39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379

Analysis

max time kernel
152s
max time network
129s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
Size

184KB
MD5

8c9ca9f22cc05ae40fdfd222ccb39ffc
SHA1

9975c29865ae641958e563ac5f94c6464cfb9497
SHA256

39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379
SHA512

f33a6c6791416125c7c3e879efac04820666290d318c4b772f3e65c6c579683f049fb1fba2616c25e2e0bd713b3b9b90ecd252f5203638497f72857cce3bf549
SSDEEP

1536:5N2ZmjZ5t078o5xxJJAAl3wMFeFyvZc8ndddjFL+2VJet1hl5hj5nizpJc:XH9078ofDJAOdFYWeyFL+Es1hlnViFO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-35261.exeUnicorn-65255.exeUnicorn-15499.exeUnicorn-44171.exeUnicorn-30527.exeUnicorn-23751.exeUnicorn-30933.exeUnicorn-52121.exeUnicorn-36339.exeUnicorn-56205.exeUnicorn-40423.exeUnicorn-35832.exeUnicorn-40470.exeUnicorn-27472.exeUnicorn-21804.exeUnicorn-36194.exeUnicorn-19112.exeUnicorn-41670.exeUnicorn-28131.exeUnicorn-47160.exeUnicorn-57466.exeUnicorn-64887.exeUnicorn-58665.exeUnicorn-16241.exeUnicorn-7518.exeUnicorn-22463.exeUnicorn-11602.exeUnicorn-46413.exeUnicorn-56527.exeUnicorn-40745.exeUnicorn-7793.exeUnicorn-40466.exeUnicorn-11685.exeUnicorn-31229.exeUnicorn-44036.exeUnicorn-8348.exeUnicorn-45105.exeUnicorn-26076.exeUnicorn-48442.exeUnicorn-10123.exeUnicorn-28598.exeUnicorn-12816.exeUnicorn-36766.exeUnicorn-22930.exeUnicorn-42796.exeUnicorn-42796.exeUnicorn-57741.exeUnicorn-20238.exeUnicorn-4456.exeUnicorn-48224.exeUnicorn-16106.exeUnicorn-19444.exeUnicorn-3107.exeUnicorn-20574.exeUnicorn-35095.exeUnicorn-54124.exeUnicorn-2977.exeUnicorn-57653.exeUnicorn-9007.exeUnicorn-43263.exeUnicorn-58208.exeUnicorn-16621.exeUnicorn-16621.exeUnicorn-35671.exe

pid	process
2888	Unicorn-35261.exe
2684	Unicorn-65255.exe
2592	Unicorn-15499.exe
2548	Unicorn-44171.exe
2540	Unicorn-30527.exe
1564	Unicorn-23751.exe
2352	Unicorn-30933.exe
1868	Unicorn-52121.exe
856	Unicorn-36339.exe
1620	Unicorn-56205.exe
1768	Unicorn-40423.exe
2652	Unicorn-35832.exe
2336	Unicorn-40470.exe
2920	Unicorn-27472.exe
2472	Unicorn-21804.exe
1440	Unicorn-36194.exe
2208	Unicorn-19112.exe
696	Unicorn-41670.exe
1144	Unicorn-28131.exe
1248	Unicorn-47160.exe
1976	Unicorn-57466.exe
2788	Unicorn-64887.exe
2120	Unicorn-58665.exe
576	Unicorn-16241.exe
2976	Unicorn-7518.exe
2112	Unicorn-22463.exe
2744	Unicorn-11602.exe
1196	Unicorn-46413.exe
1596	Unicorn-56527.exe
2884	Unicorn-40745.exe
2572	Unicorn-7793.exe
2452	Unicorn-40466.exe
2820	Unicorn-11685.exe
2372	Unicorn-31229.exe
1908	Unicorn-44036.exe
1972	Unicorn-8348.exe
760	Unicorn-45105.exe
1280	Unicorn-26076.exe
2444	Unicorn-48442.exe
1428	Unicorn-10123.exe
1644	Unicorn-28598.exe
2288	Unicorn-12816.exe
1752	Unicorn-36766.exe
1568	Unicorn-22930.exe
1388	Unicorn-42796.exe
2476	Unicorn-42796.exe
844	Unicorn-57741.exe
584	Unicorn-20238.exe
476	Unicorn-4456.exe
1940	Unicorn-48224.exe
2024	Unicorn-16106.exe
2736	Unicorn-19444.exe
1524	Unicorn-3107.exe
2484	Unicorn-20574.exe
1224	Unicorn-35095.exe
2304	Unicorn-54124.exe
2420	Unicorn-2977.exe
1808	Unicorn-57653.exe
1672	Unicorn-9007.exe
1544	Unicorn-43263.exe
2496	Unicorn-58208.exe
2180	Unicorn-16621.exe
2188	Unicorn-16621.exe
816	Unicorn-35671.exe

Loads dropped DLL 64 IoCs

Processes:

39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exeUnicorn-35261.exeUnicorn-15499.exeUnicorn-65255.exeWerFault.exeUnicorn-30527.exeUnicorn-44171.exeUnicorn-23751.exeWerFault.exeWerFault.exeUnicorn-30933.exeUnicorn-56205.exeUnicorn-40423.exeUnicorn-36339.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
2888	Unicorn-35261.exe
2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
2888	Unicorn-35261.exe
2592	Unicorn-15499.exe
2592	Unicorn-15499.exe
2888	Unicorn-35261.exe
2684	Unicorn-65255.exe
2684	Unicorn-65255.exe
2888	Unicorn-35261.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
1324	WerFault.exe
2540	Unicorn-30527.exe
2540	Unicorn-30527.exe
2548	Unicorn-44171.exe
2548	Unicorn-44171.exe
2592	Unicorn-15499.exe
2592	Unicorn-15499.exe
1564	Unicorn-23751.exe
2684	Unicorn-65255.exe
1564	Unicorn-23751.exe
2684	Unicorn-65255.exe
2280	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
2280	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
1712	WerFault.exe
2280	WerFault.exe
1712	WerFault.exe
2352	Unicorn-30933.exe
2540	Unicorn-30527.exe
2352	Unicorn-30933.exe
2540	Unicorn-30527.exe
1620	Unicorn-56205.exe
1768	Unicorn-40423.exe
1564	Unicorn-23751.exe
1620	Unicorn-56205.exe
1564	Unicorn-23751.exe
856	Unicorn-36339.exe
1768	Unicorn-40423.exe
856	Unicorn-36339.exe
2548	Unicorn-44171.exe
2548	Unicorn-44171.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1252	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2608	2612	WerFault.exe	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
1324	2888	WerFault.exe	Unicorn-35261.exe
2280	2592	WerFault.exe	Unicorn-15499.exe
1712	2684	WerFault.exe	Unicorn-65255.exe
2316	2540	WerFault.exe	Unicorn-30527.exe
1252	2548	WerFault.exe	Unicorn-44171.exe
1532	1564	WerFault.exe	Unicorn-23751.exe
2480	2352	WerFault.exe	Unicorn-30933.exe
2528	1620	WerFault.exe	Unicorn-56205.exe
2764	856	WerFault.exe	Unicorn-36339.exe
2508	1868	WerFault.exe	Unicorn-52121.exe
2492	1768	WerFault.exe	Unicorn-40423.exe
2192	2652	WerFault.exe	Unicorn-35832.exe
1688	2336	WerFault.exe	Unicorn-40470.exe
2948	696	WerFault.exe	Unicorn-41670.exe
488	2472	WerFault.exe	Unicorn-21804.exe
1064	2920	WerFault.exe	Unicorn-27472.exe
3024	1440	WerFault.exe	Unicorn-36194.exe
1820	2208	WerFault.exe	Unicorn-19112.exe
2404	2372	WerFault.exe	Unicorn-31229.exe
1696	1248	WerFault.exe	Unicorn-47160.exe
1812	1976	WerFault.exe	Unicorn-57466.exe
1740	2788	WerFault.exe	Unicorn-64887.exe
2628	1196	WerFault.exe	Unicorn-46413.exe
2996	2660	WerFault.exe	Unicorn-64259.exe
2880	1144	WerFault.exe	Unicorn-28131.exe
2560	576	WerFault.exe	Unicorn-16241.exe
2644	2744	WerFault.exe	Unicorn-11602.exe
2824	2572	WerFault.exe	Unicorn-7793.exe
2060	1388	WerFault.exe	Unicorn-42796.exe
1484	2444	WerFault.exe	Unicorn-48442.exe
2412	760	WerFault.exe	Unicorn-45105.exe
2388	2820	WerFault.exe	Unicorn-11685.exe
2656	844	WerFault.exe	Unicorn-57741.exe
1800	1428	WerFault.exe	Unicorn-10123.exe
3080	584	WerFault.exe	Unicorn-20238.exe
3144	2736	WerFault.exe	Unicorn-19444.exe
3400	2452	WerFault.exe	Unicorn-40466.exe
3540	1972	WerFault.exe	Unicorn-8348.exe
3620	1908	WerFault.exe	Unicorn-44036.exe
3720	1752	WerFault.exe	Unicorn-36766.exe
3728	1544	WerFault.exe	Unicorn-43263.exe
3744	1280	WerFault.exe	Unicorn-26076.exe
3868	1524	WerFault.exe	Unicorn-3107.exe
3900	1596	WerFault.exe	Unicorn-56527.exe
3916	2112	WerFault.exe	Unicorn-22463.exe
3924	2476	WerFault.exe	Unicorn-42796.exe
3940	2884	WerFault.exe	Unicorn-40745.exe
3948	1568	WerFault.exe	Unicorn-22930.exe
3960	2976	WerFault.exe	Unicorn-7518.exe
4004	2484	WerFault.exe	Unicorn-20574.exe
3076	2024	WerFault.exe	Unicorn-16106.exe
3128	2120	WerFault.exe	Unicorn-58665.exe
3132	1940	WerFault.exe	Unicorn-48224.exe
3152	476	WerFault.exe	Unicorn-4456.exe
3480	1960	WerFault.exe	Unicorn-55240.exe
3752	1672	WerFault.exe	Unicorn-9007.exe
3788	1644	WerFault.exe	Unicorn-28598.exe
3832	2392	WerFault.exe	Unicorn-21821.exe
4012	2304	WerFault.exe	Unicorn-54124.exe
4064	2420	WerFault.exe	Unicorn-2977.exe
4076	2244	WerFault.exe	Unicorn-9028.exe
3184	1404	WerFault.exe	Unicorn-28427.exe
3328	1224	WerFault.exe	Unicorn-35095.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exeUnicorn-35261.exeUnicorn-15499.exeUnicorn-65255.exeUnicorn-44171.exeUnicorn-30527.exeUnicorn-23751.exeUnicorn-30933.exeUnicorn-52121.exeUnicorn-40423.exeUnicorn-36339.exeUnicorn-56205.exeUnicorn-35832.exeUnicorn-40470.exeUnicorn-27472.exeUnicorn-21804.exeUnicorn-36194.exeUnicorn-41670.exeUnicorn-19112.exeUnicorn-28131.exeUnicorn-47160.exeUnicorn-57466.exeUnicorn-64887.exeUnicorn-58665.exeUnicorn-16241.exeUnicorn-7518.exeUnicorn-22463.exeUnicorn-11602.exeUnicorn-46413.exeUnicorn-56527.exeUnicorn-40745.exeUnicorn-7793.exeUnicorn-11685.exeUnicorn-40466.exeUnicorn-44036.exeUnicorn-31229.exeUnicorn-45105.exeUnicorn-26076.exeUnicorn-48442.exeUnicorn-8348.exeUnicorn-10123.exeUnicorn-12816.exeUnicorn-22930.exeUnicorn-36766.exeUnicorn-42796.exeUnicorn-20238.exeUnicorn-57741.exeUnicorn-4456.exeUnicorn-42796.exeUnicorn-28598.exeUnicorn-48224.exeUnicorn-16106.exeUnicorn-19444.exeUnicorn-3107.exeUnicorn-20574.exeUnicorn-35095.exeUnicorn-54124.exeUnicorn-57653.exeUnicorn-2977.exeUnicorn-9007.exeUnicorn-58208.exeUnicorn-43263.exeUnicorn-16621.exeUnicorn-16621.exe

pid	process
2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
2888	Unicorn-35261.exe
2592	Unicorn-15499.exe
2684	Unicorn-65255.exe
2548	Unicorn-44171.exe
2540	Unicorn-30527.exe
1564	Unicorn-23751.exe
2352	Unicorn-30933.exe
1868	Unicorn-52121.exe
1768	Unicorn-40423.exe
856	Unicorn-36339.exe
1620	Unicorn-56205.exe
2652	Unicorn-35832.exe
2336	Unicorn-40470.exe
2920	Unicorn-27472.exe
2472	Unicorn-21804.exe
1440	Unicorn-36194.exe
696	Unicorn-41670.exe
2208	Unicorn-19112.exe
1144	Unicorn-28131.exe
1248	Unicorn-47160.exe
1976	Unicorn-57466.exe
2788	Unicorn-64887.exe
2120	Unicorn-58665.exe
576	Unicorn-16241.exe
2976	Unicorn-7518.exe
2112	Unicorn-22463.exe
2744	Unicorn-11602.exe
1196	Unicorn-46413.exe
1596	Unicorn-56527.exe
2884	Unicorn-40745.exe
2572	Unicorn-7793.exe
2820	Unicorn-11685.exe
2452	Unicorn-40466.exe
1908	Unicorn-44036.exe
2372	Unicorn-31229.exe
760	Unicorn-45105.exe
1280	Unicorn-26076.exe
2444	Unicorn-48442.exe
1972	Unicorn-8348.exe
1428	Unicorn-10123.exe
2288	Unicorn-12816.exe
1568	Unicorn-22930.exe
1752	Unicorn-36766.exe
1388	Unicorn-42796.exe
584	Unicorn-20238.exe
844	Unicorn-57741.exe
476	Unicorn-4456.exe
2476	Unicorn-42796.exe
1644	Unicorn-28598.exe
1940	Unicorn-48224.exe
2024	Unicorn-16106.exe
2736	Unicorn-19444.exe
1524	Unicorn-3107.exe
2484	Unicorn-20574.exe
1224	Unicorn-35095.exe
2304	Unicorn-54124.exe
1808	Unicorn-57653.exe
2420	Unicorn-2977.exe
1672	Unicorn-9007.exe
2496	Unicorn-58208.exe
1544	Unicorn-43263.exe
2180	Unicorn-16621.exe
2188	Unicorn-16621.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exeUnicorn-35261.exeUnicorn-15499.exeUnicorn-65255.exeUnicorn-30527.exeUnicorn-44171.exeUnicorn-23751.exeUnicorn-30933.exe

description	pid	process	target process
PID 2612 wrote to memory of 2888	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-35261.exe
PID 2612 wrote to memory of 2888	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-35261.exe
PID 2612 wrote to memory of 2888	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-35261.exe
PID 2612 wrote to memory of 2888	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-35261.exe
PID 2612 wrote to memory of 2684	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-65255.exe
PID 2612 wrote to memory of 2684	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-65255.exe
PID 2612 wrote to memory of 2684	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-65255.exe
PID 2612 wrote to memory of 2684	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	Unicorn-65255.exe
PID 2888 wrote to memory of 2592	2888	Unicorn-35261.exe	Unicorn-15499.exe
PID 2888 wrote to memory of 2592	2888	Unicorn-35261.exe	Unicorn-15499.exe
PID 2888 wrote to memory of 2592	2888	Unicorn-35261.exe	Unicorn-15499.exe
PID 2888 wrote to memory of 2592	2888	Unicorn-35261.exe	Unicorn-15499.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-15499.exe	Unicorn-44171.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-15499.exe	Unicorn-44171.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-15499.exe	Unicorn-44171.exe
PID 2592 wrote to memory of 2548	2592	Unicorn-15499.exe	Unicorn-44171.exe
PID 2612 wrote to memory of 2608	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	WerFault.exe
PID 2612 wrote to memory of 2608	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	WerFault.exe
PID 2612 wrote to memory of 2608	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	WerFault.exe
PID 2612 wrote to memory of 2608	2612	39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe	WerFault.exe
PID 2684 wrote to memory of 1564	2684	Unicorn-65255.exe	Unicorn-23751.exe
PID 2684 wrote to memory of 1564	2684	Unicorn-65255.exe	Unicorn-23751.exe
PID 2684 wrote to memory of 1564	2684	Unicorn-65255.exe	Unicorn-23751.exe
PID 2684 wrote to memory of 1564	2684	Unicorn-65255.exe	Unicorn-23751.exe
PID 2888 wrote to memory of 2540	2888	Unicorn-35261.exe	Unicorn-30527.exe
PID 2888 wrote to memory of 2540	2888	Unicorn-35261.exe	Unicorn-30527.exe
PID 2888 wrote to memory of 2540	2888	Unicorn-35261.exe	Unicorn-30527.exe
PID 2888 wrote to memory of 2540	2888	Unicorn-35261.exe	Unicorn-30527.exe
PID 2888 wrote to memory of 1324	2888	Unicorn-35261.exe	WerFault.exe
PID 2888 wrote to memory of 1324	2888	Unicorn-35261.exe	WerFault.exe
PID 2888 wrote to memory of 1324	2888	Unicorn-35261.exe	WerFault.exe
PID 2888 wrote to memory of 1324	2888	Unicorn-35261.exe	WerFault.exe
PID 2540 wrote to memory of 2352	2540	Unicorn-30527.exe	Unicorn-30933.exe
PID 2540 wrote to memory of 2352	2540	Unicorn-30527.exe	Unicorn-30933.exe
PID 2540 wrote to memory of 2352	2540	Unicorn-30527.exe	Unicorn-30933.exe
PID 2540 wrote to memory of 2352	2540	Unicorn-30527.exe	Unicorn-30933.exe
PID 2548 wrote to memory of 1868	2548	Unicorn-44171.exe	Unicorn-52121.exe
PID 2548 wrote to memory of 1868	2548	Unicorn-44171.exe	Unicorn-52121.exe
PID 2548 wrote to memory of 1868	2548	Unicorn-44171.exe	Unicorn-52121.exe
PID 2548 wrote to memory of 1868	2548	Unicorn-44171.exe	Unicorn-52121.exe
PID 2592 wrote to memory of 856	2592	Unicorn-15499.exe	Unicorn-36339.exe
PID 2592 wrote to memory of 856	2592	Unicorn-15499.exe	Unicorn-36339.exe
PID 2592 wrote to memory of 856	2592	Unicorn-15499.exe	Unicorn-36339.exe
PID 2592 wrote to memory of 856	2592	Unicorn-15499.exe	Unicorn-36339.exe
PID 1564 wrote to memory of 1620	1564	Unicorn-23751.exe	Unicorn-56205.exe
PID 1564 wrote to memory of 1620	1564	Unicorn-23751.exe	Unicorn-56205.exe
PID 1564 wrote to memory of 1620	1564	Unicorn-23751.exe	Unicorn-56205.exe
PID 1564 wrote to memory of 1620	1564	Unicorn-23751.exe	Unicorn-56205.exe
PID 2684 wrote to memory of 1768	2684	Unicorn-65255.exe	Unicorn-40423.exe
PID 2684 wrote to memory of 1768	2684	Unicorn-65255.exe	Unicorn-40423.exe
PID 2684 wrote to memory of 1768	2684	Unicorn-65255.exe	Unicorn-40423.exe
PID 2684 wrote to memory of 1768	2684	Unicorn-65255.exe	Unicorn-40423.exe
PID 2592 wrote to memory of 2280	2592	Unicorn-15499.exe	WerFault.exe
PID 2592 wrote to memory of 2280	2592	Unicorn-15499.exe	WerFault.exe
PID 2592 wrote to memory of 2280	2592	Unicorn-15499.exe	WerFault.exe
PID 2592 wrote to memory of 2280	2592	Unicorn-15499.exe	WerFault.exe
PID 2684 wrote to memory of 1712	2684	Unicorn-65255.exe	WerFault.exe
PID 2684 wrote to memory of 1712	2684	Unicorn-65255.exe	WerFault.exe
PID 2684 wrote to memory of 1712	2684	Unicorn-65255.exe	WerFault.exe
PID 2684 wrote to memory of 1712	2684	Unicorn-65255.exe	WerFault.exe
PID 2352 wrote to memory of 2652	2352	Unicorn-30933.exe	Unicorn-35832.exe
PID 2352 wrote to memory of 2652	2352	Unicorn-30933.exe	Unicorn-35832.exe
PID 2352 wrote to memory of 2652	2352	Unicorn-30933.exe	Unicorn-35832.exe
PID 2352 wrote to memory of 2652	2352	Unicorn-30933.exe	Unicorn-35832.exe

C:\Users\Admin\AppData\Local\Temp\39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe
"C:\Users\Admin\AppData\Local\Temp\39836605f42455d6456a1a6b1a6ba21ca0c2efe43d2458124cd58fa714e94379.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7793.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3107.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11322.exe
9⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42573.exe
10⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
11⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17862.exe
12⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23233.exe
13⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
14⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
13⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
12⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
11⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
10⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
9⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26267.exe
8⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51452.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64467.exe
10⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
11⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65256.exe
12⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
13⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
13⤵
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
11⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
10⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
9⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
8⤵
- Program crash
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20574.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32319.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10954.exe
11⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43845.exe
12⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56157.exe
13⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
12⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
11⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
10⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
9⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
8⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
7⤵
- Program crash
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
6⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11602.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20238.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
9⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56387.exe
10⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
11⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5718.exe
12⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59714.exe
13⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 240
14⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 236
13⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
12⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
11⤵
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
10⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
9⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2230.exe
8⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33253.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-544.exe
11⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54120.exe
12⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4753.exe
13⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
13⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
11⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
9⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
8⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58208.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40570.exe
8⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61649.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29465.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
11⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
12⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
13⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
13⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 236
12⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
11⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
10⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52090.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31878.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19019.exe
10⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
11⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12537.exe
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
12⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
11⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
9⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
7⤵
- Program crash
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4456.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:476

C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40944.exe
9⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42750.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45599.exe
11⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33023.exe
12⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
11⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
8⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 236
7⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
6⤵
- Program crash
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41670.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26076.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6890.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13408.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
10⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6356.exe
11⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16352.exe
12⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
13⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 236
13⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
12⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
11⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
9⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1415.exe
7⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38188.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12350.exe
11⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35846.exe
12⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 236
11⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
8⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
7⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9028.exe
7⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35116.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34530.exe
11⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
12⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
12⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 236
11⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
9⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
8⤵
- Program crash
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
7⤵
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
6⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48442.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57653.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22864.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
10⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29485.exe
12⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12955.exe
13⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
13⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
12⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
11⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47923.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57560.exe
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-160.exe
10⤵
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
11⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 236
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
7⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38515.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36917.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 240
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
10⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
8⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
7⤵
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9007.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36787.exe
7⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52770.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55578.exe
10⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8505.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59494.exe
12⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 236
11⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 236
10⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
8⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
7⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
6⤵
- Program crash
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
5⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28131.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
8⤵
- Program crash
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2977.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41146.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15458.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
11⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
12⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27997.exe
13⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
13⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
12⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
11⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
10⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13590.exe
10⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30446.exe
11⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10399.exe
12⤵
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
12⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
11⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
8⤵
- Program crash
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
7⤵
- Program crash
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56849.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33684.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47055.exe
12⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 236
12⤵
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
8⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
7⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
6⤵
- Program crash
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57466.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40466.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28427.exe
8⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59812.exe
9⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9620.exe
10⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
11⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-60980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60980.exe
12⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60176.exe
13⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
13⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 236
12⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
10⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 236
9⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50061.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32065.exe
10⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33954.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 236
11⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
9⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 220
8⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14482.exe
7⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16118.exe
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62272.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3715.exe
11⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
12⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 236
12⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
8⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
7⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54124.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21821.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55344.exe
8⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40809.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55744.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36056.exe
12⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
12⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
11⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
8⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12728.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47363.exe
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30119.exe
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2158.exe
10⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 236
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 236
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
7⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
6⤵
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
5⤵
- Program crash
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64887.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11685.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48224.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64830.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62085.exe
10⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
12⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
13⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
12⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
11⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
10⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
9⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
8⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
7⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14586.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44130.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
10⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21147.exe
11⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51850.exe
12⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
12⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
9⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
8⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
7⤵
- Program crash
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16106.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44187.exe
7⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44026.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51395.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52781.exe
10⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28796.exe
11⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47138.exe
12⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
12⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 216
8⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
7⤵
- Program crash
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
6⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44036.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19444.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33881.exe
7⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
8⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 220
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
8⤵
PID:3780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52910.exe
6⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15739.exe
7⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65209.exe
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
9⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30550.exe
10⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9997.exe
11⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 236
10⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
8⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
7⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
6⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
5⤵
- Program crash
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7518.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35671.exe
8⤵
- Executes dropped EXE
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30591.exe
10⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25755.exe
11⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28412.exe
12⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
13⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
13⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 236
12⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
11⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 216
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
8⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26111.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14446.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45635.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-29974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29974.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
12⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 236
12⤵
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
10⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
8⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22930.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
7⤵
PID:2660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 188
8⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
6⤵
- Program crash
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22463.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34815.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46631.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54659.exe
10⤵
PID:6212

C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50119.exe
11⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38612.exe
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
12⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6212 -s 236
11⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
10⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
9⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
8⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
7⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42447.exe
6⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61924.exe
7⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 220
8⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
7⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
6⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
5⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21804.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46413.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-30596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30596.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41665.exe
10⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44888.exe
11⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
12⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48721.exe
13⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
12⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 236
11⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 236
9⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
8⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 216
7⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
6⤵
- Program crash
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57741.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25365.exe
6⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20425.exe
7⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
8⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30311.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
10⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
11⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 236
11⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
9⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
8⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
6⤵
- Program crash
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
5⤵
- Program crash
PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19112.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56527.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28598.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
7⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8769.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9999.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 236
11⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 236
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 236
8⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
7⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21835.exe
6⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23030.exe
7⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29413.exe
8⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
9⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32963.exe
10⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49359.exe
11⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 236
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
8⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
7⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
6⤵
- Program crash
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12816.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
5⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42796.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45977.exe
6⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7269.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43035.exe
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2848.exe
9⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15.exe
10⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 244
11⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
10⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
9⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
7⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
6⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe
5⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21852.exe
6⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63839.exe
7⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62895.exe
8⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
9⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13723.exe
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 236
10⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 236
9⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
8⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
7⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 216
6⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
5⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
4⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
2⤵
- Program crash
PID:2608

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-23751.exe

Filesize
184KB

MD5
3760f546fa35db29ad8dd8bb91becdfc

SHA1
1fbdb7fe799de4a9594853681fe73ca11c862b0d

SHA256
5246bc6f6db4a52e0a867a2d47fc26bd4a19b29616ff3a3878e6456d97ee4348

SHA512
785dcc6465d9bb4bde1540919f23acdded9f8e0123262487157b7fd61ae74bc6651d360d10f22311306c4c253980350c3df29716f6939468bdee7b563dc5c752

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36766.exe

Filesize
184KB

MD5
2123cbf5c36dda5fd8efeb91afa7fe8e

SHA1
97d502174892eefbf62e626672c71fd72c8b8c66

SHA256
7ce842e0b2d8eda78dae1e179bf3eb3c65bf5a194abe5c4503eb23979554bfe3

SHA512
bc13b7ac27c2bc30c275a011e61efaeb42ec93ac8127301c8bb8e4a6bb9d5a78ad60c15f5b75570580e4f6656aed1ef833b365011d59ed52ff4b842a6fefc941

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40309.exe

Filesize
184KB

MD5
52deaec6fba8bf01be33eeac0847cdb6

SHA1
389f5d45ddde2a5e59576c0173dcc8322ec8558f

SHA256
e060a93a2a4f2e51c43a83ce311be1c314894e96d76b6001e560fa553f2e7810

SHA512
8418894012d51645d2cafb0f2e027f9ab7085e8c3b551c5584fd399315d05c7d949e0888a401dc2e65a3f5828656965b8e625b87b23c9070d4493d3f7ab2faf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40423.exe

Filesize
184KB

MD5
afc89f13a907f2db551315b798f0f743

SHA1
648731de0aa1cf8a56c9bd5ac9072f29a0344060

SHA256
9129dc27c19a3ff5403e07d2797aef757a4e72c9a747bce0432d5ce38fbf01b0

SHA512
1dd1a4a99ea2f27316a33ec1a6f2a605958dd4edbf5d4d47ebb62c262915273af4072b95763e8ba8559b548157266db5bf45c0d26a0ba0d449177cec3c309a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40470.exe

Filesize
184KB

MD5
07fc99ac6ef01d2686b2386f2336594c

SHA1
85ce4834fe1a3dbf2a58566126d0eec2e3d21aa4

SHA256
be186fee21bd2663db40b32062aa93d3130bfb58a0399246ca4f4eaed2f0c91e

SHA512
b5c80786a3e3a1f52518285de0a0a4590ddf8c4a5027110c75d0a5f3790cec0810b5ad0ba12096d3ee827c86d914ebb2fad8b8cb12d415603b40bbc91784ac18

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe

Filesize
184KB

MD5
ada14083845f0c02cceaba23890483a9

SHA1
832293c49766798463782133e8e2dea5103e141f

SHA256
859108e2f6e0c3f912a66e1d086ed87835b9448f3b1de50c228954ef3e92dc4e

SHA512
6d95d9dc43824603224c9c3f6995f3eb8045a62011c8fe657a0b540e78431b70ceae058e234e25e15643c2a7ba2d1cbf5c8c720d16c5e3e5e5b16e7ca6b63ee2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65255.exe

Filesize
184KB

MD5
b8c87d4cd80128721ec71fbe4efdacb3

SHA1
c76812c3f7d4040a84d3cf947bf614d27311d38a

SHA256
58b2d05281100174e311a83e778b0c3b830f21ec154e30e3a3cde77aa3f26f5f

SHA512
d01dc5805b32622c1611629b2804282103b7477f3860226dd40371c913bc626e8d64b9af861f09017ba900476b68afb83d649da7bd63408425e03065518ce3cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15499.exe

Filesize
184KB

MD5
55880cf3fdf26436704727c32271ff76

SHA1
5828eda3b736e3359032747307cb1af8225f1ca1

SHA256
c54047017b97c2bf697c9dd6a73d9b384ef4d8f967c404292cc30108260709af

SHA512
a72aef4bfe6fd1e188b0e585c947d8ef306351a7e9cf6fd098a25a1d8d537a0a8d13d5497c56a6f1d7813ece21fb2500c4a91ccacb56ba78789188b2cf8926b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30527.exe

Filesize
184KB

MD5
2ff9b63d7c767bb4da909345eb3c2cad

SHA1
fc9f026ec9ea8e484329e78cb0e17b418be6190c

SHA256
4ebfcc215ccbeda86cabc76d65889e528623809dfe039d5e6083e864e8f997bf

SHA512
dc611717f2beb4b68957f6b8060831a995c28da672724d6170ac619761b6a1178a9e1a8446fee036880f0cbe7b53c566806548c78b2cac7ae0795cfb1e664573

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30933.exe

Filesize
184KB

MD5
13890ca56acd44f6102717cf86b27146

SHA1
1441ae60a40c363e2060976799701642e12fd4d9

SHA256
21a535acebf1a8d5cc14d4d07bb8aab96b85dafdc9dff4a381410007fbc79b7a

SHA512
fe5fe5104255d9d8465275f7aa17d65ec961a954d37dba603f118c2d66da8440472cd67405484d145ce8d8e82f496eb43fc5192bdb95b328cf5d90cbf4dcb965

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35261.exe

Filesize
184KB

MD5
209f8c59891c5c8be8ca27babba4357f

SHA1
e6b0f99068eb5b3369976ddf9e110d79c3f06cf1

SHA256
d3182871dcacc48e42b3bb2fa3ea25078417cecf28df8f437e30bd2eb60b9be1

SHA512
11c22c82dbfe7cb10c4f358fa7d12fb7270661e7bce2c0da67f097cb6e54619fb48d0f9c270de9da8aa2830bf99f5b780da43782a0a44e25efb3efa3fab369c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35832.exe

Filesize
184KB

MD5
c1b81625a520a3f0aa4b92c4ca2663b7

SHA1
6d1879a9fd9f52fb681cf81940269c221a998919

SHA256
2e392b2e5a81c5d4b0a0f71433205b24fc533417a274d331afa81889d80b5d1f

SHA512
f23ee1e6919c4f3f348640c908382493c89c22571cce7684663576d314cd60b20670162fc8aff99ac3d8da44ce38ea76bcae31bfb3b57fc8b709874feea1941a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36339.exe

Filesize
184KB

MD5
34410651871d02401509e7eab2a8e565

SHA1
d2eda5230ffc6276adf5857c211a447a01e23ab9

SHA256
ab64c758a398b1f819063934c15c259da712f436a2aee4f119c4b464617605dd

SHA512
0178372fc05ac3a1f04efc8f8019e9e889ef36bf6b0dcd33dd4d3f7b98cbd98c1ab574cef01b0e00a3e5d9974f9b2c7f1391b7c3b69966418d3a6b083a12e342

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44171.exe

Filesize
184KB

MD5
ab285d9f9aca850b1d7365038fd9c267

SHA1
7089642dda44de8220725ab68e52bd9b206cd6a1

SHA256
b4187f4d67cc68557591bbb5a9d2785c72f1922d86d5e23c9ce7cb7a97c8e542

SHA512
5167b06fd1165d6f039ba2276c7869ff0b0d2b430a0bff6a4a2cc39af91b5bd225820a4811a228d0705c318705f4dc67af0ebcc3f94cb95a35f355942a5400e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52121.exe

Filesize
184KB

MD5
b150747183caea831b120c875b46094c

SHA1
ffd2a9cb25756599ca7a3999c56db62fe9d728b7

SHA256
435d84411423bbeae1c87bf61c48bc2795cfbe9e52373857cade7975badb571e

SHA512
cf0938c8084e8699f577fa1e4286de49f6f5b1617c70993aa951acab0d28e3bc13285ec11890e4f19abc83891ee06684b3be7c274cbddc4775f19593f7bcb6e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56205.exe

Filesize
184KB

MD5
f7d53b1e4fb2db23149fdbdaaf67a552

SHA1
b624b941d5801f4b3adc0aeaeaca1641a0dd4d9a

SHA256
70f25907958f525b8b6b0e616a5c05b19090d7d835ac2f836a4c016e158634d0

SHA512
834f79f8438f86e86c53567375ab36c14ce5ea5a30f30c20d30367f50c837e4e4cbffe5bc69b07f91088126b4649e563b67518975cef475bb51fcd9c32b81d9a

Download Submit