7b0a2e9794981589e4a2c2441364e11fadc9b24d49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2027.exe

Filesize
184KB

MD5
3c4befbcff1546c7259c71d48fb049ce

SHA1
efbebe331970d0fb815a4b9397cba154ec5ed80a

SHA256
250cab51c0005cb8ae1019e5544855e3663c7fe1b1a9e6df3dccd2797e0b8530

SHA512
2954f4104dd6fb9add2f44b828b205a595523b846d42684e9f6cdce5b7c1313e5235bbe9585f024ba50af3abdbc6d2a04b49d7e6d914ea4241a3391a0f39af09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21846.exe

Filesize
184KB

MD5
d8ff3c4665bf1f023458133a95da8414

SHA1
a04a845667bc8c3c27902d901658cd246778b441

SHA256
46888f1a23c96a7be4bb7d08db897ffc0408c399075a64dd4c6ba8b848f2a532

SHA512
b3770e9e1b37f33615000becfddc2b652d7dcf68d02cca7870a39338b1299f17b9422df635102a0012c87701a612ac3b707e9f3be98650da88c57e0f9d91d0c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34098.exe

Filesize
184KB

MD5
83d494929e7841bdf2e338b0a8567e07

SHA1
cc8367b140fd22ce90f54cfbaa0da8c713d5ca71

SHA256
ef5182afb3456b43ffd49945a644ddb7f257113b40e5b4818c603651e21eccd2

SHA512
e03ecaa554f3e6e4e138aee29aec9e243379635d6f4f1059e00b1127ea053e72922df272ca43f1391d785f3b51c3d741c14461503221511cee093beb6072af3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36044.exe

Filesize
184KB

MD5
53ea8a37f58cb17b0ac0724f6d4566e3

SHA1
a46ecb9a84f82069a11c77f9c798e38c2fcdca2c

SHA256
57e979511117915b5883f729f00bffd4f6792e22ccfba32b7f2690ca9f951458

SHA512
b6eb65377233c9767f3cf34cfb139148670b992c21643b46dd9cfda208499bff5ef6919194a585820bbfc54f0e2be647d0ddb639b578acf01b4186a51d5d70a2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36283.exe

Filesize
184KB

MD5
ab3e3bcdc4b37c059ed11735df7b1641

SHA1
91345a9025b3e14e0ca8b6a9676f01e1400cecf9

SHA256
04fb4419139873c9d4c7e70d462cbe81624f6e8bf33ec0c3ffc24857e23bd257

SHA512
dda473a5fe6a4151a3826f4ac751e4af4cb4488f145b2b6bfaf93fa90dcb2496d9632fc2dcc52a45890db9b52877e9ca0be45b86c4650dfccd51f854b5d28f4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe

Filesize
184KB

MD5
28d2203c54f490ff1166fa9f36ae635d

SHA1
57c5fc2422c68dcd12965582c15f5ce385b8a0ad

SHA256
2de35d7d9ee18c3d2d046257797fe84899d516f17b030181b9377ab90a319d9d

SHA512
30b13bbdbbee98bd57315761002c74eff0dd13a96a8dc03aa7d498e5399591c4f7c5bb97e2652f68c28f4438b0b401036a9c66a9551978851a7d6171698f721e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57559.exe

Filesize
184KB

MD5
b4c0138608f52e5f79af4dc723436bc1

SHA1
540b80ad80df943b7fe2e04869a2354683e549ac

SHA256
5ae3df73632743b4a368c4f549cc114871918f127cd87089c7bf34034ce1f8d7

SHA512
2618dcf2923faa3b52afe26293ef41af04005e1dcf620c57ae72297dd9f097584c32db21f18a864de9b756e276857d2e99e625b6236691d78e14b8da8e0c0588

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe

Filesize
184KB

MD5
306f20ec9ccd7dceac987a6e186b46c3

SHA1
d9df478f0eb1b22f746c44546d0fe14c2d454e21

SHA256
b53c6e4926aa11d59fb3994894400a9c208e11da18ff2f7418058199c8641077

SHA512
fe91da9c93456bf9aa759f3f7b2493c6601c70035f4adcb216f9f29076d1d9c24a0caf42b8b0d4c392478cfa328842eec498ca4a3e6ed4d8d3ebd4406919d430

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8249.exe

Filesize
184KB

MD5
a0c2c883b7d70d9bd08e8b32be3eadec

SHA1
3b23120d8d5fdbde843a9c42eaf0d01e7eec9345

SHA256
7fe17bf99b848d81c2b5737b74391570a4cc4abb304555116a4915b1020f89cc

SHA512
732dc8ae99e7023dc732d8cb51ea0f544bd523ab7d00c4122a5574c1e1c804060774a55e16c2d56ddcc6721829acf6d8b1d16114f2732b131c09319c19326968

Download Submit