94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a

Analysis

max time kernel
116s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
Size

184KB
MD5

1ba456a81fc93a951997d3563d129fd8
SHA1

ad044448f3c3a3e9a0229e9d7d1ad4112daa9e05
SHA256

94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a
SHA512

400ec6fb5de6cab80b92af03bf428154bd778d0eefad0c2169d3cfc12788a379bd9a4453996cace8062504c6d9bd3dda2981d35ea891d6edb1f3d3b295d5e13f
SSDEEP

3072:l5iuEQolNpatdpjYeSYWpx+KID4bOpLQPHUnf5EGADXhlnVOFM:l5fo07pjvWP+KIy/VThlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-1469.exeUnicorn-46958.exeUnicorn-49755.exeUnicorn-3604.exeUnicorn-38092.exeUnicorn-57958.exeUnicorn-57113.exeUnicorn-62157.exeUnicorn-25078.exeUnicorn-27155.exeUnicorn-7289.exeUnicorn-27828.exeUnicorn-54174.exeUnicorn-26868.exeUnicorn-22120.exeUnicorn-64859.exeUnicorn-36401.exeUnicorn-34289.exeUnicorn-44958.exeUnicorn-38252.exeUnicorn-35730.exeUnicorn-22034.exeUnicorn-24111.exeUnicorn-22994.exeUnicorn-25071.exeUnicorn-40364.exeUnicorn-37842.exeUnicorn-2709.exeUnicorn-41324.exeUnicorn-21458.exeUnicorn-10405.exeUnicorn-3669.exeUnicorn-8146.exeUnicorn-18815.exeUnicorn-3678.exeUnicorn-49350.exeUnicorn-57046.exeUnicorn-24976.exeUnicorn-32973.exeUnicorn-64939.exeUnicorn-2002.exeUnicorn-33968.exeUnicorn-37581.exeUnicorn-4010.exeUnicorn-4550.exeUnicorn-4550.exeUnicorn-52298.exeUnicorn-32432.exeUnicorn-36045.exeUnicorn-22340.exeUnicorn-45194.exeUnicorn-42541.exeUnicorn-7539.exeUnicorn-38010.exeUnicorn-19104.exeUnicorn-48887.exeUnicorn-48311.exeUnicorn-43931.exeUnicorn-28794.exeUnicorn-15280.exeUnicorn-44507.exeUnicorn-26909.exeUnicorn-64372.exeUnicorn-51959.exe

pid	process
1992	Unicorn-1469.exe
3064	Unicorn-46958.exe
2588	Unicorn-49755.exe
2092	Unicorn-3604.exe
2608	Unicorn-38092.exe
2560	Unicorn-57958.exe
1648	Unicorn-57113.exe
2932	Unicorn-62157.exe
2972	Unicorn-25078.exe
2196	Unicorn-27155.exe
1488	Unicorn-7289.exe
1412	Unicorn-27828.exe
1108	Unicorn-54174.exe
1184	Unicorn-26868.exe
1252	Unicorn-22120.exe
2100	Unicorn-64859.exe
772	Unicorn-36401.exe
952	Unicorn-34289.exe
584	Unicorn-44958.exe
2276	Unicorn-38252.exe
1784	Unicorn-35730.exe
1828	Unicorn-22034.exe
924	Unicorn-24111.exe
2220	Unicorn-22994.exe
1740	Unicorn-25071.exe
2888	Unicorn-40364.exe
352	Unicorn-37842.exe
2404	Unicorn-2709.exe
876	Unicorn-41324.exe
864	Unicorn-21458.exe
1696	Unicorn-10405.exe
1684	Unicorn-3669.exe
2640	Unicorn-8146.exe
2408	Unicorn-18815.exe
2456	Unicorn-3678.exe
2476	Unicorn-49350.exe
2364	Unicorn-57046.exe
2920	Unicorn-24976.exe
2648	Unicorn-32973.exe
2756	Unicorn-64939.exe
2780	Unicorn-2002.exe
2748	Unicorn-33968.exe
2432	Unicorn-37581.exe
860	Unicorn-4010.exe
868	Unicorn-4550.exe
844	Unicorn-4550.exe
1296	Unicorn-52298.exe
2072	Unicorn-32432.exe
2104	Unicorn-36045.exe
2424	Unicorn-22340.exe
2876	Unicorn-45194.exe
336	Unicorn-42541.exe
632	Unicorn-7539.exe
320	Unicorn-38010.exe
1580	Unicorn-19104.exe
1704	Unicorn-48887.exe
1568	Unicorn-48311.exe
2180	Unicorn-43931.exe
1948	Unicorn-28794.exe
2044	Unicorn-15280.exe
2716	Unicorn-44507.exe
2736	Unicorn-26909.exe
2488	Unicorn-64372.exe
2616	Unicorn-51959.exe

Loads dropped DLL 64 IoCs

Processes:

94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exeUnicorn-1469.exeUnicorn-46958.exeUnicorn-49755.exeWerFault.exeUnicorn-3604.exeUnicorn-57958.exeUnicorn-38092.exeWerFault.exeWerFault.exeUnicorn-57113.exeUnicorn-25078.exeUnicorn-27155.exeUnicorn-7289.exeUnicorn-62157.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
1992	Unicorn-1469.exe
1992	Unicorn-1469.exe
1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
3064	Unicorn-46958.exe
1992	Unicorn-1469.exe
3064	Unicorn-46958.exe
1992	Unicorn-1469.exe
2588	Unicorn-49755.exe
2588	Unicorn-49755.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2496	WerFault.exe
2092	Unicorn-3604.exe
2092	Unicorn-3604.exe
2560	Unicorn-57958.exe
2560	Unicorn-57958.exe
3064	Unicorn-46958.exe
3064	Unicorn-46958.exe
2588	Unicorn-49755.exe
2608	Unicorn-38092.exe
2608	Unicorn-38092.exe
2588	Unicorn-49755.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
1928	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
2632	WerFault.exe
1928	WerFault.exe
2632	WerFault.exe
1648	Unicorn-57113.exe
1648	Unicorn-57113.exe
2092	Unicorn-3604.exe
2092	Unicorn-3604.exe
2972	Unicorn-25078.exe
2972	Unicorn-25078.exe
2196	Unicorn-27155.exe
2196	Unicorn-27155.exe
2608	Unicorn-38092.exe
2608	Unicorn-38092.exe
1488	Unicorn-7289.exe
1488	Unicorn-7289.exe
2932	Unicorn-62157.exe
2932	Unicorn-62157.exe
2560	Unicorn-57958.exe
2560	Unicorn-57958.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1120	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2660	1652	WerFault.exe	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
2496	1992	WerFault.exe	Unicorn-1469.exe
1928	3064	WerFault.exe	Unicorn-46958.exe
2632	2588	WerFault.exe	Unicorn-49755.exe
1496	2092	WerFault.exe	Unicorn-3604.exe
1156	2560	WerFault.exe	Unicorn-57958.exe
1120	2608	WerFault.exe	Unicorn-38092.exe
2084	1648	WerFault.exe	Unicorn-57113.exe
2292	2972	WerFault.exe	Unicorn-25078.exe
2664	2196	WerFault.exe	Unicorn-27155.exe
2684	1488	WerFault.exe	Unicorn-7289.exe
2656	2932	WerFault.exe	Unicorn-62157.exe
696	1108	WerFault.exe	Unicorn-54174.exe
1624	1412	WerFault.exe	Unicorn-27828.exe
1344	1184	WerFault.exe	Unicorn-26868.exe
1524	2100	WerFault.exe	Unicorn-64859.exe
304	1252	WerFault.exe	Unicorn-22120.exe
2872	952	WerFault.exe	Unicorn-34289.exe
1072	584	WerFault.exe	Unicorn-44958.exe
1796	772	WerFault.exe	Unicorn-36401.exe
2772	2276	WerFault.exe	Unicorn-38252.exe
2980	1828	WerFault.exe	Unicorn-22034.exe
1484	2220	WerFault.exe	Unicorn-22994.exe
2776	1740	WerFault.exe	Unicorn-25071.exe
1188	924	WerFault.exe	Unicorn-24111.exe
2644	2888	WerFault.exe	Unicorn-40364.exe
2628	1684	WerFault.exe	Unicorn-3669.exe
1920	352	WerFault.exe	Unicorn-37842.exe
1028	2404	WerFault.exe	Unicorn-2709.exe
1868	864	WerFault.exe	Unicorn-21458.exe
2924	876	WerFault.exe	Unicorn-41324.exe
1336	1696	WerFault.exe	Unicorn-10405.exe
3412	2640	WerFault.exe	Unicorn-8146.exe
3444	2408	WerFault.exe	Unicorn-18815.exe
3520	2920	WerFault.exe	Unicorn-24976.exe
3532	2648	WerFault.exe	Unicorn-32973.exe
3876	632	WerFault.exe	Unicorn-7539.exe
4060	336	WerFault.exe	Unicorn-42541.exe
3212	2780	WerFault.exe	Unicorn-2002.exe
3868	2424	WerFault.exe	Unicorn-22340.exe
3916	2876	WerFault.exe	Unicorn-45194.exe
3940	2748	WerFault.exe	Unicorn-33968.exe
4048	2072	WerFault.exe	Unicorn-32432.exe
4076	2104	WerFault.exe	Unicorn-36045.exe
2056	868	WerFault.exe	Unicorn-4550.exe
3160	1296	WerFault.exe	Unicorn-52298.exe
3192	1644	WerFault.exe	Unicorn-63272.exe
3208	3032	WerFault.exe	Unicorn-58150.exe
3284	844	WerFault.exe	Unicorn-4550.exe
3336	2456	WerFault.exe	Unicorn-3678.exe
3392	1568	WerFault.exe	Unicorn-48311.exe
3408	1704	WerFault.exe	Unicorn-48887.exe
3460	2432	WerFault.exe	Unicorn-37581.exe
3504	1752	WerFault.exe	Unicorn-11746.exe
3560	2296	WerFault.exe	Unicorn-8612.exe
3612	2716	WerFault.exe	Unicorn-44507.exe
3672	2068	WerFault.exe	Unicorn-14984.exe
3816	1580	WerFault.exe	Unicorn-19104.exe
3764	2488	WerFault.exe	Unicorn-64372.exe
3848	776	WerFault.exe	Unicorn-34921.exe
3872	1564	WerFault.exe	Unicorn-65455.exe
3548	2668	WerFault.exe	Unicorn-13519.exe
3712	2480	WerFault.exe	Unicorn-15403.exe
3788	1820	WerFault.exe	Unicorn-14590.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exeUnicorn-1469.exeUnicorn-46958.exeUnicorn-49755.exeUnicorn-3604.exeUnicorn-38092.exeUnicorn-57958.exeUnicorn-57113.exeUnicorn-25078.exeUnicorn-27155.exeUnicorn-62157.exeUnicorn-7289.exeUnicorn-27828.exeUnicorn-54174.exeUnicorn-26868.exeUnicorn-22120.exeUnicorn-64859.exeUnicorn-36401.exeUnicorn-34289.exeUnicorn-44958.exeUnicorn-38252.exeUnicorn-35730.exeUnicorn-22034.exeUnicorn-22994.exeUnicorn-25071.exeUnicorn-24111.exeUnicorn-40364.exeUnicorn-37842.exeUnicorn-2709.exeUnicorn-41324.exeUnicorn-3669.exeUnicorn-21458.exeUnicorn-10405.exeUnicorn-8146.exeUnicorn-18815.exeUnicorn-3678.exeUnicorn-49350.exeUnicorn-57046.exeUnicorn-24976.exeUnicorn-32973.exeUnicorn-64939.exeUnicorn-2002.exeUnicorn-33968.exeUnicorn-37581.exeUnicorn-4010.exeUnicorn-4550.exeUnicorn-4550.exeUnicorn-32432.exeUnicorn-52298.exeUnicorn-36045.exeUnicorn-22340.exeUnicorn-45194.exeUnicorn-42541.exeUnicorn-7539.exeUnicorn-38010.exeUnicorn-19104.exeUnicorn-48887.exeUnicorn-43931.exeUnicorn-48311.exeUnicorn-28794.exeUnicorn-15280.exeUnicorn-44507.exeUnicorn-64372.exeUnicorn-26909.exe

pid	process
1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
1992	Unicorn-1469.exe
3064	Unicorn-46958.exe
2588	Unicorn-49755.exe
2092	Unicorn-3604.exe
2608	Unicorn-38092.exe
2560	Unicorn-57958.exe
1648	Unicorn-57113.exe
2972	Unicorn-25078.exe
2196	Unicorn-27155.exe
2932	Unicorn-62157.exe
1488	Unicorn-7289.exe
1412	Unicorn-27828.exe
1108	Unicorn-54174.exe
1184	Unicorn-26868.exe
1252	Unicorn-22120.exe
2100	Unicorn-64859.exe
772	Unicorn-36401.exe
952	Unicorn-34289.exe
584	Unicorn-44958.exe
2276	Unicorn-38252.exe
1784	Unicorn-35730.exe
1828	Unicorn-22034.exe
2220	Unicorn-22994.exe
1740	Unicorn-25071.exe
924	Unicorn-24111.exe
2888	Unicorn-40364.exe
352	Unicorn-37842.exe
2404	Unicorn-2709.exe
876	Unicorn-41324.exe
1684	Unicorn-3669.exe
864	Unicorn-21458.exe
1696	Unicorn-10405.exe
2640	Unicorn-8146.exe
2408	Unicorn-18815.exe
2456	Unicorn-3678.exe
2476	Unicorn-49350.exe
2364	Unicorn-57046.exe
2920	Unicorn-24976.exe
2648	Unicorn-32973.exe
2756	Unicorn-64939.exe
2780	Unicorn-2002.exe
2748	Unicorn-33968.exe
2432	Unicorn-37581.exe
860	Unicorn-4010.exe
844	Unicorn-4550.exe
868	Unicorn-4550.exe
2072	Unicorn-32432.exe
1296	Unicorn-52298.exe
2104	Unicorn-36045.exe
2424	Unicorn-22340.exe
2876	Unicorn-45194.exe
336	Unicorn-42541.exe
632	Unicorn-7539.exe
320	Unicorn-38010.exe
1580	Unicorn-19104.exe
1704	Unicorn-48887.exe
2180	Unicorn-43931.exe
1568	Unicorn-48311.exe
1948	Unicorn-28794.exe
2044	Unicorn-15280.exe
2716	Unicorn-44507.exe
2488	Unicorn-64372.exe
2736	Unicorn-26909.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exeUnicorn-1469.exeUnicorn-46958.exeUnicorn-49755.exeUnicorn-3604.exeUnicorn-57958.exeUnicorn-38092.exeUnicorn-57113.exe

description	pid	process	target process
PID 1652 wrote to memory of 1992	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-1469.exe
PID 1652 wrote to memory of 1992	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-1469.exe
PID 1652 wrote to memory of 1992	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-1469.exe
PID 1652 wrote to memory of 1992	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-1469.exe
PID 1992 wrote to memory of 3064	1992	Unicorn-1469.exe	Unicorn-46958.exe
PID 1992 wrote to memory of 3064	1992	Unicorn-1469.exe	Unicorn-46958.exe
PID 1992 wrote to memory of 3064	1992	Unicorn-1469.exe	Unicorn-46958.exe
PID 1992 wrote to memory of 3064	1992	Unicorn-1469.exe	Unicorn-46958.exe
PID 1652 wrote to memory of 2588	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-49755.exe
PID 1652 wrote to memory of 2588	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-49755.exe
PID 1652 wrote to memory of 2588	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-49755.exe
PID 1652 wrote to memory of 2588	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	Unicorn-49755.exe
PID 1652 wrote to memory of 2660	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	WerFault.exe
PID 1652 wrote to memory of 2660	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	WerFault.exe
PID 1652 wrote to memory of 2660	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	WerFault.exe
PID 1652 wrote to memory of 2660	1652	94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe	WerFault.exe
PID 3064 wrote to memory of 2092	3064	Unicorn-46958.exe	Unicorn-3604.exe
PID 3064 wrote to memory of 2092	3064	Unicorn-46958.exe	Unicorn-3604.exe
PID 3064 wrote to memory of 2092	3064	Unicorn-46958.exe	Unicorn-3604.exe
PID 3064 wrote to memory of 2092	3064	Unicorn-46958.exe	Unicorn-3604.exe
PID 1992 wrote to memory of 2608	1992	Unicorn-1469.exe	Unicorn-38092.exe
PID 1992 wrote to memory of 2608	1992	Unicorn-1469.exe	Unicorn-38092.exe
PID 1992 wrote to memory of 2608	1992	Unicorn-1469.exe	Unicorn-38092.exe
PID 1992 wrote to memory of 2608	1992	Unicorn-1469.exe	Unicorn-38092.exe
PID 2588 wrote to memory of 2560	2588	Unicorn-49755.exe	Unicorn-57958.exe
PID 2588 wrote to memory of 2560	2588	Unicorn-49755.exe	Unicorn-57958.exe
PID 2588 wrote to memory of 2560	2588	Unicorn-49755.exe	Unicorn-57958.exe
PID 2588 wrote to memory of 2560	2588	Unicorn-49755.exe	Unicorn-57958.exe
PID 1992 wrote to memory of 2496	1992	Unicorn-1469.exe	WerFault.exe
PID 1992 wrote to memory of 2496	1992	Unicorn-1469.exe	WerFault.exe
PID 1992 wrote to memory of 2496	1992	Unicorn-1469.exe	WerFault.exe
PID 1992 wrote to memory of 2496	1992	Unicorn-1469.exe	WerFault.exe
PID 2092 wrote to memory of 1648	2092	Unicorn-3604.exe	Unicorn-57113.exe
PID 2092 wrote to memory of 1648	2092	Unicorn-3604.exe	Unicorn-57113.exe
PID 2092 wrote to memory of 1648	2092	Unicorn-3604.exe	Unicorn-57113.exe
PID 2092 wrote to memory of 1648	2092	Unicorn-3604.exe	Unicorn-57113.exe
PID 2560 wrote to memory of 2932	2560	Unicorn-57958.exe	Unicorn-62157.exe
PID 2560 wrote to memory of 2932	2560	Unicorn-57958.exe	Unicorn-62157.exe
PID 2560 wrote to memory of 2932	2560	Unicorn-57958.exe	Unicorn-62157.exe
PID 2560 wrote to memory of 2932	2560	Unicorn-57958.exe	Unicorn-62157.exe
PID 3064 wrote to memory of 2972	3064	Unicorn-46958.exe	Unicorn-25078.exe
PID 3064 wrote to memory of 2972	3064	Unicorn-46958.exe	Unicorn-25078.exe
PID 3064 wrote to memory of 2972	3064	Unicorn-46958.exe	Unicorn-25078.exe
PID 3064 wrote to memory of 2972	3064	Unicorn-46958.exe	Unicorn-25078.exe
PID 2608 wrote to memory of 2196	2608	Unicorn-38092.exe	Unicorn-27155.exe
PID 2608 wrote to memory of 2196	2608	Unicorn-38092.exe	Unicorn-27155.exe
PID 2608 wrote to memory of 2196	2608	Unicorn-38092.exe	Unicorn-27155.exe
PID 2608 wrote to memory of 2196	2608	Unicorn-38092.exe	Unicorn-27155.exe
PID 2588 wrote to memory of 1488	2588	Unicorn-49755.exe	Unicorn-7289.exe
PID 2588 wrote to memory of 1488	2588	Unicorn-49755.exe	Unicorn-7289.exe
PID 2588 wrote to memory of 1488	2588	Unicorn-49755.exe	Unicorn-7289.exe
PID 2588 wrote to memory of 1488	2588	Unicorn-49755.exe	Unicorn-7289.exe
PID 3064 wrote to memory of 1928	3064	Unicorn-46958.exe	WerFault.exe
PID 3064 wrote to memory of 1928	3064	Unicorn-46958.exe	WerFault.exe
PID 3064 wrote to memory of 1928	3064	Unicorn-46958.exe	WerFault.exe
PID 3064 wrote to memory of 1928	3064	Unicorn-46958.exe	WerFault.exe
PID 2588 wrote to memory of 2632	2588	Unicorn-49755.exe	WerFault.exe
PID 2588 wrote to memory of 2632	2588	Unicorn-49755.exe	WerFault.exe
PID 2588 wrote to memory of 2632	2588	Unicorn-49755.exe	WerFault.exe
PID 2588 wrote to memory of 2632	2588	Unicorn-49755.exe	WerFault.exe
PID 1648 wrote to memory of 1412	1648	Unicorn-57113.exe	Unicorn-27828.exe
PID 1648 wrote to memory of 1412	1648	Unicorn-57113.exe	Unicorn-27828.exe
PID 1648 wrote to memory of 1412	1648	Unicorn-57113.exe	Unicorn-27828.exe
PID 1648 wrote to memory of 1412	1648	Unicorn-57113.exe	Unicorn-27828.exe

C:\Users\Admin\AppData\Local\Temp\94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe
"C:\Users\Admin\AppData\Local\Temp\94d19f9bee7e2ee3b9ba09bdb71db28d67dc125e7aee572ee02219ca3a9b734a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35730.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3678.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48311.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59275.exe
10⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45723.exe
11⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
12⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14556.exe
13⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35974.exe
14⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
14⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
13⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
12⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
11⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
10⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe
9⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25132.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4356.exe
12⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
13⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
13⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
12⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
10⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
9⤵
- Program crash
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40142.exe
9⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25624.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53287.exe
11⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8158.exe
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
12⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
10⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28794.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3027.exe
9⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
11⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
12⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
11⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 216
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39409.exe
8⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44326.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43733.exe
10⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23433.exe
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 236
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
8⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
7⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22034.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15280.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
9⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
10⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
11⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19609.exe
12⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 220
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 220
11⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 216
10⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 216
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3255.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34451.exe
10⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59308.exe
11⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 220
11⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 220
10⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
9⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
8⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44507.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
8⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
10⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46004.exe
11⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9407.exe
12⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
12⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-11818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11818.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56007.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27485.exe
10⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52270.exe
11⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 236
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1828 -s 240
7⤵
- Program crash
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38252.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-8146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8146.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38010.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe
9⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23742.exe
10⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
11⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36455.exe
12⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32751.exe
13⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34317.exe
14⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 204
14⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
13⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
12⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
11⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
10⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42526.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18376.exe
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24738.exe
11⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20287.exe
12⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
12⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
11⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
9⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
8⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-19104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19104.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34921.exe
8⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64854.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30814.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29346.exe
11⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56441.exe
12⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
10⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
9⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-3990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3990.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46683.exe
10⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
11⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42692.exe
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 204
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
11⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
8⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
7⤵
- Program crash
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48887.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15403.exe
8⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60106.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42872.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
11⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
12⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
9⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57262.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39296.exe
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44869.exe
10⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
10⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
8⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
7⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27652.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55483.exe
10⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17227.exe
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 220
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
8⤵
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 220
6⤵
- Program crash
PID:696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24111.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
8⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62295.exe
9⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15233.exe
11⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33854.exe
12⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
13⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
13⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 220
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
11⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58012.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
11⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29350.exe
12⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
12⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
11⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 220
10⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-9399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9399.exe
8⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
10⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 236
11⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14984.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8598.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39883.exe
11⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
12⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
8⤵
- Program crash
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 240
7⤵
- Program crash
PID:1188

C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
7⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35586.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 200
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33265.exe
7⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
9⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
10⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 220
10⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
7⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 240
6⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22994.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24976.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64372.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65455.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32208.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58598.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
11⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52807.exe
12⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 220
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
11⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
9⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12342.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46798.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46531.exe
10⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
11⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
8⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13519.exe
7⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24528.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63552.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39629.exe
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
8⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59223.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10368.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27339.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29203.exe
11⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12092.exe
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
12⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 236
10⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26081.exe
7⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48500.exe
9⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
10⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 220
10⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
9⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
8⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
6⤵
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
5⤵
- Program crash
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37581.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63272.exe
8⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29265.exe
9⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50855.exe
10⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9973.exe
11⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49575.exe
12⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
11⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
10⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
9⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57915.exe
8⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59174.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36090.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
11⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 220
11⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
9⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46479.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25825.exe
10⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35771.exe
11⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
11⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
9⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
8⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
7⤵
- Program crash
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4010.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25058.exe
7⤵
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44764.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64122.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15159.exe
10⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59064.exe
11⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 236
8⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31153.exe
7⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47902.exe
8⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40350.exe
9⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28491.exe
10⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
10⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
9⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
8⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
7⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
6⤵
- Program crash
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27964.exe
7⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36076.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57925.exe
11⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
10⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
8⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19752.exe
7⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40041.exe
8⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55899.exe
9⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49992.exe
10⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
10⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
9⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
8⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
7⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9800.exe
6⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
7⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63819.exe
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59309.exe
9⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
10⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
10⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
9⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
8⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 216
7⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
6⤵
- Program crash
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
5⤵
- Program crash
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64859.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25071.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51959.exe
7⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23645.exe
8⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55812.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19552.exe
10⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29555.exe
12⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
11⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 236
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50856.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
10⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
11⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
11⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 220
8⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2819.exe
7⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45947.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56650.exe
11⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 220
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
7⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49115.exe
6⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3426.exe
7⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10630.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40911.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 204
11⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7786.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
9⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
10⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
9⤵
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
8⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
7⤵
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
6⤵
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64939.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18565.exe
7⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
8⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62117.exe
9⤵
PID:7988

C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14041.exe
10⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7988 -s 216
10⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
9⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
8⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
7⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15720.exe
6⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
7⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
8⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32277.exe
9⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 220
9⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
8⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
7⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
6⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Program crash
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34289.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37842.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
8⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
9⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28241.exe
10⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25473.exe
11⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2390.exe
12⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
12⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
11⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 216
10⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
9⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
8⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47721.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12973.exe
10⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52142.exe
11⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
11⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 220
8⤵
- Program crash
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58150.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11283.exe
8⤵
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18401.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1960.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
11⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
12⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 204
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
10⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 236
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 236
8⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 220
7⤵
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32432.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50583.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18952.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40958.exe
10⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
8⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17204.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54363.exe
9⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9689.exe
10⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 216
8⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
6⤵
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36045.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14014.exe
7⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
8⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
9⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
10⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59398.exe
11⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
10⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-235.exe
7⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54630.exe
9⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62166.exe
10⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50110.exe
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
10⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 236
9⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
8⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
7⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60262.exe
6⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63845.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45192.exe
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe
9⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42863.exe
10⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
10⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 220
9⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
8⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
7⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
6⤵
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
5⤵
- Program crash
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44958.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41324.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22340.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1347.exe
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 200
11⤵
PID:10140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50287.exe
7⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2915.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39932.exe
9⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
10⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
10⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
9⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
7⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10210.exe
6⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5988.exe
7⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20683.exe
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36907.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
10⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
10⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
9⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
8⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
7⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
6⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42541.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41993.exe
6⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-189.exe
7⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
8⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49027.exe
9⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40638.exe
10⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 220
10⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
7⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
6⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
5⤵
- Program crash
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10405.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45194.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
7⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35010.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19147.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9397.exe
10⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
11⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 220
11⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
7⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10144.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33206.exe
10⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
10⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
8⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
7⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11746.exe
6⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51019.exe
7⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8546.exe
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19069.exe
9⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
10⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
10⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
8⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
7⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
6⤵
- Program crash
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7076.exe
6⤵
PID:736

C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40718.exe
7⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
8⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
9⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-62606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62606.exe
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
10⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
9⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 216
8⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 736 -s 236
7⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
6⤵
- Program crash
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
5⤵
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
6⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22626.exe
9⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44220.exe
10⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41933.exe
11⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 204
11⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
10⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
7⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29617.exe
6⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
7⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
8⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61380.exe
9⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 220
9⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
8⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
7⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 220
6⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57190.exe
5⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
6⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57419.exe
7⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
8⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33071.exe
9⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
9⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
8⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
7⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
6⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
5⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
4⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
2⤵
- Program crash
PID:2660

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-25078.exe

Filesize
184KB

MD5
b98197c9e4b9e37851cb27bdfce92b14

SHA1
914680d31f83fe7d39bd34419f4cbdb3c148b8a0

SHA256
e4f0dfe9cd9adf3a660217ffa0f8a95d51d0d5b91a5407ee9585b63bd5ae6e30

SHA512
1216e0fbe4644399f460f4990c48169e9fd2394891f7150619752f43f584a0bbdf885f793c81d0a24e1a2d939aee5cd9d7d7c052cdd8e259836a865c1d88321f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27155.exe

Filesize
184KB

MD5
52703803cbcf1bdcb78947c812d7d99a

SHA1
98ead2a0a3f25a0369e98c195bd89955f72526b9

SHA256
301a5b867bba54b50f77519fc00081eb1418ca69ed1720664c84e1979ae315a0

SHA512
ceed95c608c07280a1afdbe7182973e0decf604d3c501edf0cd1edeb375910df6ee3a6ee37b77e62cfc4e57d43708925b0192e1d88783e98f2e462a370fd107e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe

Filesize
184KB

MD5
2891db790e36e1d02c6dd956af48df7d

SHA1
6ebc613ace22f3c9873f30a754a4857c22732ec5

SHA256
3b3d21ea736196673ac2c8734e9ab2aa8232a23da838675cffeeeef0460f8a39

SHA512
3a81117e6921b317cd6a8681797ceec2317676d0df5daaff4897f5fe8764ca824ca720c26ae6ebe9b2abeeae9272a99792b53b6f9dc03ab48afd29f4529f0ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52347.exe

Filesize
184KB

MD5
09db6d756717c31be13660b0d5faa83a

SHA1
91363c33de2aa37be81ac7a7b1042f05c43b6d66

SHA256
062e06bb4230298a228ae7ecc3917302ad9700bce0f0c208fccd0c07147d3614

SHA512
325f82e35fa33ab79225a74012302189dbe1280a71be489c342018410b5ca7db318fbb4bc967793a120207bad9fc01613bb49730eb86b9cdf5a31d88e27450c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53137.exe

Filesize
184KB

MD5
d4ce473b234935b2252108848b591e6d

SHA1
08bc8a6816cff015363445a2634b2cadd665c98d

SHA256
3ea2232821953bc1ff6413b7359bd5a0eeb0f2842f3e3e90e96f9868ce6844dd

SHA512
fb310bc26ca0c9953bb9678e847e5c06c6e8e2faf0dd3ac6345c6b33549ece61a3aa804fe01771f3ad752c4b59d046bf1989a9c96c6ddd930e3db86c0d2d7a7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54174.exe

Filesize
184KB

MD5
ce86ddc3a5978dc53174e5bdebd7bc92

SHA1
66fb4dd523a59b0d6565e7cfe1ed2b7b474f1cad

SHA256
d58d66133c0caf9bf5fad43da9c79e33f40c69c389109b31ee819f7abe38b44b

SHA512
f3893f7a50ee7a3342a5c5712a4223dedd09742db447f8949a21a8fe30165821a3a56e316e6428d3eaa54cfe9114a5a20e65ae9ac10b4c87178ce12e619f7dff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5663.exe

Filesize
184KB

MD5
6a658d99f20c75d73a510edf23c52913

SHA1
aa5a26dd9f7026502f863754592fdbc9d66045d9

SHA256
a389b3d87772955f0b6075eabfb8965dae6fce88082e3eed9009b805c63f6f46

SHA512
7ce31b15ae283cf6c50559b22738d89fcd8ae6989e6fd93532812f05745cbb41cc27e4025ba6cd143f27a1b8cfb532e567b83e104e44236c76417f8612e7f4da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56656.exe

Filesize
184KB

MD5
263637aac28ced7220c1aafec40c1347

SHA1
b3e0121a0c65f3114b489e3d1a72ffac742136f6

SHA256
b34ced865a9d779415b192433ba3645ffc5b8c16ed8fe9f0472ac112a0c7f712

SHA512
015cadc8893767ebf1c4bac01fb286c34af3f701f0e8592eadd3a449748317df54546458819096994f5bd0d8f36a17d29c937e874c8e2c3fdadad0c02b903a46

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe

Filesize
184KB

MD5
d98886bf42d58c9d0ed8a5290d19a237

SHA1
287a6f5705018cee06d657439000529e2d17a575

SHA256
2d8f5c860bd581110326d673ae0df71a07c6a0dd90dc6733c8a341f09028b5c8

SHA512
a71326f1f1a75bcc47fb44cb79abaf34a0395f95058003e7ce9d94d416422909967992e8745f278483da00a62a052d907b594c789c856417e942ec4a4a450935

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1469.exe

Filesize
184KB

MD5
01cca9b745020ac46f62e651b10995a6

SHA1
1a2e84dbf927a30e5175f8d52de7021286e52715

SHA256
826faf6692baa73698cf788f40115a3143455cb79d26526e4c32df2910fd7b42

SHA512
37d820b4f3539dc238969ec250c30aaa33e0d08719571e6f1984055d7289393bea143ea1a24e3cabea810488da63f0099cc90550b68d4f46e09f520d1b7090ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26868.exe

Filesize
184KB

MD5
cdeec1788fb3d794cabe1ff89625ae94

SHA1
05c5057daab1ae066c1ec0de82893d54dbdbe87a

SHA256
1464362f9cd8739ea8ae2532e013ab09dbed553c4c713f0726dbbc73e5c85888

SHA512
be14ab251b68e69e15869bb6833e219d0537756efd507a9356517fc723c95ed39d0ff6f2036d14343f37597a89027e296f88d6d5a9a235467e86e3269be81135

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27828.exe

Filesize
184KB

MD5
37bb340e51fe7aa0ffc85c2d24bb8833

SHA1
70aba6b8cb9982201bd29bc50ad99221bf6de509

SHA256
8348dd4224ef0cd3f1ac7011f4623ad2019c66081b0ffb49b50bec835c7eb86e

SHA512
f8a95d38ca1286c4a896caf1ebd1867e01e486fd0db009b21a86397de73d9d52e048c8acfe891e652c337b2bd19ba378a8fc698209f9e09ffffc5a7e9d5b5599

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3604.exe

Filesize
184KB

MD5
111c16f92d5ad0dd96a528510cfd6f4d

SHA1
092f6c222bb2a8c7c6d8734811b0c628b684d007

SHA256
60109c1535dfb10774cb3524dcbf770646384e50017adc37528f5b844895cf4b

SHA512
1590acb41c259e159e4c12eb2dd9c622d042c9621559edb39ae6de8915e833af47eeea3912c43b3fa17750394e7f5f669d2b783ad3063133da849ec815109630

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38092.exe

Filesize
184KB

MD5
5ab4e4e33d816dbd1b802b426c6f6bc1

SHA1
926eac3e03796a2019823558f5113354c67281bf

SHA256
73a77773204436589032fe205ec7d4ed39773473675ccc6dcbfe2d2ccb9b9a71

SHA512
7ba10a7fb4303598a8698b4635b4747012d763f56016f66938e965a7362ab4aa6ae576f931c97082225f45661d8476e0c9a2d78e0bedf1ea62dcddac5405dd20

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe

Filesize
184KB

MD5
07d2e0c0263de7828e91ab0731ae738d

SHA1
ac27ad34df0db28ef58f251ac5a64627bd323986

SHA256
3a085cf5b4e58359eb18b5be867afd24e0dec572bdc76883587d74aaf4ed448a

SHA512
131774639203e38ffa43f5a445c8d94cf5d4596ad08626ba754c299c74c3eef72a8659b72613db2c3ac65321ec0bcf35ba4b3a3a1cb6dcea60173d6015c88f35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49755.exe

Filesize
184KB

MD5
a6a0cda622632bbb3e6ff8dbd6e4c138

SHA1
fddcdd1bd5c49e0d6c245e19fed8105a77c9ebfb

SHA256
deb17a4c40c00ab1192942a241e94feb099520f52ce047d2843f8ecaa2074926

SHA512
c880fcac76d553bc6a8e424c9706fe29f0437b7ee20d51459ec213af1bdd3a056cca631c72256a4fc03678a072c3e944b6b09703342792fb3c6697536d742508

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57113.exe

Filesize
184KB

MD5
dac97d1e9fba4c3df42a76347dbcd6e8

SHA1
a1f2e1ec5f9e67bda706e8c84c80f0d6a9424a24

SHA256
b57b26d679dc795fc5faff8f0ddcb9244ace27431f587c6059d074b251a593ea

SHA512
6ce23a636299b2daef9772dd47885f109ac9e17f0201082b08785c14dd45d2da74d5dfeca3916e264e874c6be6771d3e08064e1c72147474c52f42e216d38f00

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57958.exe

Filesize
184KB

MD5
470f6804a08c2b1fa850270fad8b97f7

SHA1
e69cfe760bbcec96495e46e9234946d11d74b848

SHA256
64d49fcefb1ea829b6d990bb145d1fce70c297f0a8a70e489f06320cd552f5d8

SHA512
9476faa7b2819f72d48a3dae36d918900ec8435823ec6ebb82b030f0b4afe1fb2689879a705b538903886edc0a3e9ebe6821197cf95b968dafc6050538fecb06

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe

Filesize
184KB

MD5
30b225f17c9ab0f9c899e24571c47c3c

SHA1
37068bd921dd577ae36e115584c21e5148760a97

SHA256
ef598a97f5735ba220f723c4836e6c02746bc3712b98239bf89b169956ceac35

SHA512
b2023eb0c5366c8d0d7f1707db6f8b7b6ce6536803a6417812a191f105808c68bbfd510bbcb055f262bed9e6095e5bb0dae259d7224007dd5c129a4655b58474

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe

Filesize
184KB

MD5
34a167f23bffdb8f64f33000f2f64833

SHA1
f9fc44977b60d941fadfb8acdcaa71cb720dd08d

SHA256
e0dee499906dcba75d28b0a1e3903a93251f881cb67e4856c1853e8951db04f8

SHA512
2cd8aca6dfc084e10117f62a15833beb10427e6a18484ee97bbe30ca42540f4a6ed80da5f4f8d43ea4d5a4ee96343e1c624d886dbcfc88c9c500d3f5cd8bc16d

Download Submit