a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f

Analysis

max time kernel
150s
max time network
117s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
Size

184KB
MD5

b9ca4257e1a2af1a5a62621500fd1a70
SHA1

8726dd29fb528d85d70d63b068f92652f3a7f980
SHA256

a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f
SHA512

626dafcdd5a7f3efbfe5ba5497251c556b15d324a9da17bcb1e6e58b07dffdbc80ac81a70a5a7b3897d0bb95f905aa513eb799fb3cd254e55341f3ca6b2524f0
SSDEEP

1536:UB4/6jZlr3tiotx1bROAlawSG29yvVc8smddfwLm2/zJt1Ll5hj5nizpvm:g7/3tioTNROTjG4WKiwLmgf1LlnViF+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-16283.exeUnicorn-54342.exeUnicorn-34476.exeUnicorn-46068.exeUnicorn-41469.exeUnicorn-31096.exeUnicorn-884.exeUnicorn-50962.exeUnicorn-62480.exeUnicorn-36352.exeUnicorn-3871.exeUnicorn-49543.exeUnicorn-36160.exeUnicorn-29783.exeUnicorn-29591.exeUnicorn-29076.exeUnicorn-48942.exeUnicorn-27706.exeUnicorn-62839.exeUnicorn-46524.exeUnicorn-4635.exeUnicorn-47100.exeUnicorn-2139.exeUnicorn-12507.exeUnicorn-32181.exeUnicorn-32181.exeUnicorn-30296.exeUnicorn-50162.exeUnicorn-30104.exeUnicorn-49970.exeUnicorn-41530.exeUnicorn-19683.exeUnicorn-32489.exeUnicorn-36896.exeUnicorn-53123.exeUnicorn-37664.exeUnicorn-50855.exeUnicorn-9983.exeUnicorn-9983.exeUnicorn-55977.exeUnicorn-55977.exeUnicorn-751.exeUnicorn-751.exeUnicorn-751.exeUnicorn-39968.exeUnicorn-20425.exeUnicorn-20678.exeUnicorn-7856.exeUnicorn-7856.exeUnicorn-42292.exeUnicorn-29678.exeUnicorn-44945.exeUnicorn-43060.exeUnicorn-43383.exeUnicorn-62734.exeUnicorn-58136.exeUnicorn-11094.exeUnicorn-10580.exeUnicorn-17940.exeUnicorn-46782.exeUnicorn-918.exeUnicorn-64571.exeUnicorn-34167.exeUnicorn-14109.exe

pid	process
1872	Unicorn-16283.exe
2996	Unicorn-54342.exe
2288	Unicorn-34476.exe
2764	Unicorn-46068.exe
2908	Unicorn-41469.exe
2240	Unicorn-31096.exe
2152	Unicorn-884.exe
772	Unicorn-50962.exe
2000	Unicorn-62480.exe
2352	Unicorn-36352.exe
1660	Unicorn-3871.exe
2184	Unicorn-49543.exe
1348	Unicorn-36160.exe
2812	Unicorn-29783.exe
600	Unicorn-29591.exe
980	Unicorn-29076.exe
1260	Unicorn-48942.exe
1488	Unicorn-27706.exe
2180	Unicorn-62839.exe
288	Unicorn-46524.exe
1404	Unicorn-4635.exe
348	Unicorn-47100.exe
936	Unicorn-2139.exe
2508	Unicorn-12507.exe
304	Unicorn-32181.exe
2984	Unicorn-32181.exe
2904	Unicorn-30296.exe
2032	Unicorn-50162.exe
2380	Unicorn-30104.exe
2900	Unicorn-49970.exe
2584	Unicorn-41530.exe
2684	Unicorn-19683.exe
2564	Unicorn-32489.exe
2716	Unicorn-36896.exe
2524	Unicorn-53123.exe
356	Unicorn-37664.exe
1728	Unicorn-50855.exe
2776	Unicorn-9983.exe
1848	Unicorn-9983.exe
2752	Unicorn-55977.exe
1200	Unicorn-55977.exe
2256	Unicorn-751.exe
1816	Unicorn-751.exe
624	Unicorn-751.exe
1060	Unicorn-39968.exe
1572	Unicorn-20425.exe
884	Unicorn-20678.exe
1624	Unicorn-7856.exe
992	Unicorn-7856.exe
616	Unicorn-42292.exe
1832	Unicorn-29678.exe
3056	Unicorn-44945.exe
2052	Unicorn-43060.exe
1376	Unicorn-43383.exe
1992	Unicorn-62734.exe
700	Unicorn-58136.exe
2844	Unicorn-11094.exe
1720	Unicorn-10580.exe
2024	Unicorn-17940.exe
1596	Unicorn-46782.exe
1752	Unicorn-918.exe
2612	Unicorn-64571.exe
2664	Unicorn-34167.exe
2756	Unicorn-14109.exe

Loads dropped DLL 64 IoCs

Processes:

a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exeUnicorn-16283.exeUnicorn-54342.exeWerFault.exeUnicorn-46068.exeUnicorn-41469.exeWerFault.exeUnicorn-50962.exeUnicorn-31096.exeUnicorn-884.exeWerFault.exeWerFault.exeUnicorn-62480.exeUnicorn-36352.exeUnicorn-36160.exeUnicorn-49543.exeWerFault.exeWerFault.exe

pid	process
1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
1872	Unicorn-16283.exe
1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
1872	Unicorn-16283.exe
2996	Unicorn-54342.exe
2996	Unicorn-54342.exe
1872	Unicorn-16283.exe
1872	Unicorn-16283.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2764	Unicorn-46068.exe
2996	Unicorn-54342.exe
2764	Unicorn-46068.exe
2996	Unicorn-54342.exe
2908	Unicorn-41469.exe
2908	Unicorn-41469.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
772	Unicorn-50962.exe
2908	Unicorn-41469.exe
2908	Unicorn-41469.exe
772	Unicorn-50962.exe
2764	Unicorn-46068.exe
2764	Unicorn-46068.exe
2240	Unicorn-31096.exe
2240	Unicorn-31096.exe
2152	Unicorn-884.exe
2152	Unicorn-884.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2428	WerFault.exe
2000	Unicorn-62480.exe
2000	Unicorn-62480.exe
2352	Unicorn-36352.exe
2352	Unicorn-36352.exe
2240	Unicorn-31096.exe
2240	Unicorn-31096.exe
2152	Unicorn-884.exe
2152	Unicorn-884.exe
1348	Unicorn-36160.exe
1348	Unicorn-36160.exe
2184	Unicorn-49543.exe
2184	Unicorn-49543.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2064	WerFault.exe
2148	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2668	1688	WerFault.exe	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
2500	1872	WerFault.exe	Unicorn-16283.exe
2848	2996	WerFault.exe	Unicorn-54342.exe
2128	2764	WerFault.exe	Unicorn-46068.exe
2428	2908	WerFault.exe	Unicorn-41469.exe
2064	772	WerFault.exe	Unicorn-50962.exe
2148	2240	WerFault.exe	Unicorn-31096.exe
3032	2152	WerFault.exe	Unicorn-884.exe
2384	2000	WerFault.exe	Unicorn-62480.exe
2372	1660	WerFault.exe	Unicorn-3871.exe
2364	2352	WerFault.exe	Unicorn-36352.exe
2544	1348	WerFault.exe	Unicorn-36160.exe
2724	2184	WerFault.exe	Unicorn-49543.exe
2100	2812	WerFault.exe	Unicorn-29783.exe
1516	600	WerFault.exe	Unicorn-29591.exe
704	980	WerFault.exe	Unicorn-29076.exe
2120	1260	WerFault.exe	Unicorn-48942.exe
2144	1488	WerFault.exe	Unicorn-27706.exe
384	2180	WerFault.exe	Unicorn-62839.exe
644	1404	WerFault.exe	Unicorn-4635.exe
2400	348	WerFault.exe	Unicorn-47100.exe
2404	288	WerFault.exe	Unicorn-46524.exe
1840	936	WerFault.exe	Unicorn-2139.exe
312	2508	WerFault.exe	Unicorn-12507.exe
1724	2900	WerFault.exe	Unicorn-49970.exe
2648	304	WerFault.exe	Unicorn-32181.exe
2772	2380	WerFault.exe	Unicorn-30104.exe
2568	2032	WerFault.exe	Unicorn-50162.exe
1240	2904	WerFault.exe	Unicorn-30296.exe
1880	2984	WerFault.exe	Unicorn-32181.exe
1264	2684	WerFault.exe	Unicorn-19683.exe
1252	2584	WerFault.exe	Unicorn-41530.exe
2504	2716	WerFault.exe	Unicorn-36896.exe
1092	356	WerFault.exe	Unicorn-37664.exe
888	1728	WerFault.exe	Unicorn-50855.exe
3092	2524	WerFault.exe	Unicorn-53123.exe
908	2564	WerFault.exe	Unicorn-32489.exe
3136	2776	WerFault.exe	Unicorn-9983.exe
3192	2752	WerFault.exe	Unicorn-55977.exe
3220	1200	WerFault.exe	Unicorn-55977.exe
3244	1848	WerFault.exe	Unicorn-9983.exe
3316	884	WerFault.exe	Unicorn-20678.exe
3268	2256	WerFault.exe	Unicorn-751.exe
3340	1572	WerFault.exe	Unicorn-20425.exe
3372	1060	WerFault.exe	Unicorn-39968.exe
3332	1816	WerFault.exe	Unicorn-751.exe
3276	624	WerFault.exe	Unicorn-751.exe
3940	1624	WerFault.exe	Unicorn-7856.exe
4016	992	WerFault.exe	Unicorn-7856.exe
3288	616	WerFault.exe	Unicorn-42292.exe
3788	1832	WerFault.exe	Unicorn-29678.exe
3856	2052	WerFault.exe	Unicorn-43060.exe
3924	3056	WerFault.exe	Unicorn-44945.exe
3876	1376	WerFault.exe	Unicorn-43383.exe
3424	1720	WerFault.exe	Unicorn-10580.exe
3696	1868	WerFault.exe	Unicorn-29594.exe
3748	2844	WerFault.exe	Unicorn-11094.exe
3132	700	WerFault.exe	Unicorn-58136.exe
3968	2024	WerFault.exe	Unicorn-17940.exe
3992	2756	WerFault.exe	Unicorn-14109.exe
4960	2664	WerFault.exe	Unicorn-34167.exe
4996	1716	WerFault.exe	Unicorn-16193.exe
5012	2912	WerFault.exe	Unicorn-31898.exe
5052	2396	WerFault.exe	Unicorn-25177.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exeUnicorn-16283.exeUnicorn-34476.exeUnicorn-54342.exeUnicorn-46068.exeUnicorn-41469.exeUnicorn-50962.exeUnicorn-31096.exeUnicorn-884.exeUnicorn-36352.exeUnicorn-62480.exeUnicorn-3871.exeUnicorn-49543.exeUnicorn-36160.exeUnicorn-29783.exeUnicorn-29591.exeUnicorn-29076.exeUnicorn-27706.exeUnicorn-48942.exeUnicorn-62839.exeUnicorn-46524.exeUnicorn-4635.exeUnicorn-47100.exeUnicorn-2139.exeUnicorn-12507.exeUnicorn-32181.exeUnicorn-30296.exeUnicorn-30104.exeUnicorn-32181.exeUnicorn-50162.exeUnicorn-49970.exeUnicorn-41530.exeUnicorn-19683.exeUnicorn-32489.exeUnicorn-36896.exeUnicorn-53123.exeUnicorn-37664.exeUnicorn-50855.exeUnicorn-9983.exeUnicorn-9983.exeUnicorn-55977.exeUnicorn-55977.exeUnicorn-751.exeUnicorn-751.exeUnicorn-751.exeUnicorn-20425.exeUnicorn-39968.exeUnicorn-20678.exeUnicorn-7856.exeUnicorn-7856.exeUnicorn-42292.exeUnicorn-29678.exeUnicorn-44945.exeUnicorn-43060.exeUnicorn-43383.exeUnicorn-62734.exeUnicorn-58136.exeUnicorn-10580.exeUnicorn-11094.exeUnicorn-17940.exeUnicorn-46782.exeUnicorn-918.exeUnicorn-64571.exeUnicorn-1686.exe

pid	process
1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
1872	Unicorn-16283.exe
2288	Unicorn-34476.exe
2996	Unicorn-54342.exe
2764	Unicorn-46068.exe
2908	Unicorn-41469.exe
772	Unicorn-50962.exe
2240	Unicorn-31096.exe
2152	Unicorn-884.exe
2352	Unicorn-36352.exe
2000	Unicorn-62480.exe
1660	Unicorn-3871.exe
2184	Unicorn-49543.exe
1348	Unicorn-36160.exe
2812	Unicorn-29783.exe
600	Unicorn-29591.exe
980	Unicorn-29076.exe
1488	Unicorn-27706.exe
1260	Unicorn-48942.exe
2180	Unicorn-62839.exe
288	Unicorn-46524.exe
1404	Unicorn-4635.exe
348	Unicorn-47100.exe
936	Unicorn-2139.exe
2508	Unicorn-12507.exe
304	Unicorn-32181.exe
2904	Unicorn-30296.exe
2380	Unicorn-30104.exe
2984	Unicorn-32181.exe
2032	Unicorn-50162.exe
2900	Unicorn-49970.exe
2584	Unicorn-41530.exe
2684	Unicorn-19683.exe
2564	Unicorn-32489.exe
2716	Unicorn-36896.exe
2524	Unicorn-53123.exe
356	Unicorn-37664.exe
1728	Unicorn-50855.exe
2776	Unicorn-9983.exe
1848	Unicorn-9983.exe
2752	Unicorn-55977.exe
1200	Unicorn-55977.exe
624	Unicorn-751.exe
1816	Unicorn-751.exe
2256	Unicorn-751.exe
1572	Unicorn-20425.exe
1060	Unicorn-39968.exe
884	Unicorn-20678.exe
1624	Unicorn-7856.exe
992	Unicorn-7856.exe
616	Unicorn-42292.exe
1832	Unicorn-29678.exe
3056	Unicorn-44945.exe
2052	Unicorn-43060.exe
1376	Unicorn-43383.exe
1992	Unicorn-62734.exe
700	Unicorn-58136.exe
1720	Unicorn-10580.exe
2844	Unicorn-11094.exe
2024	Unicorn-17940.exe
1596	Unicorn-46782.exe
1752	Unicorn-918.exe
2612	Unicorn-64571.exe
2464	Unicorn-1686.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exeUnicorn-16283.exeUnicorn-54342.exeUnicorn-46068.exeUnicorn-41469.exeUnicorn-50962.exeUnicorn-31096.exeUnicorn-884.exe

description	pid	process	target process
PID 1688 wrote to memory of 1872	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-16283.exe
PID 1688 wrote to memory of 1872	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-16283.exe
PID 1688 wrote to memory of 1872	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-16283.exe
PID 1688 wrote to memory of 1872	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-16283.exe
PID 1688 wrote to memory of 2288	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-34476.exe
PID 1688 wrote to memory of 2288	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-34476.exe
PID 1688 wrote to memory of 2288	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-34476.exe
PID 1688 wrote to memory of 2288	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	Unicorn-34476.exe
PID 1872 wrote to memory of 2996	1872	Unicorn-16283.exe	Unicorn-54342.exe
PID 1872 wrote to memory of 2996	1872	Unicorn-16283.exe	Unicorn-54342.exe
PID 1872 wrote to memory of 2996	1872	Unicorn-16283.exe	Unicorn-54342.exe
PID 1872 wrote to memory of 2996	1872	Unicorn-16283.exe	Unicorn-54342.exe
PID 1688 wrote to memory of 2668	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	WerFault.exe
PID 1688 wrote to memory of 2668	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	WerFault.exe
PID 1688 wrote to memory of 2668	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	WerFault.exe
PID 1688 wrote to memory of 2668	1688	a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe	WerFault.exe
PID 2996 wrote to memory of 2764	2996	Unicorn-54342.exe	Unicorn-46068.exe
PID 2996 wrote to memory of 2764	2996	Unicorn-54342.exe	Unicorn-46068.exe
PID 2996 wrote to memory of 2764	2996	Unicorn-54342.exe	Unicorn-46068.exe
PID 2996 wrote to memory of 2764	2996	Unicorn-54342.exe	Unicorn-46068.exe
PID 1872 wrote to memory of 2908	1872	Unicorn-16283.exe	Unicorn-41469.exe
PID 1872 wrote to memory of 2908	1872	Unicorn-16283.exe	Unicorn-41469.exe
PID 1872 wrote to memory of 2908	1872	Unicorn-16283.exe	Unicorn-41469.exe
PID 1872 wrote to memory of 2908	1872	Unicorn-16283.exe	Unicorn-41469.exe
PID 1872 wrote to memory of 2500	1872	Unicorn-16283.exe	WerFault.exe
PID 1872 wrote to memory of 2500	1872	Unicorn-16283.exe	WerFault.exe
PID 1872 wrote to memory of 2500	1872	Unicorn-16283.exe	WerFault.exe
PID 1872 wrote to memory of 2500	1872	Unicorn-16283.exe	WerFault.exe
PID 2764 wrote to memory of 2152	2764	Unicorn-46068.exe	Unicorn-884.exe
PID 2764 wrote to memory of 2152	2764	Unicorn-46068.exe	Unicorn-884.exe
PID 2764 wrote to memory of 2152	2764	Unicorn-46068.exe	Unicorn-884.exe
PID 2764 wrote to memory of 2152	2764	Unicorn-46068.exe	Unicorn-884.exe
PID 2996 wrote to memory of 2240	2996	Unicorn-54342.exe	Unicorn-31096.exe
PID 2996 wrote to memory of 2240	2996	Unicorn-54342.exe	Unicorn-31096.exe
PID 2996 wrote to memory of 2240	2996	Unicorn-54342.exe	Unicorn-31096.exe
PID 2996 wrote to memory of 2240	2996	Unicorn-54342.exe	Unicorn-31096.exe
PID 2908 wrote to memory of 772	2908	Unicorn-41469.exe	Unicorn-50962.exe
PID 2908 wrote to memory of 772	2908	Unicorn-41469.exe	Unicorn-50962.exe
PID 2908 wrote to memory of 772	2908	Unicorn-41469.exe	Unicorn-50962.exe
PID 2908 wrote to memory of 772	2908	Unicorn-41469.exe	Unicorn-50962.exe
PID 2996 wrote to memory of 2848	2996	Unicorn-54342.exe	WerFault.exe
PID 2996 wrote to memory of 2848	2996	Unicorn-54342.exe	WerFault.exe
PID 2996 wrote to memory of 2848	2996	Unicorn-54342.exe	WerFault.exe
PID 2996 wrote to memory of 2848	2996	Unicorn-54342.exe	WerFault.exe
PID 2908 wrote to memory of 2000	2908	Unicorn-41469.exe	Unicorn-62480.exe
PID 2908 wrote to memory of 2000	2908	Unicorn-41469.exe	Unicorn-62480.exe
PID 2908 wrote to memory of 2000	2908	Unicorn-41469.exe	Unicorn-62480.exe
PID 2908 wrote to memory of 2000	2908	Unicorn-41469.exe	Unicorn-62480.exe
PID 772 wrote to memory of 2352	772	Unicorn-50962.exe	Unicorn-36352.exe
PID 772 wrote to memory of 2352	772	Unicorn-50962.exe	Unicorn-36352.exe
PID 772 wrote to memory of 2352	772	Unicorn-50962.exe	Unicorn-36352.exe
PID 772 wrote to memory of 2352	772	Unicorn-50962.exe	Unicorn-36352.exe
PID 2764 wrote to memory of 2184	2764	Unicorn-46068.exe	Unicorn-49543.exe
PID 2764 wrote to memory of 2184	2764	Unicorn-46068.exe	Unicorn-49543.exe
PID 2764 wrote to memory of 2184	2764	Unicorn-46068.exe	Unicorn-49543.exe
PID 2764 wrote to memory of 2184	2764	Unicorn-46068.exe	Unicorn-49543.exe
PID 2240 wrote to memory of 1660	2240	Unicorn-31096.exe	Unicorn-3871.exe
PID 2240 wrote to memory of 1660	2240	Unicorn-31096.exe	Unicorn-3871.exe
PID 2240 wrote to memory of 1660	2240	Unicorn-31096.exe	Unicorn-3871.exe
PID 2240 wrote to memory of 1660	2240	Unicorn-31096.exe	Unicorn-3871.exe
PID 2152 wrote to memory of 1348	2152	Unicorn-884.exe	Unicorn-36160.exe
PID 2152 wrote to memory of 1348	2152	Unicorn-884.exe	Unicorn-36160.exe
PID 2152 wrote to memory of 1348	2152	Unicorn-884.exe	Unicorn-36160.exe
PID 2152 wrote to memory of 1348	2152	Unicorn-884.exe	Unicorn-36160.exe

C:\Users\Admin\AppData\Local\Temp\a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe
"C:\Users\Admin\AppData\Local\Temp\a1b65b1a3c0de42d3cc647d4763e13d65d97e0e12164cc9c9175c8e5c872ef0f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-884.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48942.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-918.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
11⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
12⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
13⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
14⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
15⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 220
15⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
14⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
13⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
12⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33713.exe
11⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13487.exe
12⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23114.exe
13⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28806.exe
14⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 204
14⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
13⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
12⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
11⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54507.exe
10⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
11⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
12⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
13⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe
14⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
14⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
13⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
12⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 216
11⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
10⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64571.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63957.exe
10⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
11⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53467.exe
12⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53929.exe
13⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11848.exe
14⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
14⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 236
13⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
12⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
11⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25605.exe
11⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1206.exe
12⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
13⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 236
12⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
11⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
10⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 220
9⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
9⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41316.exe
10⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe
11⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
12⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
13⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47335.exe
14⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
13⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
12⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
11⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35659.exe
10⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49393.exe
11⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45965.exe
12⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18559.exe
13⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 220
13⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
12⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
11⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37485.exe
9⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40066.exe
10⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14255.exe
11⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
12⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
13⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
12⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
11⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 220
9⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
8⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30296.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39968.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-49460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49460.exe
9⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
10⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
11⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40820.exe
12⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6800.exe
13⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52704.exe
14⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
14⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 236
13⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
12⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12449.exe
11⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-225.exe
12⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-33936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33936.exe
13⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
12⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
11⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
10⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
9⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
10⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23770.exe
11⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
12⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65482.exe
13⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
12⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
11⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 236
10⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
9⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62843.exe
8⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26194.exe
9⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57204.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64583.exe
11⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-57515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57515.exe
12⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33574.exe
13⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
12⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1425.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
11⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 220
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
9⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
- Program crash
PID:1240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
7⤵
- Program crash
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27706.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50162.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18820.exe
10⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
11⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59727.exe
12⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59976.exe
13⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46549.exe
14⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 220
14⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
13⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
12⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
11⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
10⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
11⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
12⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22371.exe
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
13⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
12⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
11⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
9⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22469.exe
10⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
11⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
12⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63344.exe
13⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
13⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 216
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
11⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
10⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
9⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31898.exe
8⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
9⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21291.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45698.exe
11⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50900.exe
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 220
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
12⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
11⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
10⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2385.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23962.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7080.exe
11⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21217.exe
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
9⤵
- Program crash
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 220
8⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16404.exe
8⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe
9⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32372.exe
11⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55534.exe
12⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58734.exe
13⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
13⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
12⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
11⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52489.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55511.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
11⤵
PID:8892

C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47520.exe
12⤵
PID:11520

C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13851.exe
13⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8892 -s 216
12⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 236
11⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
10⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36888.exe
8⤵
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 220
9⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
8⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
7⤵
- Program crash
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
6⤵
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-49970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49970.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17940.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43428.exe
10⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55115.exe
11⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6821.exe
12⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58723.exe
13⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13320.exe
14⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 204
14⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
13⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
12⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
11⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
10⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45436.exe
9⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
10⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58113.exe
11⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35674.exe
12⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40106.exe
13⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
13⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
12⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
11⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
10⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
9⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46782.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24103.exe
9⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39056.exe
11⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33695.exe
12⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
13⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
11⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56521.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62086.exe
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
9⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
8⤵
- Program crash
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-751.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
8⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8980.exe
9⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34123.exe
11⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
12⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
13⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
12⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
11⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
10⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57210.exe
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
11⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10997.exe
12⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 220
12⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 236
11⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19291.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45992.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12747.exe
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
11⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30096.exe
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
9⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
8⤵
- Program crash
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
7⤵
- Program crash
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30104.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55977.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34167.exe
8⤵
- Executes dropped EXE
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32245.exe
9⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51529.exe
10⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10443.exe
11⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
12⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64356.exe
13⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
12⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10065.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56032.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
11⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34512.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
12⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
11⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
10⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 220
9⤵
- Program crash
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
8⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
7⤵
- Executes dropped EXE
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56583.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19755.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56432.exe
11⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52575.exe
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
9⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
8⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
7⤵
- Program crash
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
6⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29678.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29048.exe
9⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30813.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1423.exe
11⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
12⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59630.exe
13⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12196.exe
14⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 220
14⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
13⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
12⤵
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
11⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17494.exe
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59844.exe
11⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16091.exe
12⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
11⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55379.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20531.exe
10⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
11⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59760.exe
12⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
13⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 236
12⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
10⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
9⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8990.exe
8⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25167.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20195.exe
11⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
12⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48082.exe
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 236
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
11⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50961.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37216.exe
10⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22838.exe
11⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61558.exe
12⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
12⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
11⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
9⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43060.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
8⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55343.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5071.exe
10⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
11⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37178.exe
12⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
12⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53265.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14374.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7824.exe
11⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53267.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
9⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
10⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19667.exe
11⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
12⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
12⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
10⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 220
8⤵
- Program crash
PID:3856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
7⤵
- Program crash
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
6⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
8⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1528.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2437.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5097.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29536.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
12⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
13⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 220
11⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
10⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64666.exe
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
10⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
11⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34003.exe
12⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
10⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
9⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 220
8⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16547.exe
10⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24001.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47838.exe
12⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
11⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
8⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
7⤵
- Program crash
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
7⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39733.exe
8⤵
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36098.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53128.exe
10⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
12⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
12⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 236
9⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-81.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28101.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31746.exe
10⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27992.exe
11⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
10⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 220
8⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31434.exe
7⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19817.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62223.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18539.exe
10⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4084.exe
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 220
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
10⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 236
8⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
7⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 220
6⤵
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29591.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2139.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11094.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36245.exe
10⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38538.exe
11⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25374.exe
12⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-134.exe
13⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50666.exe
14⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
14⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
13⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
11⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
10⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
9⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19049.exe
10⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
11⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5544.exe
12⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12550.exe
13⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
13⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
12⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
11⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
10⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
9⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10580.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25177.exe
9⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35494.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
11⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
12⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
13⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
14⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
14⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
13⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
12⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
11⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13701.exe
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41725.exe
11⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48009.exe
12⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
12⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
10⤵
- Program crash
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13900.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe
11⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
12⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48317.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
13⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
12⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
11⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
10⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
9⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
8⤵
- Program crash
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62734.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
9⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
10⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52872.exe
11⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
12⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
13⤵
PID:12112

C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45273.exe
14⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
13⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 216
10⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51695.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
11⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36946.exe
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 220
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
11⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
9⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
- Program crash
PID:888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
7⤵
- Program crash
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37664.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43383.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52888.exe
9⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
10⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
11⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4981.exe
12⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58525.exe
13⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
14⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
13⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
12⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12838.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17976.exe
12⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10287.exe
13⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 220
12⤵
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
11⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
12⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
13⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
13⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
12⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
10⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 220
9⤵
- Program crash
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
8⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40652.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34571.exe
11⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
12⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34475.exe
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
13⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
12⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
11⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
10⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
9⤵
- Program crash
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
8⤵
- Program crash
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31477.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2794.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49509.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
12⤵
PID:11668

C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44697.exe
13⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
9⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
8⤵
- Program crash
PID:3132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
7⤵
- Program crash
PID:312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
6⤵
- Program crash
PID:2364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29783.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41530.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19126.exe
9⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34819.exe
10⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57829.exe
11⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
12⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25185.exe
13⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
14⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 236
14⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
13⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
12⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
11⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44458.exe
11⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53899.exe
12⤵
PID:8840

C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 216
13⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
12⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65031.exe
9⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58597.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42559.exe
11⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-509.exe
12⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39230.exe
13⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
13⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
12⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
9⤵
- Program crash
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41420.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5424.exe
10⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56595.exe
11⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10320.exe
12⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
13⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
13⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
12⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13846.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18406.exe
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4726.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
11⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
9⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
8⤵
- Program crash
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
7⤵
- Program crash
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32489.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44945.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28852.exe
9⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7224.exe
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50831.exe
11⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
12⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
12⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
11⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
8⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
7⤵
PID:660

C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23823.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21517.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45996.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60998.exe
11⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38238.exe
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 236
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43280.exe
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42156.exe
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28518.exe
10⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47125.exe
11⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 220
11⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
10⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 660 -s 240
8⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
7⤵
- Program crash
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
6⤵
- Program crash
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52374.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26973.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40209.exe
10⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
12⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
13⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
13⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
11⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48631.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29114.exe
10⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46711.exe
11⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45463.exe
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
11⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
10⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54611.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7728.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5569.exe
11⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
12⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
12⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
8⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47776.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59998.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58724.exe
9⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
10⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-813.exe
11⤵
PID:13180

C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
11⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
10⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 216
8⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
7⤵
- Program crash
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42292.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19894.exe
7⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9707.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53011.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41556.exe
10⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63540.exe
11⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1610.exe
12⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
12⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
11⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20208.exe
8⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42418.exe
9⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21395.exe
10⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51574.exe
11⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
10⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
9⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
8⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37781.exe
7⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
9⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20788.exe
10⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32223.exe
11⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
10⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
8⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
7⤵
- Program crash
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
6⤵
- Program crash
PID:2400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
5⤵
- Program crash
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
2⤵
- Program crash
PID:2668

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22977.exe

Filesize
184KB

MD5
9f14df727430ae23e013e6cea4d39152

SHA1
e3e64f564694afbb448a79aba3b5ea23fcb66672

SHA256
016e99ab2c894675fd30caef735537d8b8304eeec117f9d7a33c4a1794a52431

SHA512
af6904be36a04320f71a9dc59f3564e57cecb88748a5a6af439f8de35f97d3b9b293f0ddd21009ff503d6bf75b3302fde2fa26b4a1ac937bb9d3bddf55cd1201

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23720.exe

Filesize
184KB

MD5
e1c63119309b9cb0def32470efef2905

SHA1
bfa99e6fbb8c03cde40e62223a87aeadfe91a0c4

SHA256
47216afde9932f50bea56177aa5ab960737147118f112b1ea3c8f016e6d9fc1a

SHA512
897cd5e449fbc51dfc01b1a490586dc77fc7508db55df9844db146536375bd6ef38798b6fc7c3586bf712505b37498690b022dae6256ea51f2622fc6a85b2d6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe

Filesize
184KB

MD5
614132903df31cd9cd92cd699ce81e6c

SHA1
b6749c963669d024667dab00249def70791ce436

SHA256
3039b51b4304839a6c83913ab7721403875d03824fefe16e8191cddaa9da6670

SHA512
9bf7081eafd292a34ad7197ece49f7adbd50b39eda57944095e302d240434895a3b3edd266bda83fd902dab7d873d50be25a61dc268b708565ba4a01d305cedc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36160.exe

Filesize
184KB

MD5
4a0f9b5c84b890218ad145fd9e5e3279

SHA1
36bcdff86f71c22ab490312e84ba7e2382b6bc0c

SHA256
0b906a36f8539c168a28df5c44fc2d5962e8277ffc1012759c0add764caaa4c6

SHA512
388346c18e6419e45c2e7b23da1c83a9fd8c0398806a718d19a37855a6ffed5134212a3f9de240e63c3dbb92f153b47cb7d5f7e983150ab4cbe2b1f42dfddb6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe

Filesize
184KB

MD5
a5246f819a619dabf9d536ccbe326e6f

SHA1
1343013f3080071df3c4bc96707a3ccb226b3685

SHA256
93822ab6811054597a3ed626a1c80331f51a9f9dcf28f2e5389c0d4820b14349

SHA512
9cd481f3b375e069bbbe146af9071aaf362430c306cc5a7caade663c779c9a45c3afa2a95a6d1fa187abc154e7dbddb372bc638259394b88ccfb41a090752386

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54342.exe

Filesize
184KB

MD5
5ef00c5c48f273a58abc962c840ab7c7

SHA1
f74a49bd2744690d423ae4adf21213647b042fb3

SHA256
bd9d01afb77edb2fd885369a9353efeca7849d86201b883fddb4a82379edcb74

SHA512
3df99c7d18fce4bb3756f1394cfd5e7e8014fef67c8faca7313bec2d4d13e51cfd6d07e8e16550d92bc8231999d9040c0422305676b49fadde1bd4d9d04b9686

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5688.exe

Filesize
184KB

MD5
3f793da02c0dd1d736125c686837049a

SHA1
af03cf196c4a59edfdb816ee628a63bc5dbdc85c

SHA256
04f8538b73df40cd34593691f6627214a5a271813b64a63996efdfbcd2ac826e

SHA512
76c25e8df46b2868c599ff70bedd9cb69a6460ed0830f25d816a092c6a212764accd6b8fee25386f99d7368473644dd11656fae81d9fdc3f512f5b6bb2fa2d0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6100.exe

Filesize
184KB

MD5
b04859a823eeb2759861b6bfaa1de0bf

SHA1
f41e4083f8139281e6213d957ccda6f2629354a2

SHA256
47306148d9d25b0ea5ed5293571f3590e26fbbfdcfab825044a2087c56a75c84

SHA512
2252b0e2e73162fd2da3dc6316962466055f54422a3cb4142b0ee1627fda406c12e9857241cfe542a46d5186ee5712766eff63f072dcd235e07c12b65585e22d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6525.exe

Filesize
184KB

MD5
b980ef8f803ac79086a33fa24efa0552

SHA1
46c12096d0b1cdf0c8cf8528e00676c885331ed9

SHA256
c2251f3b58ee75b73346d799918922a21a59ef67a6328d1fe30b03d4cf91a175

SHA512
3c7ae33353f28977fa3894763240d07472b69b5f22b701e6f3249b9d65d23ab3db0aa0c262ba20095de6cff1e4e36f2802c25289d92434ebf2cfad172b8a688c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6817.exe

Filesize
184KB

MD5
0fb49441be7b59079ef027b26261b125

SHA1
d36fa72cf8b9cdc2e3196bed74f381d80df89fb4

SHA256
709c3033aea4e276743d30867fc29f7aa7f0cc113b93641514ba847f6e60778f

SHA512
a56720354a087dfb9ea5c794d68476f212db720e39d6faa67dc4b8cf119214aab29ab270d66e3e2284813008f7373c898dcc19285ae3c763c5d9009cbef75bb4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16283.exe

Filesize
184KB

MD5
b50cd73f2cb887ef77c0ab1be0a0c03e

SHA1
4959e05e47bd27a05940061e465c78e4b15de70e

SHA256
b21a2b2db11888b939a237a924893d8b8894ef1cda8a01bced7d8cd687725df5

SHA512
df64d2ad5b1b7bfd89e242ab150315e06d61a46d73b6d67a424092b7fe2d7adc9f3f7c6516c39e415843d394314c69bf35218ad741a80d7e2edd4db846b6bc16

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31096.exe

Filesize
184KB

MD5
b4142f5c0d31f79e761082a2faca3788

SHA1
852ffe7881e6dd6e975ca64e52efe12be47c728b

SHA256
883ffe19e36cd9180061b74f24bc80df8b6dc31a0b5066747b50462e075b730c

SHA512
019442e2cc43e696b75b5e22b9f0fbac59778d992a771a0b4237e86f52a143f6d90d24f6d86aa50a86bc58531e21cd77a1fe3fdab3363b9ede6e62bc992d06ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36352.exe

Filesize
184KB

MD5
73afae2478b63397e182da9e6ef04029

SHA1
57111acc451648551973fb48e4e718a4eb16ea88

SHA256
443b51895e9981d0dfa9b9393fbc0c872824999ca8556554bc00abe141a04339

SHA512
e926f29fa7dda360505b549cb174bd46ab3027a411d1a56f6534f8788866c61d7deb290a884d038d314fb8d6bc08ddf053340a2b63b8ff235d2f8dc73e738bce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3871.exe

Filesize
184KB

MD5
5dcb7b7292c14e4f8098c8736b801af8

SHA1
53268d00eb91350c5bc6fec897925be0c1a286f6

SHA256
e84929bd95c5ffa6cfe54da86d7a60eec422dd088ad549156620a734e3c6ebca

SHA512
5a213fcb986b4ca4cbbc8d529f4daaf8db9f0c80be4ee915227fb4aa0ac2c798ea45881aa049ca8db6917beda24b344d7ac637e395e4ababce2746588e5f8da8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41469.exe

Filesize
184KB

MD5
e477f08032913c8f5df5b7d23fe64c53

SHA1
bfaec06da8aca74bb7527ac459e272caa2be7ff7

SHA256
342e1dd41601dc995553139e3fc7ffc9c1f67642287a8dc5735991b06604fc4a

SHA512
dc732c9271cedcda11a0cf75621f10535223145589550929b3eb1dfb5cd0d0becefd24be0c76932cc153775ad434cfc323db1bdca075cc6e1d67919481419009

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46068.exe

Filesize
184KB

MD5
3fa4002e2f281e5bc092b86fe85beb17

SHA1
6cf948901825f2073b7bd950afb73fc2f0ef4f30

SHA256
86e4044c0b75c6b81ecf040d41155cfdba8daa7686c4379e6a8a9915417f695b

SHA512
2ce5b4e4eb671992167a60fe519a103b3cd7d9116837fc5a0c831e139c386da173a64158cd757aaabde2aa75ee0a81c903f97cc8113b959c1a5bb904281f60e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49543.exe

Filesize
184KB

MD5
7ad72e3568725cbafa51ba90fbc1efe7

SHA1
2f39ea6996f851b66e2737273df6439aac3a3ed9

SHA256
17ac8bc8962bfeffc12a7039ca556741975e4e221bab78c4df0baad5ca3f5fe1

SHA512
d2dafb77c29846648b4bcbacc03a29c28f5915885e2d394d68b2bc917017ab5b17a6a7d0dfafca773d1b9d23507f92d26d98960f6ed764f4f0d47b64deb713ab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62480.exe

Filesize
184KB

MD5
68c32802dc676142b388dbf40079b9cc

SHA1
f920cdf337ea2dcab4db295ef47570a5f61b7101

SHA256
09a7e76e4183128f7b33b89ea6c48c65698b1b53e7f1fd53d6466d5f227b4f9f

SHA512
4e58176674ccd111b6c22c5d35c6aa16ee2752e8f2d9ca68067a5297bd0ba7fff05ba5a040fa19abd5c6481663cc554fb302a700bbc514b47fbd030244a5feca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-884.exe

Filesize
184KB

MD5
ad81da3b3e970fe702313c467e410544

SHA1
7cccc581b8728c7252096b77bd03148b868e7a79

SHA256
d95f512f85f835f05226ed16e5e51765fcfa65c4a9d36085c40f9f7f04149a5e

SHA512
a8e7f966c3d80e94c92533f6762f6b150cc9f38e0cc7836b7c8fe008fe308605d0c1035d6f5f6a0ce681cd55a1b815644df3bd6c2b67fb88177eeb856818d5fd

Download Submit