86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
Size

184KB
MD5

33cd426068a5dcc80167ec497f6bd858
SHA1

148c30c3cc8cd531e3542403d8538d9b8e7fd2cf
SHA256

86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87
SHA512

a117e30b776dc4285303b1df933843c5fc198fc89529cc7604b834b009d2544f84194fe08f5f5472fe627b1c51f243d89f0e267e9bf6da13322fefc27b32a813
SSDEEP

1536:iBSx66ZluPgmo+x1wJzAlawSc29yvZc8nmd9j4L+20zutuhl5hj5nizpH8:+D7Pgmo6WJzTjc4We94L+rcuhlnViFc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-18772.exeUnicorn-29161.exeUnicorn-9295.exeUnicorn-9150.exeUnicorn-29016.exeUnicorn-16764.exeUnicorn-42420.exeUnicorn-46504.exeUnicorn-61449.exeUnicorn-3525.exeUnicorn-18470.exeUnicorn-17999.exeUnicorn-32943.exeUnicorn-38611.exeUnicorn-7884.exeUnicorn-8439.exeUnicorn-12523.exeUnicorn-32389.exeUnicorn-50863.exeUnicorn-53084.exeUnicorn-39763.exeUnicorn-19897.exeUnicorn-3883.exeUnicorn-56099.exeUnicorn-36233.exeUnicorn-53639.exeUnicorn-63774.exeUnicorn-7474.exeUnicorn-59690.exeUnicorn-59690.exeUnicorn-25434.exeUnicorn-25434.exeUnicorn-5035.exeUnicorn-39846.exeUnicorn-19980.exeUnicorn-19980.exeUnicorn-43930.exeUnicorn-60842.exeUnicorn-61397.exeUnicorn-15726.exeUnicorn-30670.exeUnicorn-11641.exeUnicorn-34946.exeUnicorn-24086.exeUnicorn-8304.exeUnicorn-17864.exeUnicorn-52674.exeUnicorn-40422.exeUnicorn-9695.exeUnicorn-55367.exeUnicorn-29924.exeUnicorn-10058.exeUnicorn-56805.exeUnicorn-14573.exeUnicorn-34439.exeUnicorn-7796.exeUnicorn-6405.exeUnicorn-20049.exeUnicorn-57552.exeUnicorn-16327.exeUnicorn-36193.exeUnicorn-28025.exeUnicorn-1937.exeUnicorn-13634.exe

pid	process
2972	Unicorn-18772.exe
2592	Unicorn-29161.exe
2836	Unicorn-9295.exe
2996	Unicorn-9150.exe
2576	Unicorn-29016.exe
3000	Unicorn-16764.exe
2768	Unicorn-42420.exe
648	Unicorn-46504.exe
1844	Unicorn-61449.exe
780	Unicorn-3525.exe
1796	Unicorn-18470.exe
2032	Unicorn-17999.exe
2248	Unicorn-32943.exe
2280	Unicorn-38611.exe
560	Unicorn-7884.exe
1040	Unicorn-8439.exe
2840	Unicorn-12523.exe
1788	Unicorn-32389.exe
2012	Unicorn-50863.exe
1716	Unicorn-53084.exe
1496	Unicorn-39763.exe
1304	Unicorn-19897.exe
552	Unicorn-3883.exe
2232	Unicorn-56099.exe
112	Unicorn-36233.exe
1232	Unicorn-53639.exe
1676	Unicorn-63774.exe
2056	Unicorn-7474.exe
1444	Unicorn-59690.exe
1476	Unicorn-59690.exe
1564	Unicorn-25434.exe
2808	Unicorn-25434.exe
2684	Unicorn-5035.exe
2416	Unicorn-39846.exe
2432	Unicorn-19980.exe
108	Unicorn-19980.exe
2436	Unicorn-43930.exe
2716	Unicorn-60842.exe
2468	Unicorn-61397.exe
2728	Unicorn-15726.exe
2788	Unicorn-30670.exe
2776	Unicorn-11641.exe
1468	Unicorn-34946.exe
2220	Unicorn-24086.exe
276	Unicorn-8304.exe
1852	Unicorn-17864.exe
1472	Unicorn-52674.exe
2928	Unicorn-40422.exe
2256	Unicorn-9695.exe
2036	Unicorn-55367.exe
2272	Unicorn-29924.exe
540	Unicorn-10058.exe
548	Unicorn-56805.exe
2092	Unicorn-14573.exe
2336	Unicorn-34439.exe
2044	Unicorn-7796.exe
900	Unicorn-6405.exe
1508	Unicorn-20049.exe
288	Unicorn-57552.exe
2552	Unicorn-16327.exe
2472	Unicorn-36193.exe
2348	Unicorn-28025.exe
2924	Unicorn-1937.exe
2976	Unicorn-13634.exe

Loads dropped DLL 64 IoCs

Processes:

86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exeUnicorn-18772.exeUnicorn-29161.exeUnicorn-9295.exeWerFault.exeUnicorn-9150.exeUnicorn-29016.exeUnicorn-16764.exeWerFault.exeWerFault.exeUnicorn-42420.exeUnicorn-61449.exeUnicorn-46504.exeUnicorn-3525.exeUnicorn-18470.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
2972	Unicorn-18772.exe
2972	Unicorn-18772.exe
2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
2972	Unicorn-18772.exe
2592	Unicorn-29161.exe
2972	Unicorn-18772.exe
2592	Unicorn-29161.exe
2836	Unicorn-9295.exe
2836	Unicorn-9295.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2240	WerFault.exe
2996	Unicorn-9150.exe
2996	Unicorn-9150.exe
2576	Unicorn-29016.exe
2576	Unicorn-29016.exe
2592	Unicorn-29161.exe
2592	Unicorn-29161.exe
3000	Unicorn-16764.exe
3000	Unicorn-16764.exe
2836	Unicorn-9295.exe
2836	Unicorn-9295.exe
2628	WerFault.exe
2628	WerFault.exe
2628	WerFault.exe
2628	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2628	WerFault.exe
2936	WerFault.exe
2768	Unicorn-42420.exe
2768	Unicorn-42420.exe
2996	Unicorn-9150.exe
2996	Unicorn-9150.exe
1844	Unicorn-61449.exe
1844	Unicorn-61449.exe
648	Unicorn-46504.exe
648	Unicorn-46504.exe
2576	Unicorn-29016.exe
2576	Unicorn-29016.exe
3000	Unicorn-16764.exe
3000	Unicorn-16764.exe
780	Unicorn-3525.exe
780	Unicorn-3525.exe
1796	Unicorn-18470.exe
1796	Unicorn-18470.exe
1600	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
452	WerFault.exe
2008	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2720	2192	WerFault.exe	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
2240	2972	WerFault.exe	Unicorn-18772.exe
2628	2592	WerFault.exe	Unicorn-29161.exe
2936	2836	WerFault.exe	Unicorn-9295.exe
1600	2996	WerFault.exe	Unicorn-9150.exe
452	2576	WerFault.exe	Unicorn-29016.exe
2008	3000	WerFault.exe	Unicorn-16764.exe
1540	2768	WerFault.exe	Unicorn-42420.exe
2520	1844	WerFault.exe	Unicorn-61449.exe
2024	648	WerFault.exe	Unicorn-46504.exe
1848	780	WerFault.exe	Unicorn-3525.exe
2540	1796	WerFault.exe	Unicorn-18470.exe
2852	2032	WerFault.exe	Unicorn-17999.exe
2372	2248	WerFault.exe	Unicorn-32943.exe
1616	2280	WerFault.exe	Unicorn-38611.exe
3036	560	WerFault.exe	Unicorn-7884.exe
1220	1040	WerFault.exe	Unicorn-8439.exe
1624	2840	WerFault.exe	Unicorn-12523.exe
796	2012	WerFault.exe	Unicorn-50863.exe
1712	1788	WerFault.exe	Unicorn-32389.exe
2440	1496	WerFault.exe	Unicorn-39763.exe
2464	1716	WerFault.exe	Unicorn-53084.exe
2920	1304	WerFault.exe	Unicorn-19897.exe
2772	552	WerFault.exe	Unicorn-3883.exe
2956	2232	WerFault.exe	Unicorn-56099.exe
1420	1676	WerFault.exe	Unicorn-63774.exe
1948	2056	WerFault.exe	Unicorn-7474.exe
348	1564	WerFault.exe	Unicorn-25434.exe
1416	2808	WerFault.exe	Unicorn-25434.exe
1604	1476	WerFault.exe	Unicorn-59690.exe
568	1444	WerFault.exe	Unicorn-59690.exe
1588	1232	WerFault.exe	Unicorn-53639.exe
972	112	WerFault.exe	Unicorn-36233.exe
2584	2588	WerFault.exe	Unicorn-33815.exe
3608	2684	WerFault.exe	Unicorn-5035.exe
3628	2416	WerFault.exe	Unicorn-39846.exe
3744	2716	WerFault.exe	Unicorn-60842.exe
3776	2432	WerFault.exe	Unicorn-19980.exe
3800	2436	WerFault.exe	Unicorn-43930.exe
3904	2728	WerFault.exe	Unicorn-15726.exe
3928	2220	WerFault.exe	Unicorn-24086.exe
3952	2256	WerFault.exe	Unicorn-9695.exe
3944	2272	WerFault.exe	Unicorn-29924.exe
3968	2776	WerFault.exe	Unicorn-11641.exe
4012	276	WerFault.exe	Unicorn-8304.exe
4020	2036	WerFault.exe	Unicorn-55367.exe
4044	2928	WerFault.exe	Unicorn-40422.exe
4052	1472	WerFault.exe	Unicorn-52674.exe
4084	540	WerFault.exe	Unicorn-10058.exe
3104	2468	WerFault.exe	Unicorn-61397.exe
3132	2788	WerFault.exe	Unicorn-30670.exe
3216	1852	WerFault.exe	Unicorn-17864.exe
3240	1468	WerFault.exe	Unicorn-34946.exe
3872	548	WerFault.exe	Unicorn-56805.exe
3544	1508	WerFault.exe	Unicorn-20049.exe
4208	2088	WerFault.exe	Unicorn-45108.exe
4200	2672	WerFault.exe	Unicorn-26079.exe
4224	2480	WerFault.exe	Unicorn-26079.exe
4264	2908	WerFault.exe	Unicorn-14381.exe
4276	2948	WerFault.exe	Unicorn-34247.exe
4304	1880	WerFault.exe	Unicorn-26633.exe
4296	2912	WerFault.exe	Unicorn-46499.exe
4344	2880	WerFault.exe	Unicorn-45108.exe
4400	2976	WerFault.exe	Unicorn-13634.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exeUnicorn-18772.exeUnicorn-29161.exeUnicorn-9295.exeUnicorn-29016.exeUnicorn-9150.exeUnicorn-16764.exeUnicorn-42420.exeUnicorn-46504.exeUnicorn-61449.exeUnicorn-18470.exeUnicorn-3525.exeUnicorn-17999.exeUnicorn-32943.exeUnicorn-38611.exeUnicorn-7884.exeUnicorn-8439.exeUnicorn-12523.exeUnicorn-32389.exeUnicorn-50863.exeUnicorn-53084.exeUnicorn-39763.exeUnicorn-19897.exeUnicorn-3883.exeUnicorn-56099.exeUnicorn-36233.exeUnicorn-53639.exeUnicorn-63774.exeUnicorn-7474.exeUnicorn-59690.exeUnicorn-25434.exeUnicorn-59690.exeUnicorn-25434.exeUnicorn-5035.exeUnicorn-39846.exeUnicorn-19980.exeUnicorn-19980.exeUnicorn-43930.exeUnicorn-60842.exeUnicorn-15726.exeUnicorn-30670.exeUnicorn-61397.exeUnicorn-11641.exeUnicorn-34946.exeUnicorn-8304.exeUnicorn-24086.exeUnicorn-52674.exeUnicorn-9695.exeUnicorn-17864.exeUnicorn-40422.exeUnicorn-29924.exeUnicorn-55367.exeUnicorn-10058.exeUnicorn-56805.exeUnicorn-14573.exeUnicorn-34439.exeUnicorn-7796.exeUnicorn-6405.exeUnicorn-20049.exeUnicorn-57552.exeUnicorn-16327.exeUnicorn-36193.exeUnicorn-28025.exeUnicorn-1937.exe

pid	process
2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
2972	Unicorn-18772.exe
2592	Unicorn-29161.exe
2836	Unicorn-9295.exe
2576	Unicorn-29016.exe
2996	Unicorn-9150.exe
3000	Unicorn-16764.exe
2768	Unicorn-42420.exe
648	Unicorn-46504.exe
1844	Unicorn-61449.exe
1796	Unicorn-18470.exe
780	Unicorn-3525.exe
2032	Unicorn-17999.exe
2248	Unicorn-32943.exe
2280	Unicorn-38611.exe
560	Unicorn-7884.exe
1040	Unicorn-8439.exe
2840	Unicorn-12523.exe
1788	Unicorn-32389.exe
2012	Unicorn-50863.exe
1716	Unicorn-53084.exe
1496	Unicorn-39763.exe
1304	Unicorn-19897.exe
552	Unicorn-3883.exe
2232	Unicorn-56099.exe
112	Unicorn-36233.exe
1232	Unicorn-53639.exe
1676	Unicorn-63774.exe
2056	Unicorn-7474.exe
1476	Unicorn-59690.exe
1564	Unicorn-25434.exe
1444	Unicorn-59690.exe
2808	Unicorn-25434.exe
2684	Unicorn-5035.exe
2416	Unicorn-39846.exe
108	Unicorn-19980.exe
2432	Unicorn-19980.exe
2436	Unicorn-43930.exe
2716	Unicorn-60842.exe
2728	Unicorn-15726.exe
2788	Unicorn-30670.exe
2468	Unicorn-61397.exe
2776	Unicorn-11641.exe
1468	Unicorn-34946.exe
276	Unicorn-8304.exe
2220	Unicorn-24086.exe
1472	Unicorn-52674.exe
2256	Unicorn-9695.exe
1852	Unicorn-17864.exe
2928	Unicorn-40422.exe
2272	Unicorn-29924.exe
2036	Unicorn-55367.exe
540	Unicorn-10058.exe
548	Unicorn-56805.exe
2092	Unicorn-14573.exe
2336	Unicorn-34439.exe
2044	Unicorn-7796.exe
900	Unicorn-6405.exe
1508	Unicorn-20049.exe
288	Unicorn-57552.exe
2552	Unicorn-16327.exe
2472	Unicorn-36193.exe
2348	Unicorn-28025.exe
2924	Unicorn-1937.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exeUnicorn-18772.exeUnicorn-29161.exeUnicorn-9295.exeUnicorn-9150.exeUnicorn-29016.exeUnicorn-16764.exeUnicorn-42420.exe

description	pid	process	target process
PID 2192 wrote to memory of 2972	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-18772.exe
PID 2192 wrote to memory of 2972	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-18772.exe
PID 2192 wrote to memory of 2972	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-18772.exe
PID 2192 wrote to memory of 2972	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-18772.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-18772.exe	Unicorn-29161.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-18772.exe	Unicorn-29161.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-18772.exe	Unicorn-29161.exe
PID 2972 wrote to memory of 2592	2972	Unicorn-18772.exe	Unicorn-29161.exe
PID 2192 wrote to memory of 2836	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-9295.exe
PID 2192 wrote to memory of 2836	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-9295.exe
PID 2192 wrote to memory of 2836	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-9295.exe
PID 2192 wrote to memory of 2836	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	Unicorn-9295.exe
PID 2192 wrote to memory of 2720	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	WerFault.exe
PID 2192 wrote to memory of 2720	2192	86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe	WerFault.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-18772.exe	Unicorn-9150.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-18772.exe	Unicorn-9150.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-18772.exe	Unicorn-9150.exe
PID 2972 wrote to memory of 2996	2972	Unicorn-18772.exe	Unicorn-9150.exe
PID 2592 wrote to memory of 2576	2592	Unicorn-29161.exe	Unicorn-29016.exe
PID 2592 wrote to memory of 2576	2592	Unicorn-29161.exe	Unicorn-29016.exe
PID 2592 wrote to memory of 2576	2592	Unicorn-29161.exe	Unicorn-29016.exe
PID 2592 wrote to memory of 2576	2592	Unicorn-29161.exe	Unicorn-29016.exe
PID 2836 wrote to memory of 3000	2836	Unicorn-9295.exe	Unicorn-16764.exe
PID 2836 wrote to memory of 3000	2836	Unicorn-9295.exe	Unicorn-16764.exe
PID 2836 wrote to memory of 3000	2836	Unicorn-9295.exe	Unicorn-16764.exe
PID 2836 wrote to memory of 3000	2836	Unicorn-9295.exe	Unicorn-16764.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-18772.exe	WerFault.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-18772.exe	WerFault.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-18772.exe	WerFault.exe
PID 2972 wrote to memory of 2240	2972	Unicorn-18772.exe	WerFault.exe
PID 2996 wrote to memory of 2768	2996	Unicorn-9150.exe	Unicorn-42420.exe
PID 2996 wrote to memory of 2768	2996	Unicorn-9150.exe	Unicorn-42420.exe
PID 2996 wrote to memory of 2768	2996	Unicorn-9150.exe	Unicorn-42420.exe
PID 2996 wrote to memory of 2768	2996	Unicorn-9150.exe	Unicorn-42420.exe
PID 2576 wrote to memory of 648	2576	Unicorn-29016.exe	Unicorn-46504.exe
PID 2576 wrote to memory of 648	2576	Unicorn-29016.exe	Unicorn-46504.exe
PID 2576 wrote to memory of 648	2576	Unicorn-29016.exe	Unicorn-46504.exe
PID 2576 wrote to memory of 648	2576	Unicorn-29016.exe	Unicorn-46504.exe
PID 2592 wrote to memory of 1844	2592	Unicorn-29161.exe	Unicorn-61449.exe
PID 2592 wrote to memory of 1844	2592	Unicorn-29161.exe	Unicorn-61449.exe
PID 2592 wrote to memory of 1844	2592	Unicorn-29161.exe	Unicorn-61449.exe
PID 2592 wrote to memory of 1844	2592	Unicorn-29161.exe	Unicorn-61449.exe
PID 3000 wrote to memory of 780	3000	Unicorn-16764.exe	Unicorn-3525.exe
PID 3000 wrote to memory of 780	3000	Unicorn-16764.exe	Unicorn-3525.exe
PID 3000 wrote to memory of 780	3000	Unicorn-16764.exe	Unicorn-3525.exe
PID 3000 wrote to memory of 780	3000	Unicorn-16764.exe	Unicorn-3525.exe
PID 2836 wrote to memory of 1796	2836	Unicorn-9295.exe	Unicorn-18470.exe
PID 2836 wrote to memory of 1796	2836	Unicorn-9295.exe	Unicorn-18470.exe
PID 2836 wrote to memory of 1796	2836	Unicorn-9295.exe	Unicorn-18470.exe
PID 2836 wrote to memory of 1796	2836	Unicorn-9295.exe	Unicorn-18470.exe
PID 2592 wrote to memory of 2628	2592	Unicorn-29161.exe	WerFault.exe
PID 2592 wrote to memory of 2628	2592	Unicorn-29161.exe	WerFault.exe
PID 2592 wrote to memory of 2628	2592	Unicorn-29161.exe	WerFault.exe
PID 2592 wrote to memory of 2628	2592	Unicorn-29161.exe	WerFault.exe
PID 2836 wrote to memory of 2936	2836	Unicorn-9295.exe	WerFault.exe
PID 2836 wrote to memory of 2936	2836	Unicorn-9295.exe	WerFault.exe
PID 2836 wrote to memory of 2936	2836	Unicorn-9295.exe	WerFault.exe
PID 2836 wrote to memory of 2936	2836	Unicorn-9295.exe	WerFault.exe
PID 2768 wrote to memory of 2032	2768	Unicorn-42420.exe	Unicorn-17999.exe
PID 2768 wrote to memory of 2032	2768	Unicorn-42420.exe	Unicorn-17999.exe
PID 2768 wrote to memory of 2032	2768	Unicorn-42420.exe	Unicorn-17999.exe
PID 2768 wrote to memory of 2032	2768	Unicorn-42420.exe	Unicorn-17999.exe

C:\Users\Admin\AppData\Local\Temp\86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe
"C:\Users\Admin\AppData\Local\Temp\86a213486fd10db68221d63de726ef015ca4b5ad03746802634b988c1e861c87.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56099.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15726.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13634.exe
9⤵
- Executes dropped EXE
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
10⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
11⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51730.exe
12⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
13⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47641.exe
14⤵
PID:11268

C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38096.exe
15⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
14⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 236
13⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 216
11⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
10⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3359.exe
11⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12207.exe
12⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
13⤵
PID:11620

C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44593.exe
14⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
11⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
10⤵
- Program crash
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
9⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45487.exe
10⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41232.exe
11⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38077.exe
12⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54652.exe
13⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
13⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
12⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
11⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
10⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
9⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14381.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26546.exe
9⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11828.exe
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
11⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27413.exe
12⤵
PID:11348

C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19622.exe
13⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
11⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
- Program crash
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30670.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6042.exe
8⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-47542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47542.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12622.exe
10⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62804.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12695.exe
12⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
13⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
11⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34858.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
10⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41554.exe
11⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58329.exe
12⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
12⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
11⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62487.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
9⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
10⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63842.exe
11⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52514.exe
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 236
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
9⤵
PID:4500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
8⤵
- Program crash
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
7⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53639.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9695.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
8⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
9⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55186.exe
11⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44927.exe
12⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20094.exe
13⤵
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 216
13⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
9⤵
- Program crash
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
8⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25451.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22976.exe
11⤵
PID:9268

C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5760.exe
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9268 -s 216
12⤵
PID:13800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
11⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
9⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
8⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
7⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41080.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65004.exe
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65492.exe
10⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
11⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
10⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
8⤵
- Program crash
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
7⤵
- Program crash
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 240
6⤵
- Program crash
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8439.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-63774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63774.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11641.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26079.exe
8⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63302.exe
9⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
10⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57708.exe
11⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
12⤵
PID:11312

C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56378.exe
13⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 236
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
9⤵
- Program crash
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6680.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62399.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58170.exe
11⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
12⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 220
8⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
7⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51299.exe
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
11⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6658.exe
12⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
11⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
8⤵
- Program crash
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1958.exe
7⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24984.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13603.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
11⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53941.exe
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
12⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56924.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
10⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64683.exe
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 236
11⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
8⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39928.exe
7⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-2892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2892.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14070.exe
9⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45446.exe
10⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14774.exe
11⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10452 -s 216
11⤵
PID:14060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
10⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
8⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
7⤵
- Program crash
PID:3240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
6⤵
- Program crash
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60842.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20049.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28108.exe
9⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
10⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
11⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
12⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49390.exe
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
12⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
10⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
9⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28854.exe
8⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3193.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
10⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7516.exe
11⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
12⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
12⤵
PID:13724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
11⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
9⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57552.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
8⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15113.exe
11⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-241.exe
12⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42839.exe
13⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
12⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
10⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33137.exe
11⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
11⤵
PID:13568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
10⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
8⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
7⤵
- Program crash
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe
7⤵
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38798.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14760.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61896.exe
11⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
12⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
11⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24059.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40500.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
10⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43277.exe
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
11⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 220
10⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 220
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
7⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14449.exe
10⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9727.exe
11⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
11⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 220
10⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
8⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63266.exe
9⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2052.exe
10⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
10⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 220
9⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 220
8⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
6⤵
- Program crash
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36233.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29924.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7604.exe
7⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10017.exe
8⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
11⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30641.exe
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 220
11⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
10⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53691.exe
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
10⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
11⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 220
10⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
9⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
8⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58227.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8123.exe
10⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe
11⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
12⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35128.exe
9⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
10⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
11⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
10⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 240
9⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 220
8⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
7⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
6⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55134.exe
7⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41896.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44164.exe
10⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
11⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
11⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
8⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56841.exe
7⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59166.exe
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54714.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
10⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
10⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
9⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
8⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
7⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
6⤵
- Program crash
PID:972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 220
5⤵
- Program crash
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39846.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34439.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21201.exe
9⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25176.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
11⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3759.exe
12⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22665.exe
13⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
12⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
11⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 216
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52373.exe
9⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36956.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-43121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43121.exe
11⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1751.exe
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 236
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 220
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
10⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5419.exe
8⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
10⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
11⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 200
12⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
11⤵
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 236
9⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
8⤵
- Program crash
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41429.exe
8⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56478.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-51870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51870.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30968.exe
12⤵
PID:11520

C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45880.exe
13⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
11⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
10⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57500.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29312.exe
10⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
11⤵
PID:11480

C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
12⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220
9⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35145.exe
10⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33054.exe
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8612 -s 236
11⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
8⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
7⤵
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28025.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3084.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64257.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40848.exe
11⤵
PID:9764

C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62636.exe
12⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 236
12⤵
PID:14020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65092.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41808.exe
9⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6831.exe
10⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3622.exe
11⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
11⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
10⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 220
9⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 220
8⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35757.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-60728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60728.exe
9⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11927.exe
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 200
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
8⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
7⤵
- Program crash
PID:3776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19897.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24408.exe
8⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37812.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4174.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21414.exe
11⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13435.exe
12⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
12⤵
PID:13984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
10⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33858.exe
10⤵
PID:9360

C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42709.exe
11⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
7⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19037.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2244.exe
11⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
11⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
10⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
8⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
7⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1937.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
7⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15867.exe
11⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
8⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26005.exe
7⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3956.exe
8⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
9⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7182.exe
10⤵
PID:14276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
10⤵
PID:14140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
9⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
8⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
7⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
6⤵
- Program crash
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
5⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39763.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5035.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35591.exe
8⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15253.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17060.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
12⤵
PID:11428

C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12029.exe
13⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
11⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
10⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18605.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
10⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32867.exe
11⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23322.exe
12⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 236
10⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30198.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2093.exe
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
11⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
12⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
8⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50536.exe
7⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-19338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19338.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15996.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40516.exe
10⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34725.exe
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
10⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
8⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
7⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14573.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17117.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52394.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
10⤵
PID:8380

C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43827.exe
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 216
11⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
10⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 220
9⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57033.exe
7⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
8⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36043.exe
9⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-55428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55428.exe
10⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 236
10⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
9⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
8⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
6⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19980.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7796.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63987.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33920.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9135.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44408.exe
10⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
11⤵
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
11⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
10⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
8⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
7⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
8⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43889.exe
9⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
10⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
10⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
9⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 220
8⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
7⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-33815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33815.exe
6⤵
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 200
7⤵
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
6⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
5⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32389.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40422.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42415.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40744.exe
9⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10676.exe
10⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-58419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58419.exe
11⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16500.exe
12⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26648.exe
13⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
13⤵
PID:14080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
11⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 216
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
10⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8030.exe
11⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54909.exe
12⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
12⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
11⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
10⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 220
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
8⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35565.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
12⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 220
12⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
9⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
8⤵
- Program crash
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
7⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21943.exe
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5985.exe
10⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12856.exe
11⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13098.exe
12⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
11⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
10⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 216
8⤵
- Program crash
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
7⤵
- Program crash
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55367.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23941.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12731.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
11⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30537.exe
12⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56570.exe
13⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 220
13⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6332 -s 216
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 236
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58071.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20999.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42372.exe
12⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 220
10⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9861.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36332.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17247.exe
10⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35083.exe
11⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
11⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27676.exe
7⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23265.exe
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14428.exe
9⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 240
10⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
9⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
8⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
7⤵
- Program crash
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 220
6⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
7⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21087.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
11⤵
PID:10044

C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe
12⤵
PID:13356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10044 -s 216
12⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25280.exe
9⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
10⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58469.exe
11⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
11⤵
PID:13712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 216
10⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
8⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10764.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19909.exe
9⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
10⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27966.exe
11⤵
PID:13996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
11⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
10⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
7⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
6⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21476.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61844.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
10⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41990.exe
11⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
11⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
7⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54060.exe
8⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17138.exe
9⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50493.exe
10⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 220
10⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
9⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
8⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
7⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
6⤵
- Program crash
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
5⤵
- Program crash
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-24086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24086.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
7⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49104.exe
8⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe
10⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
11⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
11⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
10⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
8⤵
- Program crash
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-64049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64049.exe
7⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27589.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13219.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
10⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
11⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
10⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
7⤵
- Program crash
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18465.exe
6⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61460.exe
8⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42737.exe
9⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
10⤵
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 236
10⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
9⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
8⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
7⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
6⤵
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8304.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
6⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20900.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27013.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
9⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48217.exe
10⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
8⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
7⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
9⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12908.exe
10⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
10⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
9⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
8⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
7⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
6⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28719.exe
7⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43702.exe
8⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
9⤵
PID:11660

C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
10⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 220
9⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
8⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
7⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
6⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
5⤵
- Program crash
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50863.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59690.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16327.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31315.exe
7⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7277.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18134.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40049.exe
10⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32203.exe
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
10⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 216
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44781.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61304.exe
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
9⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51445.exe
10⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
10⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
9⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
8⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
7⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
6⤵
- Program crash
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
6⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42882.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26987.exe
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63546.exe
9⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17299.exe
10⤵
PID:11404

C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9206.exe
11⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
10⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
9⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
7⤵
- Program crash
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45575.exe
6⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52093.exe
7⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-46914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46914.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62690.exe
9⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
10⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
10⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
9⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
8⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-16550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16550.exe
7⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
8⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53199.exe
9⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
9⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
8⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 220
7⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
6⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
5⤵
- Program crash
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25434.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52674.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41106.exe
6⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58616.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35202.exe
8⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58279.exe
9⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-573.exe
10⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
10⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
9⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
7⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 236
6⤵
- Program crash
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26633.exe
5⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9778.exe
6⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
7⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
8⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
9⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
9⤵
PID:14144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
8⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
7⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
6⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
5⤵
- Program crash
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
4⤵
- Program crash
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
2⤵
- Program crash
PID:2720

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-29161.exe

Filesize
184KB

MD5
3c6ff1352782a5b7c2ed025a2eba8e35

SHA1
ecc42e1a77825a3a352da101894411868766a586

SHA256
4cf4b73e3a8ed9ab96bed1411564b4f3b6bed4c5219261670268a4054021161c

SHA512
e8abbfb9bfc89b26254f6f21012c94848538dbd39a7c28c202726a3f7042e33b11337a6104b6457004e4861f9ef3e3e075867893fb34ec562764cd01f78d9d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe

Filesize
184KB

MD5
f12f4fdab1fced669f3cc69328d5e699

SHA1
f53c94981608f3d3d80602dafd998a6fca63d830

SHA256
6153c33a836bf87b6df03b1589a080ee5c25444d04d9c2118c54e53d5e28a0bb

SHA512
f1b979b8e377ce51073c3619c80f944864e26c9b4ec430cc496e323527be2b8769b9f56213fe1cbd61e6c2a1cf5292bf35d9712118565f60dc17c7efd16d15f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36769.exe

Filesize
184KB

MD5
737f982c00e6fd57493dab9661947873

SHA1
480f3f4eb60b34ee323495fb75a08688841ee13b

SHA256
81f86a596d066a52d8f71892ff847f05fcaf8e7844521a75d86dd3edf2b4b9a1

SHA512
746a83c50863cc1badd31de8492c1671d64701cb57de6f790c2dc11557ccd64c66569876e9e0df85d43a19fe35b08a1653b88ae7b004926612f69014289863b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36795.exe

Filesize
184KB

MD5
b371a031970ead41e0262cf4a089613b

SHA1
cb9bdf776421e40a83d21943f845376fac28336a

SHA256
222fc0e31510d1961dc30d1c772a203e83141a5e3a7e8c134249557a7121dbf5

SHA512
1aee8456ba865bc4ed404e213fa5d4aec1450a885d1cd8b5eff8602742719d9601996dd9e9a6efd8cc8698a4393bc62b5d692160e9f8c2ac2ce0ab2162da47c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe

Filesize
184KB

MD5
8a0780df1e06066d63af402547bc83d3

SHA1
5762eff93d2b412a47468c13be412fd9da74d85f

SHA256
44ebf3c99d8772c42e03207f95c566185a2de7ff214ba8a14cc9e7efa57451e3

SHA512
1737c0cd36cae54a619b93eca6a0acee7cff0fb0de1217834c89dfcfcac214fda4472583f2c94ecd8f703061a704eabf3be34ec3ba6c36a8fe9b492f8a2dd354

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47644.exe

Filesize
184KB

MD5
20368f171a7861eee73b91b4d0379e31

SHA1
c924395613aaea29cd1302eabde399449f9adcbe

SHA256
f59447732ea12c5c385b0ecc87d11822967905175648297d80d390dae5e501cd

SHA512
cb476a01530d7555e10f5b813feed024a855759559e0feff7ddeb97a055c6892d5c4640a8250b6609a66c493c4b159ca1e10369684ea5add2dc98fe080b09250

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe

Filesize
184KB

MD5
9679a2e0e70255fe7f98f07637511896

SHA1
d9d46fe60319dbfa841a968f62248f48aac293c5

SHA256
541d82fd8c4d6ca20758bed6b1ea1afb5f00b7640dc4bd715dd9b144187747d2

SHA512
5fff36e43a73b3a56f0f4a3ccb23f10d674253dc22be4a8ffbbffd7bfcc45b46eec45e6cde24c3dd20665e451dd2b67260da66570ee176a22a9d3d971d52756e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51341.exe

Filesize
184KB

MD5
0e21f9e2a4430aa2380e84b59134be65

SHA1
58fc2fd42559d7952180eff34fc1e7ad37bb7e30

SHA256
3e1e187af9b8e8adc68863b1c4d8640633ac97063b9699f75fd7ec5b7875dc56

SHA512
d8a8a58879434cf4a8825a5f092b17315fdb4f4ba210c5ec5940e91d99392e5eb624a98cc286275565b6b53d45c31ae50ef8ffee486ed5300631fd72a836a9be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61449.exe

Filesize
184KB

MD5
04badd2cb0b18c1e177179c1520e4bc7

SHA1
e6ad3175d60c9991e8d265cdfd79c76976667d4c

SHA256
ac5f775ede309844a855176773b0427f6589693834d98337a28d1f541eb2a58c

SHA512
dd26c4fa1b429e3d06a04f84dd98b43ee4cb50a5d1f08d982b6fe5332daddf13d9ae168436dc25fc3ed79280eda0f5b55658bcd0a67b3c65ce0c8a0529bc7d9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16764.exe

Filesize
184KB

MD5
a64c59227648b783f7092d51e100ca64

SHA1
784b8332815f793f868404ffbedbe9a438c92be6

SHA256
61d411a9b0befd3e625884c6ec8a7d025dce38de41d64e2fb876b31b4bfac35e

SHA512
f9aa35c008a8a8ba00d39e274efeebc2ac2e4a865dd57d5ef0c1c7b561d833d48d672de33bac91577f2036580ee7dc1d90811d67e66e181961b24f1dc0771e35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17999.exe

Filesize
184KB

MD5
cea32d6e79f5b2e03a77214b0a735500

SHA1
58bddcb0b23388f1c24442efef52c9d817091024

SHA256
bf722a6d9add1cf43ecbc1a90f9ba3c5b9f7977681daf6fcf2460bfc819821be

SHA512
7c88e7180e0058cf74d59b9677c0892fb39d269b62636e3747742a6e9b338da6f8a0711bf3a57275c59e6020304b1016967b8a27c885d07d86f269964505df20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18470.exe

Filesize
184KB

MD5
67a0836ede3bcbc1bf4c75a92d41e893

SHA1
7951fd886feba105a1d0c96a0bdb14779be9ed1b

SHA256
8e915895d728181f1aab8dc5fdfe1d91ff44941c6a3984e2e218c4056f7118db

SHA512
cdfeb77ca355dd481abd2f73d838cb34153b845ba43955cf1ce5eb62c7741bce3b22cc15e0d09f30dfc46eb9d7cb4f2d27894254b532d4277138b85a5ce7b6a4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18772.exe

Filesize
184KB

MD5
e80d91b6c2fcface89c73546bc076d77

SHA1
4b3f2d52fcd31f38b2c59452868bca2504032384

SHA256
ede09605d9f6ec62f8f65206d76864afa2f42e387002d8d2648e1db72a89c232

SHA512
5fed92abbfbce7f25e5c43950a45a00c1ce39b3e813ecafe8f730f11f479306be3f25ef58b5f1b2c8b9ae93d60831d24134452428cb5a05b334929bfc3af7da2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe

Filesize
184KB

MD5
fe6a3ea5c371f09c871e7b44280734e3

SHA1
5d2e37b8f9dbe8a6a1fdd09a1139234c0211900f

SHA256
c5c53f3e143667d2eda59434cf1179f465c194c3ad1043eec5edbb3d91f50ee1

SHA512
afb53bec9e486ab5de937088992f670a2f0d0bc705ecac28df43f90345984122da0b2d6e5e73d5a2df133da1388f3b9a9b3da068df7daff229b1e55a97c1181c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe

Filesize
184KB

MD5
99da4a02099186cfcc3b0e9308a0142c

SHA1
d4b4587730224a06219dff35ca40fc9f0c2a6b9e

SHA256
9a6666e1503b93c82b011a8d90fcdbcd1a306967479e102a0cad96b1e7c72fee

SHA512
d1a29fab17b8922853906a01c10953028929d256e20507eeca4cf0b758af35e79f83c2d10f7cf005ed341917563477f6226b37539530f80789d33192e915d1ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3525.exe

Filesize
184KB

MD5
01fdc6b62a2b69ad51eb379eb2049cb9

SHA1
48d0fcfbf522a8518e23f947225f61a82b08d8ad

SHA256
978f10c757f0042b7541f332597794df766ce3cb76e8652451d0d9d7f890f10f

SHA512
a42467b6e2d043223423214c23f9def688b0f7c78c890e8cf85c13d479d95a18aa623b405aee9dc5d8460b6bc73e352f96c25d4b84cf3d86ca21546122fc5a91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38611.exe

Filesize
184KB

MD5
9c417adafd1c313ac7493fba1380d211

SHA1
2cd5b2c08205f319302c9bde3f40f70cadc49227

SHA256
2caa258c6c921aec07c53969ffcf90b53f4c3beedf69b8456389be1006d30625

SHA512
a7ea1291b625e2d8b92e8cb0118333faa8eedf4c7a5c634c822632a93ff358c0c8136041a0f8018ad94c35b3b570b5a09b7e1d3fd8e04a792174fe78b4cc470c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe

Filesize
184KB

MD5
6c5ee9790e4dab831f06e4d0bb53b4ce

SHA1
1f3ee667f3261d9e57faf6703c21037ba0cb1216

SHA256
8429744107f7353a57e437bca32f783af20077b7e4d7f3b63d13df26c9c42dda

SHA512
a4a8563641f3c27783d2e097ef2f1ab4854853c2e229143b9669953676814fc1c74baf33d51e79295668af31a497193fa5a1ccf8fd1dbf922ffafe053a5846b1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46504.exe

Filesize
184KB

MD5
13f95e90a524188f3d7a3d875489c5e1

SHA1
0684393c2ab31f4217da1a5b845164b3e2ffe051

SHA256
700fbbbe5f72fa5541020f83c2672e4fdb75ccbeeeac5ef0afb45a7f9cf21ba4

SHA512
bc2ca9ac5accbab3e3367e81d94a6a50b6594f60e917f12a77a486d1a748e2d712f26804183c89d0f0b3f3f4ee15be2d107f7b5e34ef810888178cba3483201e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9150.exe

Filesize
184KB

MD5
6b00bb89db18c238a5bfbaf0952e5a60

SHA1
ba81097fecb62124395eea3c62179d40b884ed77

SHA256
7f150cf46a7f9d451a8af69983c38ec3dc16c16064655ce7b3cacd5a1038a0f9

SHA512
b9d9ecc51d66b08493ee8de904531759297f76ae0cf3801d1958c0d7a7757662191b78a39c557de6e680915562ae000feacb462c93f6d99bd70afa4786023448

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9295.exe

Filesize
184KB

MD5
bd5230eea1b2ba36f92a877c60d919cd

SHA1
15d2759cd244af5130d7a2cfa91a214feb48be34

SHA256
54bc8b8c0316578d511890eeec6ba781bf7974576e37d87ced8ca25cf1fbeba7

SHA512
b616c118bea477cb81a18e1ed33ab57c6ffdba0cf5876b7770f2d7d99b0afd439939203ce05ca5fedaae1ff7ec2a47e07e96e5d7bea20dcad3870e6fe650686f

Download Submit