9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
Size

184KB
MD5

18aa818d91d3c0e61a6860845e6c3eed
SHA1

a3bba637a863745262bfee783d681ba3a7429706
SHA256

9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d
SHA512

82bb290709aeba82e24e56210336739f92bdf76e89b2c22feb5257c43b2488dbdaf62d897ede6c09db5de5da2aa0bb8766a489250b92b619bcafd5fbfb4b13fe
SSDEEP

3072:qVm3T8o379hcdFa7exuLdtsahlnViFJn3:qVVo7IFaRLXsahlnViFJ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-7751.exeUnicorn-7246.exeUnicorn-52918.exeUnicorn-3513.exeUnicorn-7037.exeUnicorn-23362.exeUnicorn-3460.exeUnicorn-49132.exeUnicorn-13850.exeUnicorn-49901.exeUnicorn-18459.exeUnicorn-57161.exeUnicorn-54509.exeUnicorn-21514.exeUnicorn-47964.exeUnicorn-19193.exeUnicorn-6604.exeUnicorn-34678.exeUnicorn-23626.exeUnicorn-7564.exeUnicorn-53236.exeUnicorn-3743.exeUnicorn-3743.exeUnicorn-22580.exeUnicorn-22580.exeUnicorn-53847.exeUnicorn-40910.exeUnicorn-3447.exeUnicorn-64148.exeUnicorn-33230.exeUnicorn-65388.exeUnicorn-24765.exeUnicorn-44631.exeUnicorn-5018.exeUnicorn-60031.exeUnicorn-31381.exeUnicorn-62875.exeUnicorn-58495.exeUnicorn-52050.exeUnicorn-45122.exeUnicorn-64987.exeUnicorn-63679.exeUnicorn-54598.exeUnicorn-37001.exeUnicorn-43585.exeUnicorn-55558.exeUnicorn-55558.exeUnicorn-55558.exeUnicorn-48630.exeUnicorn-37577.exeUnicorn-17711.exeUnicorn-65110.exeUnicorn-29183.exeUnicorn-14046.exeUnicorn-57606.exeUnicorn-11934.exeUnicorn-63574.exeUnicorn-31731.exeUnicorn-51597.exeUnicorn-48317.exeUnicorn-2645.exeUnicorn-62790.exeUnicorn-53709.exeUnicorn-5193.exe

pid	process
2520	Unicorn-7751.exe
2568	Unicorn-7246.exe
2992	Unicorn-52918.exe
1584	Unicorn-3513.exe
2480	Unicorn-7037.exe
2220	Unicorn-23362.exe
2680	Unicorn-3460.exe
2684	Unicorn-49132.exe
1832	Unicorn-13850.exe
1900	Unicorn-49901.exe
2380	Unicorn-18459.exe
1028	Unicorn-57161.exe
1660	Unicorn-54509.exe
1392	Unicorn-21514.exe
576	Unicorn-47964.exe
384	Unicorn-19193.exe
1508	Unicorn-6604.exe
908	Unicorn-34678.exe
752	Unicorn-23626.exe
2976	Unicorn-7564.exe
2232	Unicorn-53236.exe
1936	Unicorn-3743.exe
1752	Unicorn-3743.exe
1376	Unicorn-22580.exe
1932	Unicorn-22580.exe
704	Unicorn-53847.exe
2160	Unicorn-40910.exe
1980	Unicorn-3447.exe
888	Unicorn-64148.exe
2136	Unicorn-33230.exe
3048	Unicorn-65388.exe
2524	Unicorn-24765.exe
2176	Unicorn-44631.exe
2712	Unicorn-5018.exe
2724	Unicorn-60031.exe
2904	Unicorn-31381.exe
2424	Unicorn-62875.exe
2780	Unicorn-58495.exe
2668	Unicorn-52050.exe
2876	Unicorn-45122.exe
2332	Unicorn-64987.exe
1220	Unicorn-63679.exe
776	Unicorn-54598.exe
1444	Unicorn-37001.exe
1604	Unicorn-43585.exe
2312	Unicorn-55558.exe
1608	Unicorn-55558.exe
2360	Unicorn-55558.exe
2116	Unicorn-48630.exe
2960	Unicorn-37577.exe
2416	Unicorn-17711.exe
2080	Unicorn-65110.exe
2832	Unicorn-29183.exe
960	Unicorn-14046.exe
1252	Unicorn-57606.exe
2000	Unicorn-11934.exe
1736	Unicorn-63574.exe
1632	Unicorn-31731.exe
1612	Unicorn-51597.exe
2736	Unicorn-48317.exe
2600	Unicorn-2645.exe
2608	Unicorn-62790.exe
2488	Unicorn-53709.exe
2772	Unicorn-5193.exe

Loads dropped DLL 64 IoCs

Processes:

9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exeUnicorn-7751.exeUnicorn-52918.exeWerFault.exeUnicorn-3513.exeUnicorn-7037.exeWerFault.exeUnicorn-23362.exeUnicorn-49132.exeUnicorn-3460.exeWerFault.exeWerFault.exeUnicorn-49901.exeUnicorn-13850.exeUnicorn-57161.exeUnicorn-18459.exeUnicorn-54509.exeWerFault.exe

pid	process
2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
2520	Unicorn-7751.exe
2520	Unicorn-7751.exe
2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
2520	Unicorn-7751.exe
2520	Unicorn-7751.exe
2992	Unicorn-52918.exe
2992	Unicorn-52918.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
1584	Unicorn-3513.exe
1584	Unicorn-3513.exe
2992	Unicorn-52918.exe
2480	Unicorn-7037.exe
2480	Unicorn-7037.exe
2992	Unicorn-52918.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2392	WerFault.exe
2220	Unicorn-23362.exe
2220	Unicorn-23362.exe
1584	Unicorn-3513.exe
1584	Unicorn-3513.exe
2684	Unicorn-49132.exe
2684	Unicorn-49132.exe
2680	Unicorn-3460.exe
2680	Unicorn-3460.exe
2480	Unicorn-7037.exe
2480	Unicorn-7037.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
2272	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1652	WerFault.exe
1900	Unicorn-49901.exe
1900	Unicorn-49901.exe
1832	Unicorn-13850.exe
1832	Unicorn-13850.exe
2220	Unicorn-23362.exe
2220	Unicorn-23362.exe
1028	Unicorn-57161.exe
1028	Unicorn-57161.exe
2680	Unicorn-3460.exe
2680	Unicorn-3460.exe
2380	Unicorn-18459.exe
2380	Unicorn-18459.exe
1660	Unicorn-54509.exe
1660	Unicorn-54509.exe
2684	Unicorn-49132.exe
2684	Unicorn-49132.exe
2996	WerFault.exe
2996	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2444	2940	WerFault.exe	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
2512	2520	WerFault.exe	Unicorn-7751.exe
2392	2992	WerFault.exe	Unicorn-52918.exe
2272	1584	WerFault.exe	Unicorn-3513.exe
1652	2480	WerFault.exe	Unicorn-7037.exe
2996	2220	WerFault.exe	Unicorn-23362.exe
1664	2684	WerFault.exe	Unicorn-49132.exe
1356	2680	WerFault.exe	Unicorn-3460.exe
2852	908	WerFault.exe	Unicorn-34678.exe
2968	1900	WerFault.exe	Unicorn-49901.exe
2592	1832	WerFault.exe	Unicorn-13850.exe
2744	1028	WerFault.exe	Unicorn-57161.exe
2572	2380	WerFault.exe	Unicorn-18459.exe
2888	1660	WerFault.exe	Unicorn-54509.exe
1500	1392	WerFault.exe	Unicorn-21514.exe
968	576	WerFault.exe	Unicorn-47964.exe
2084	384	WerFault.exe	Unicorn-19193.exe
2408	1508	WerFault.exe	Unicorn-6604.exe
1004	2976	WerFault.exe	Unicorn-7564.exe
1964	2232	WerFault.exe	Unicorn-53236.exe
2280	752	WerFault.exe	Unicorn-23626.exe
2912	1752	WerFault.exe	Unicorn-3743.exe
1792	1376	WerFault.exe	Unicorn-22580.exe
2576	1936	WerFault.exe	Unicorn-3743.exe
1956	2160	WerFault.exe	Unicorn-40910.exe
2916	1932	WerFault.exe	Unicorn-22580.exe
2800	704	WerFault.exe	Unicorn-53847.exe
1216	1980	WerFault.exe	Unicorn-3447.exe
2012	2136	WerFault.exe	Unicorn-33230.exe
1704	888	WerFault.exe	Unicorn-64148.exe
1256	3048	WerFault.exe	Unicorn-65388.exe
556	2524	WerFault.exe	Unicorn-24765.exe
1644	2176	WerFault.exe	Unicorn-44631.exe
3296	2120	WerFault.exe	Unicorn-585.exe
3320	2712	WerFault.exe	Unicorn-5018.exe
3344	2724	WerFault.exe	Unicorn-60031.exe
3368	2904	WerFault.exe	Unicorn-31381.exe
3392	2424	WerFault.exe	Unicorn-62875.exe
3408	2780	WerFault.exe	Unicorn-58495.exe
3440	2668	WerFault.exe	Unicorn-52050.exe
3532	2876	WerFault.exe	Unicorn-45122.exe
3552	2332	WerFault.exe	Unicorn-64987.exe
3648	1220	WerFault.exe	Unicorn-63679.exe
3728	2116	WerFault.exe	Unicorn-48630.exe
3756	2416	WerFault.exe	Unicorn-17711.exe
3748	1444	WerFault.exe	Unicorn-37001.exe
3788	776	WerFault.exe	Unicorn-54598.exe
3796	2312	WerFault.exe	Unicorn-55558.exe
3824	2960	WerFault.exe	Unicorn-37577.exe
3848	1604	WerFault.exe	Unicorn-43585.exe
3872	1608	WerFault.exe	Unicorn-55558.exe
3904	2360	WerFault.exe	Unicorn-55558.exe
3208	2080	WerFault.exe	Unicorn-65110.exe
3744	2832	WerFault.exe	Unicorn-29183.exe
3696	1252	WerFault.exe	Unicorn-57606.exe
3620	2756	WerFault.exe	Unicorn-61254.exe
3152	2784	WerFault.exe	Unicorn-32080.exe
4120	1336	WerFault.exe	Unicorn-58618.exe
4148	1612	WerFault.exe	Unicorn-51597.exe
4164	2772	WerFault.exe	Unicorn-5193.exe
4228	2372	WerFault.exe	Unicorn-10102.exe
4300	960	WerFault.exe	Unicorn-14046.exe
4308	2488	WerFault.exe	Unicorn-53709.exe
4408	2600	WerFault.exe	Unicorn-2645.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exeUnicorn-7751.exeUnicorn-7246.exeUnicorn-52918.exeUnicorn-3513.exeUnicorn-7037.exeUnicorn-23362.exeUnicorn-49132.exeUnicorn-3460.exeUnicorn-49901.exeUnicorn-13850.exeUnicorn-18459.exeUnicorn-57161.exeUnicorn-54509.exeUnicorn-21514.exeUnicorn-47964.exeUnicorn-19193.exeUnicorn-6604.exeUnicorn-34678.exeUnicorn-23626.exeUnicorn-7564.exeUnicorn-53236.exeUnicorn-3743.exeUnicorn-3743.exeUnicorn-22580.exeUnicorn-22580.exeUnicorn-53847.exeUnicorn-40910.exeUnicorn-3447.exeUnicorn-33230.exeUnicorn-64148.exeUnicorn-65388.exeUnicorn-24765.exeUnicorn-44631.exeUnicorn-5018.exeUnicorn-60031.exeUnicorn-31381.exeUnicorn-62875.exeUnicorn-58495.exeUnicorn-52050.exeUnicorn-45122.exeUnicorn-64987.exeUnicorn-63679.exeUnicorn-54598.exeUnicorn-37001.exeUnicorn-55558.exeUnicorn-43585.exeUnicorn-55558.exeUnicorn-55558.exeUnicorn-37577.exeUnicorn-48630.exeUnicorn-17711.exeUnicorn-65110.exeUnicorn-29183.exeUnicorn-14046.exeUnicorn-57606.exeUnicorn-11934.exeUnicorn-31731.exeUnicorn-63574.exeUnicorn-51597.exeUnicorn-48317.exeUnicorn-2645.exeUnicorn-62790.exeUnicorn-53709.exe

pid	process
2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
2520	Unicorn-7751.exe
2568	Unicorn-7246.exe
2992	Unicorn-52918.exe
1584	Unicorn-3513.exe
2480	Unicorn-7037.exe
2220	Unicorn-23362.exe
2684	Unicorn-49132.exe
2680	Unicorn-3460.exe
1900	Unicorn-49901.exe
1832	Unicorn-13850.exe
2380	Unicorn-18459.exe
1028	Unicorn-57161.exe
1660	Unicorn-54509.exe
1392	Unicorn-21514.exe
576	Unicorn-47964.exe
384	Unicorn-19193.exe
1508	Unicorn-6604.exe
908	Unicorn-34678.exe
752	Unicorn-23626.exe
2976	Unicorn-7564.exe
2232	Unicorn-53236.exe
1752	Unicorn-3743.exe
1936	Unicorn-3743.exe
1932	Unicorn-22580.exe
1376	Unicorn-22580.exe
704	Unicorn-53847.exe
2160	Unicorn-40910.exe
1980	Unicorn-3447.exe
2136	Unicorn-33230.exe
888	Unicorn-64148.exe
3048	Unicorn-65388.exe
2524	Unicorn-24765.exe
2176	Unicorn-44631.exe
2712	Unicorn-5018.exe
2724	Unicorn-60031.exe
2904	Unicorn-31381.exe
2424	Unicorn-62875.exe
2780	Unicorn-58495.exe
2668	Unicorn-52050.exe
2876	Unicorn-45122.exe
2332	Unicorn-64987.exe
1220	Unicorn-63679.exe
776	Unicorn-54598.exe
1444	Unicorn-37001.exe
1608	Unicorn-55558.exe
1604	Unicorn-43585.exe
2312	Unicorn-55558.exe
2360	Unicorn-55558.exe
2960	Unicorn-37577.exe
2116	Unicorn-48630.exe
2416	Unicorn-17711.exe
2080	Unicorn-65110.exe
2832	Unicorn-29183.exe
960	Unicorn-14046.exe
1252	Unicorn-57606.exe
2000	Unicorn-11934.exe
1632	Unicorn-31731.exe
1736	Unicorn-63574.exe
1612	Unicorn-51597.exe
2736	Unicorn-48317.exe
2600	Unicorn-2645.exe
2608	Unicorn-62790.exe
2488	Unicorn-53709.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exeUnicorn-7751.exeUnicorn-52918.exeUnicorn-3513.exeUnicorn-7037.exeUnicorn-23362.exeUnicorn-49132.exeUnicorn-3460.exe

description	pid	process	target process
PID 2940 wrote to memory of 2520	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-7751.exe
PID 2940 wrote to memory of 2520	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-7751.exe
PID 2940 wrote to memory of 2520	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-7751.exe
PID 2940 wrote to memory of 2520	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-7751.exe
PID 2520 wrote to memory of 2568	2520	Unicorn-7751.exe	Unicorn-7246.exe
PID 2520 wrote to memory of 2568	2520	Unicorn-7751.exe	Unicorn-7246.exe
PID 2520 wrote to memory of 2568	2520	Unicorn-7751.exe	Unicorn-7246.exe
PID 2520 wrote to memory of 2568	2520	Unicorn-7751.exe	Unicorn-7246.exe
PID 2940 wrote to memory of 2992	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-52918.exe
PID 2940 wrote to memory of 2992	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-52918.exe
PID 2940 wrote to memory of 2992	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-52918.exe
PID 2940 wrote to memory of 2992	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	Unicorn-52918.exe
PID 2940 wrote to memory of 2444	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	WerFault.exe
PID 2940 wrote to memory of 2444	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	WerFault.exe
PID 2940 wrote to memory of 2444	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	WerFault.exe
PID 2940 wrote to memory of 2444	2940	9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe	WerFault.exe
PID 2520 wrote to memory of 1584	2520	Unicorn-7751.exe	Unicorn-3513.exe
PID 2520 wrote to memory of 1584	2520	Unicorn-7751.exe	Unicorn-3513.exe
PID 2520 wrote to memory of 1584	2520	Unicorn-7751.exe	Unicorn-3513.exe
PID 2520 wrote to memory of 1584	2520	Unicorn-7751.exe	Unicorn-3513.exe
PID 2992 wrote to memory of 2480	2992	Unicorn-52918.exe	Unicorn-7037.exe
PID 2992 wrote to memory of 2480	2992	Unicorn-52918.exe	Unicorn-7037.exe
PID 2992 wrote to memory of 2480	2992	Unicorn-52918.exe	Unicorn-7037.exe
PID 2992 wrote to memory of 2480	2992	Unicorn-52918.exe	Unicorn-7037.exe
PID 2520 wrote to memory of 2512	2520	Unicorn-7751.exe	WerFault.exe
PID 2520 wrote to memory of 2512	2520	Unicorn-7751.exe	WerFault.exe
PID 2520 wrote to memory of 2512	2520	Unicorn-7751.exe	WerFault.exe
PID 2520 wrote to memory of 2512	2520	Unicorn-7751.exe	WerFault.exe
PID 1584 wrote to memory of 2220	1584	Unicorn-3513.exe	Unicorn-23362.exe
PID 1584 wrote to memory of 2220	1584	Unicorn-3513.exe	Unicorn-23362.exe
PID 1584 wrote to memory of 2220	1584	Unicorn-3513.exe	Unicorn-23362.exe
PID 1584 wrote to memory of 2220	1584	Unicorn-3513.exe	Unicorn-23362.exe
PID 2480 wrote to memory of 2680	2480	Unicorn-7037.exe	Unicorn-3460.exe
PID 2480 wrote to memory of 2680	2480	Unicorn-7037.exe	Unicorn-3460.exe
PID 2480 wrote to memory of 2680	2480	Unicorn-7037.exe	Unicorn-3460.exe
PID 2480 wrote to memory of 2680	2480	Unicorn-7037.exe	Unicorn-3460.exe
PID 2992 wrote to memory of 2684	2992	Unicorn-52918.exe	Unicorn-49132.exe
PID 2992 wrote to memory of 2684	2992	Unicorn-52918.exe	Unicorn-49132.exe
PID 2992 wrote to memory of 2684	2992	Unicorn-52918.exe	Unicorn-49132.exe
PID 2992 wrote to memory of 2684	2992	Unicorn-52918.exe	Unicorn-49132.exe
PID 2992 wrote to memory of 2392	2992	Unicorn-52918.exe	WerFault.exe
PID 2992 wrote to memory of 2392	2992	Unicorn-52918.exe	WerFault.exe
PID 2992 wrote to memory of 2392	2992	Unicorn-52918.exe	WerFault.exe
PID 2992 wrote to memory of 2392	2992	Unicorn-52918.exe	WerFault.exe
PID 2220 wrote to memory of 1832	2220	Unicorn-23362.exe	Unicorn-13850.exe
PID 2220 wrote to memory of 1832	2220	Unicorn-23362.exe	Unicorn-13850.exe
PID 2220 wrote to memory of 1832	2220	Unicorn-23362.exe	Unicorn-13850.exe
PID 2220 wrote to memory of 1832	2220	Unicorn-23362.exe	Unicorn-13850.exe
PID 1584 wrote to memory of 1900	1584	Unicorn-3513.exe	Unicorn-49901.exe
PID 1584 wrote to memory of 1900	1584	Unicorn-3513.exe	Unicorn-49901.exe
PID 1584 wrote to memory of 1900	1584	Unicorn-3513.exe	Unicorn-49901.exe
PID 1584 wrote to memory of 1900	1584	Unicorn-3513.exe	Unicorn-49901.exe
PID 2684 wrote to memory of 2380	2684	Unicorn-49132.exe	Unicorn-18459.exe
PID 2684 wrote to memory of 2380	2684	Unicorn-49132.exe	Unicorn-18459.exe
PID 2684 wrote to memory of 2380	2684	Unicorn-49132.exe	Unicorn-18459.exe
PID 2684 wrote to memory of 2380	2684	Unicorn-49132.exe	Unicorn-18459.exe
PID 2680 wrote to memory of 1028	2680	Unicorn-3460.exe	Unicorn-57161.exe
PID 2680 wrote to memory of 1028	2680	Unicorn-3460.exe	Unicorn-57161.exe
PID 2680 wrote to memory of 1028	2680	Unicorn-3460.exe	Unicorn-57161.exe
PID 2680 wrote to memory of 1028	2680	Unicorn-3460.exe	Unicorn-57161.exe
PID 2480 wrote to memory of 1660	2480	Unicorn-7037.exe	Unicorn-54509.exe
PID 2480 wrote to memory of 1660	2480	Unicorn-7037.exe	Unicorn-54509.exe
PID 2480 wrote to memory of 1660	2480	Unicorn-7037.exe	Unicorn-54509.exe
PID 2480 wrote to memory of 1660	2480	Unicorn-7037.exe	Unicorn-54509.exe

C:\Users\Admin\AppData\Local\Temp\9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe
"C:\Users\Admin\AppData\Local\Temp\9690c65b3f326122c289697cefc13270b9983ad25a8bb7c975cb9e645816402d.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47964.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65110.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
10⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
11⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
12⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10805.exe
13⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40368.exe
14⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44730.exe
15⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6702.exe
16⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
16⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
15⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
14⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
13⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
12⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
13⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
14⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13678.exe
15⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 236
14⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
13⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 240
12⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63945.exe
11⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43243.exe
12⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
13⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
14⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40498.exe
15⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 236
14⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 220
13⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
12⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
11⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
10⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23339.exe
11⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24494.exe
12⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
13⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44258.exe
14⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
15⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
14⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
13⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
12⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
10⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19895.exe
9⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
10⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56805.exe
11⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
12⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9114.exe
13⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
14⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 216
14⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
13⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
12⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
11⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
10⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9200.exe
11⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
12⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48656.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 236
13⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
12⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
11⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
10⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
9⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29183.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8863.exe
9⤵
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
10⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48092.exe
11⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7558.exe
12⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
13⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6805.exe
14⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51544.exe
15⤵
PID:2132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
15⤵
PID:14008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
14⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
13⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
12⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
11⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29186.exe
10⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
11⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26646.exe
12⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50754.exe
12⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29548.exe
13⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9737.exe
14⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 220
14⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
13⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 212
12⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
11⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56194.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43920.exe
10⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
11⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12531.exe
12⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
13⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
14⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
14⤵
PID:13436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 236
13⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
12⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
11⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
9⤵
- Program crash
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
8⤵
- Program crash
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60031.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56017.exe
9⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38421.exe
10⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59720.exe
11⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60722.exe
12⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
13⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 236
13⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
12⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
11⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42042.exe
11⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
12⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24944.exe
13⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 236
13⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 236
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 220
9⤵
- Program crash
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
7⤵
- Program crash
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11934.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
9⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2544.exe
10⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
11⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7149.exe
12⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40723.exe
13⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9037.exe
14⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
14⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 236
13⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
12⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
11⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 216
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23546.exe
11⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30867.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
8⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56720.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32374.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
12⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
9⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
- Program crash
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57606.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7486.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38264.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60598.exe
10⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
11⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63575.exe
12⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 236
12⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
11⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
9⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
8⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
7⤵
- Program crash
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
6⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19193.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-53847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53847.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64987.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5193.exe
8⤵
- Executes dropped EXE
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
9⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47637.exe
10⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6352.exe
11⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7649.exe
12⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43505.exe
13⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61899.exe
14⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 236
14⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 236
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
11⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56072.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6637.exe
11⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51527.exe
12⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6750.exe
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 236
13⤵
PID:13656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 236
12⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
9⤵
- Program crash
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
8⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61254.exe
7⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29131.exe
8⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39314.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60146.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10163.exe
12⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31110.exe
13⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
13⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
12⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 216
9⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
8⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
7⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63679.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45453.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
8⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40326.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
11⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55111.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-748.exe
13⤵
PID:13948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12637.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
9⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35184.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
11⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 220
10⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-44394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44394.exe
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
11⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
9⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
7⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 240
6⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21514.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3743.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62875.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
9⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10574.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe
11⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36297.exe
12⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9454.exe
13⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22741.exe
14⤵
PID:13864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 220
14⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
12⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
11⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
10⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54872.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60670.exe
11⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
12⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35088.exe
13⤵
PID:13408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11092 -s 216
13⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 220
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4657.exe
8⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45577.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56563.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
11⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41082.exe
12⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
13⤵
PID:13800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11204 -s 216
13⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 236
12⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
11⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
9⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
8⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31731.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46030.exe
8⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33151.exe
10⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62993.exe
11⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46601.exe
12⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36126.exe
13⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46650.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
11⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50546.exe
12⤵
PID:1316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
12⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 236
11⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
8⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
7⤵
- Program crash
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58495.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51597.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56648.exe
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43036.exe
10⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32906.exe
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
10⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 216
8⤵
- Program crash
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
7⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17929.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8856.exe
10⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52597.exe
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 236
11⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
10⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
8⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 220
6⤵
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22580.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7693.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24716.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18922.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
10⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
11⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
12⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 216
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
11⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54134.exe
7⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17962.exe
8⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40244.exe
9⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27496.exe
10⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5140.exe
11⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 236
11⤵
PID:13996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
10⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
9⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
8⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
6⤵
- Program crash
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
5⤵
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52050.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2645.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
10⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26252.exe
11⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36747.exe
12⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48222.exe
13⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11566.exe
14⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
14⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
13⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 216
12⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
11⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
10⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
11⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
12⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
13⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39701.exe
14⤵
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 236
14⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 236
13⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
12⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
10⤵
- Program crash
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34615.exe
9⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60294.exe
10⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39295.exe
11⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
12⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
13⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
14⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 216
14⤵
PID:13392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 236
13⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
12⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
11⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
10⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
9⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
9⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13353.exe
11⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
12⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17167.exe
13⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11197.exe
14⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 216
14⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 236
13⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
12⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14697.exe
9⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43748.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50369.exe
11⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53422.exe
12⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
13⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
13⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 236
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 216
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
9⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
8⤵
- Program crash
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53709.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11411.exe
9⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
11⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14579.exe
12⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19533.exe
13⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33602.exe
14⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 236
14⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
13⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
12⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
11⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14642.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63109.exe
10⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63081.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7950.exe
12⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
13⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 236
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
9⤵
- Program crash
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60731.exe
8⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63128.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48710.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
12⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10547.exe
13⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
13⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 236
12⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 236
11⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
9⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
8⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
7⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3447.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54598.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
9⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19374.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
11⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15002.exe
12⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19896.exe
13⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 236
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
12⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
11⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
10⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48792.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14332.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51310.exe
12⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39104.exe
13⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 236
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 236
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21346.exe
8⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
9⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3735.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38410.exe
11⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16308.exe
12⤵
PID:11016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
13⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11016 -s 216
13⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 236
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
10⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
9⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
8⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
7⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27595.exe
8⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
10⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19224.exe
11⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37228.exe
12⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
12⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 236
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
10⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40535.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5235.exe
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15053.exe
10⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39713.exe
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
11⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
7⤵
- Program crash
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
6⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34678.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 240
6⤵
- Program crash
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
5⤵
- Program crash
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7564.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
8⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
9⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18788.exe
11⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62041.exe
12⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41676.exe
13⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 236
13⤵
PID:13960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
12⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65045.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48356.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16275.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16022.exe
12⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17499.exe
13⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10592 -s 236
13⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
10⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 220
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
8⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57012.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37778.exe
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe
11⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
12⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16339.exe
13⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
13⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 236
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
11⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
9⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
8⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
7⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52421.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe
11⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
12⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-19105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19105.exe
13⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 216
13⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 236
12⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
11⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
9⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
8⤵
- Program crash
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
7⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48630.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49101.exe
7⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59513.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
11⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58967.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 236
11⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 236
9⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17262.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51011.exe
9⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23608.exe
10⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5091.exe
11⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9424.exe
12⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
12⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 236
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
10⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
8⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
6⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65388.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51649.exe
7⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
8⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23930.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
10⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16640.exe
11⤵
PID:6332

C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34579.exe
12⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32081.exe
13⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 236
13⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 236
11⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19357.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20565.exe
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
10⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62825.exe
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 236
11⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
10⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 240
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2021.exe
7⤵
PID:644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
7⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10102.exe
6⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48566.exe
7⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52040.exe
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
9⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9514.exe
10⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 236
11⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 236
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
9⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
8⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
7⤵
- Program crash
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
6⤵
- Program crash
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
5⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23626.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37577.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32080.exe
8⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 220
9⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9931.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46637.exe
11⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43001.exe
12⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 236
12⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
9⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
8⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19339.exe
8⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18798.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54031.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
11⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
12⤵
PID:11516

C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38784.exe
13⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
10⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35194.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-6074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6074.exe
10⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
11⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 236
11⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 220
8⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
7⤵
- Program crash
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17711.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
7⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41788.exe
8⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4080.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35509.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
11⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46814.exe
12⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45970.exe
13⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
13⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 236
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
10⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1044.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23585.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60445.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
10⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
7⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47220.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-191.exe
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28267.exe
10⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10111.exe
11⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65018.exe
12⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
12⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 236
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
8⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 220
7⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
6⤵
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24765.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
7⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
8⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54590.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40053.exe
11⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36680.exe
12⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22978.exe
13⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
12⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
11⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
9⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
8⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35051.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30967.exe
8⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 300
9⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
8⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
6⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56436.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18505.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
10⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3945.exe
11⤵
PID:12000

C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
12⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 236
11⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
10⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
8⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50852.exe
7⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22537.exe
8⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
9⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51753.exe
10⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
10⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
9⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
8⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
7⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
6⤵
- Program crash
PID:556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
5⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53236.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33230.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30196.exe
7⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33932.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60613.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
10⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13336.exe
11⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 236
11⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
8⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 216
7⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11638.exe
6⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41719.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
10⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
11⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45342.exe
12⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 216
12⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 216
11⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
10⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50276.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63144.exe
8⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
9⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37468.exe
10⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 236
10⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
9⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
8⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
7⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
6⤵
- Program crash
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43585.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12946.exe
6⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
7⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2108.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32610.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37244.exe
10⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56494.exe
11⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9332.exe
12⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
12⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
8⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51812.exe
7⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21577.exe
8⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27344.exe
9⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32072.exe
10⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31598.exe
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
11⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
10⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
9⤵
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
8⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
7⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
6⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2721.exe
7⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe
8⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54612.exe
9⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35491.exe
10⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
10⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 236
9⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 236
8⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
7⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
6⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
5⤵
- Program crash
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
4⤵
- Program crash
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
2⤵
- Program crash
PID:2444

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe

Filesize
184KB

MD5
5894a9007fd36c0c08b86d00434f2704

SHA1
10714b4e177aa3a0fed737ed9facf0cfb3b5f559

SHA256
4c92c0afcac30b90d7e37ebd17f59dd8f528cbbd643291e488469fbf47a26469

SHA512
25fc8aaf558037bd3d8ba121a365d1b6e9300a858c779c6c3ded651430cad154130576f8d9201b78da00da1908654a02ae3ccca13f08782da7482aad8c53b553

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe

Filesize
184KB

MD5
fa50dd00b436a4b63907987657b44202

SHA1
3ff60217abee79fda847548536e9d8a825c3b347

SHA256
deaeef3ae54073812fdaccdbfe04efe104c767c7ced256e1990c26dde8e72f00

SHA512
51d8a04ab79b6403a8dd2c781fac3aab494906452c5d25125262a804d9fdd58de63ea20a63fd682dd6e0ced5b9e00041ad7e2a81c1494e7053059e13e2ac6d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28012.exe

Filesize
184KB

MD5
decc123e6db6ba523960c2f45b793e2d

SHA1
189b0fb16e1ee6bd845ee69ee337cde50a5e67de

SHA256
4ecdcb60db5e069b772d70e47d209c97f312cd022d40c4d7de229a3a0da80528

SHA512
b01bb584d1318fed5e735f36e183b44c3bf6dd65ac02508b12b677f4ff16287e3aa6577abbd19a3ef60b754b81ef47f19f0193ebf9c61d39791085e2f6e4f41f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe

Filesize
184KB

MD5
bde36816e7948ee6a8b15cec19415889

SHA1
f050c40183ae118de01b91be5aaf98e907500084

SHA256
057feee387d9e06e26cf848f6ab31ccedf67c68cd9bca1fc50706d435491242d

SHA512
557d309e05b175c84d5e382d55b28c695cbf49b51420f2414d9a8c3c7c4ae2d5e539fb3468dfc002b03bc3c1770eff4626e9d1d8e50f24bab0ba66dcaf73736d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39405.exe

Filesize
184KB

MD5
90e27c51baac1c1e3c5015e882d59c74

SHA1
55216daa3d691bdb8af96ac2b46b3eb46d8f512c

SHA256
daf79dc6d37e11b593a27e2828940cef7a27d7c2e3c776a1d8b4b567d47588bd

SHA512
0bed2435cf574f0831057b76866297c168afb5c70b05cfbcb662641c03705ee59baa3fe25b01297f741937e1c56c507415561dcf70e3eeae4329ff40d222f3c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41355.exe

Filesize
184KB

MD5
4ee5df79f03377add5233357eec001a3

SHA1
9781450b85d6d66119450e1997f33a17a6ecd90e

SHA256
d18f2679d51c05a2c73db571d832e9ea31121f838671f158cfb5cb441d9f2a38

SHA512
6d8199752d5f4dbc985c872894b025917bf84439a2cfb75bdb87147bb1981aaf6e3334b69878c22924b8db2adf338baf83f020254cb80add9563abb0acd01dde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49901.exe

Filesize
184KB

MD5
7b70a0ca08b5bb6505c7e3fe339b3858

SHA1
116b0d449e6a40c6162b02bc26f0f28be2c5c959

SHA256
dddb2f864f95bd65e365b84c5bf3d1ccda2eb13e1ea09147a4503508eb1d9336

SHA512
17f53ae39f9a36fe1aede274527682553f1ad4a27c26633ab72fb4e72b375e5ffb2bbbc92ef7139eb8cc2b59e1b7eea7d9fc907cebf0aee4c2ef0ad8a8324088

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5050.exe

Filesize
184KB

MD5
4ef0c15c20ccfb661665d35e1d0fa2cc

SHA1
b80d13866e69b1b57e4396a77f220edeee26f0ef

SHA256
5189ad9d3cb04262b9887d3f6f26873470577bade974cae1b69bdbb930137c9e

SHA512
2f035afb5c36e1581d967058ee3915944edbfeb7b9c2d99feedac6b24fffc292c2207bd0a85bd6f59a6298f4bd232f4c599b5bf31185b5af4ddc6d5b91e92df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe

Filesize
184KB

MD5
a58a04c58042dc8eb94ce6319acdf659

SHA1
c9679227cb0a712109f98581013ea4bb4b836c57

SHA256
449b83d8ead291722cb192421e7580f87b3ccc5bf62f72dd52f8e40b9f9a5dbf

SHA512
e7d6b9af74a577877b9059c11429320146fcc7b3c72825229c489611db58ea5eed6a3660b15ef9eb0c37d18861dd6ccec633f5d8a0ff574a3d0474e07a916f13

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe

Filesize
184KB

MD5
447bde1c4853ff8b9241f38906b179dc

SHA1
1865b771ffe9a361e72eeb8349b454f5d9d16c18

SHA256
bde0d18a3d5fb4b3ddcb0a72a3ec6ea8c1953ee0a748970ca6531f0d53960d29

SHA512
3e939c3b52cbc4353a7ec74acd9f3d8ba04cae1f36b34692a98e57dde8cc3bb5d083c1b5122a1efe75df41d685625eb8a98d326035aebba6f3f9f6b4e3657321

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63657.exe

Filesize
184KB

MD5
dbaf3013eff528d19a5b27ef4e793e6e

SHA1
c64f4619c5d182e3793b3c08120284198d008cca

SHA256
1038283ef27bbd8a82280bf03750c48a1804368a28d2964fc458dead1fae7895

SHA512
64d84ce9a93bd41d36c3334be55925e62d2e75f438285de5a662a33d36889b7f11c89051d0901303eeb72a93d16bc9e45ea7b1d1a14314c1825937e2f192084c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6604.exe

Filesize
184KB

MD5
1ae5a039cce2922a47f6e2930823aaa3

SHA1
cc71d0f97debe22d06cb85d5a0b64406f64df399

SHA256
c20ca3512a9bb178e0492f6efd2209c4d1f19ed769a1f065bd49d98983cebfb3

SHA512
065c3f609fca5fc3bf438549fa6f10bbe4228d2c531b56a1a69f61bf370fe42cf859dd7448915f7c17c7e25ad6ba078b26b0abe2fdf01b2b8c48f4b6a65ce880

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6716.exe

Filesize
184KB

MD5
482dda19208aa37b1f86299070c74086

SHA1
2f98a5de127c3383c06d289bdcf69cefaa7c4c75

SHA256
122cfd4b2dd19001deeb663b78ce7eac68070dead19620a8cfeb12dc7ce37793

SHA512
7073595f5c8f8d7aae0a7ba1b85a45fccfd52aa91183eaa3e82de02a3ab64fe3e0d5c20a54a0aa5051484a94118e352a213d2a95be51a69038bbb782c6990609

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe

Filesize
184KB

MD5
4832c11e5fa00f4d103e658a557bae1c

SHA1
4ecc64a7af434f253abe02f6751a8b65a9633afe

SHA256
2328bd6d7ee3e5f4668ddd32e8953ca42ac9ce584d8e9501498eda01f57df964

SHA512
1fb026488cae1914aeba68e51a6139dbb828aeba031557c51329faba8dc920ea60688f8c85cf23e29737be1d8cf9176f6a6afeba6ea9ec221cc6db32241113a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe

Filesize
184KB

MD5
7aa2940a225b94a7abd35d4edc450562

SHA1
400c9f2af32b2c4104ea4da4be66daf1cc13ced5

SHA256
03432b844dabc7de208320610f6cf1d3c871ddc5c46bbd4d9389b462448d4cab

SHA512
501bf324bc6dcad1bbade80247150675724ca819900c6cfe8fba76cfec4d0b03dba99639df7f5fce7f7494eddfd4a86c324b12a6cc1af9fe7f54d8be4edd2cc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23362.exe

Filesize
184KB

MD5
376fa47a01a1557b03735bf554c25f50

SHA1
289473dd138b5abddf762518651408d3ca1dac4f

SHA256
ffa6aa0a8de0a0918b76c90ce23e96e460f3612a41cb8dcbfee348d4136d6def

SHA512
911f9ba7bd4bef7225e72039825cfaf98c8e181d53143f68fd3c25ca22fe9288e9cbf99cb816b4e97467bf54ffa4149d4d9ca2629dc263b25d0e291ca53be04c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3460.exe

Filesize
184KB

MD5
3dbd9ba669f392fa401ad070e3ed95f1

SHA1
a4850ab6d04270d94d9291e0a695bec59006b133

SHA256
198ff615d452160b792733d1b95fd3974b3e4d9f65b6bc1b56675565a51dcdb8

SHA512
00d216d18f0791082a9ed74de5e18a82e996f58beedb2f7c25521a8fd7e261600b4a744c6b57ee789d1f9d594e1af7cc0f5b66fcb4a0414aa148a4b552c503e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe

Filesize
184KB

MD5
6e3894c7fb06af2be17ccd1296a9c1f8

SHA1
c2558282d43e11571ca962c820904f6fdd0cc36d

SHA256
80f78a871d0d165adf0c12c70fe894732669d1bdb42893007c4a70db1693ea05

SHA512
3a2e1d4d44b9fa458cff1d2e1d43345b70accff42e112c597feaf196eb2cc734e42e0b1498a065f57852a7a2644a622677bd3a11e0a0e4f73f133768ce97a5c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe

Filesize
184KB

MD5
2bdc8c629e273ee77c9f2a8102390fa8

SHA1
66c56f6ba94c634d8dbb7f1e4106ceb181d014c6

SHA256
3961e3bd1b0b2ad1e23680bfa40124fea36ad95b2d3fd5efcac45fb05068ae4a

SHA512
910deda980824f21ac754e719b6549b8deebbd8a264245b4afc5101edff7cd2928ea9707371ed3794d9330f89a8a9ae2338b030e27fcff0c1cd14e640f90885d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52918.exe

Filesize
184KB

MD5
48406dd79c1d58b3f3db63857cf69657

SHA1
39e26ced9d03d5534dc89f329d619857b2f6ca01

SHA256
4a5f9b23299885550032eada199c1a97d7c63911c8967116b2113aca82d5f169

SHA512
83fccb9014462f8a178723ad679433555a0a9ca34bda5296455033b60023ffc1b71dad195e8bdf932711ace6ff62f5ddc001edbcca6fdadef2a8d688a9a01708

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54509.exe

Filesize
184KB

MD5
2b861cfcb12fb4f0a9dd57c676fca1fe

SHA1
05811631ffe7284735f8b79399196e88d4d983bf

SHA256
65864fd6a0b916361e9a69f5e1ab1b36cd35489dfa000898c717c894b38730d0

SHA512
7687a488ec70c9e76469660b7a977a3214ed908ccec3a545bad7224e5c2f6bffcfb03e716bd315cd625265475ddacb179bce5d479c440bc51bae90badf2ff7e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57161.exe

Filesize
184KB

MD5
4d000ef42d8fa96cd916558e5263754e

SHA1
40cf08646d6a546bed453ab4cc48744a52eca716

SHA256
dbba8b97dab580f1a1e71e411d4d4514f9d373482ef1d6babea013ec0270cb17

SHA512
af80876543d474669a2ca2374b484589d37f2bc767eed05c20958ffae7efbf9489c1b0a49e066bf7676342862b5a7587b140ddcd6d9544d83798a9ec957e1b63

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe

Filesize
184KB

MD5
00bedaf7a8eb9f14e7cd46dfc1f36999

SHA1
fe97065916df9a1547728081f972cd5a76139522

SHA256
6972c851b3588b535bba083af850349bc3fd5407233eb32b58b2f705c3298ee0

SHA512
c9cd07438fcc9721786e96f340d9fb15365ed3af73277791db49f601ef26a27dbc0a3b7a5f801ea4df5049b4e87bdc1a35dbde694c50c136731e4c8cba73b31e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7246.exe

Filesize
184KB

MD5
9e8906732b73253481a674afa1b2df1b

SHA1
158f258109cc2b939ed26a89267f6ee5a91aad13

SHA256
87bc3d2909a267eb618becba4e0b4d0a362f223d4d8625e680a7524ee8b5cee0

SHA512
1543c2d08acae76fcaac4a81c07ec73d936eb55faa6bc99fdf7e0c9566385c82fe727fda383cf0d3bcfe7f27134f3afddb636793d7f6e7319ffc01db514dd4d3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7751.exe

Filesize
184KB

MD5
19a5d247ec32fc64e95a937d0dedefb6

SHA1
282a898711cbbb105bb81e66f69831c278358402

SHA256
0c0f62fa3ae61e44b94821d38842da782e223ecbba1c5456e1ad04170f89015c

SHA512
c7ce68c0ad4095ff24b79ba1ae68d376fa6d452d5588ee580b12614377ee7878a8758538f39a742c8521ddd02f9950dc150c2d0ac01420f3c0ac47390a50f0cd

Download Submit