96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
Size

184KB
MD5

9f9362b49601b2ed9134845fbd2f13a5
SHA1

ee43beba70ff3fa7ec6f355c861121c3b6cabf1b
SHA256

96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5
SHA512

365ab72a9e8b8275f818d84b66e01bb4c6de45a87ecc4b2937716aadfc67f8f77074c0036fc2086d91d9e856a7df1320d47b7004f69feb1505f49e56b6ee7827
SSDEEP

3072:KJ5QBNoldlazdpjYej7EpxNEIR4YILFbFHFLn5CGFEvhlnVOFznT:KJaogppjrEPNEIMpWHhlnVOFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-17600.exeUnicorn-14406.exeUnicorn-17374.exeUnicorn-26018.exeUnicorn-9729.exeUnicorn-38258.exeUnicorn-5804.exeUnicorn-25670.exeUnicorn-10569.exeUnicorn-24170.exeUnicorn-13065.exeUnicorn-42291.exeUnicorn-62157.exeUnicorn-25742.exeUnicorn-36410.exeUnicorn-29390.exeUnicorn-47371.exeUnicorn-26545.exeUnicorn-7236.exeUnicorn-35310.exeUnicorn-55176.exeUnicorn-11095.exeUnicorn-43253.exeUnicorn-28117.exeUnicorn-46674.exeUnicorn-9211.exeUnicorn-61583.exeUnicorn-6715.exeUnicorn-31625.exeUnicorn-22985.exeUnicorn-3119.exeUnicorn-4079.exeUnicorn-23945.exeUnicorn-27228.exeUnicorn-60922.exeUnicorn-32272.exeUnicorn-9910.exeUnicorn-20560.exeUnicorn-60170.exeUnicorn-13190.exeUnicorn-13190.exeUnicorn-26128.exeUnicorn-40880.exeUnicorn-21747.exeUnicorn-41613.exeUnicorn-38768.exeUnicorn-23632.exeUnicorn-11654.exeUnicorn-42189.exeUnicorn-22323.exeUnicorn-8810.exeUnicorn-28676.exeUnicorn-44250.exeUnicorn-26653.exeUnicorn-25344.exeUnicorn-3116.exeUnicorn-30998.exeUnicorn-37351.exeUnicorn-47444.exeUnicorn-1772.exeUnicorn-57081.exeUnicorn-24034.exeUnicorn-61689.exeUnicorn-22498.exe

pid	process
2160	Unicorn-17600.exe
2600	Unicorn-14406.exe
2704	Unicorn-17374.exe
2732	Unicorn-26018.exe
2628	Unicorn-9729.exe
2932	Unicorn-38258.exe
1236	Unicorn-5804.exe
2820	Unicorn-25670.exe
1644	Unicorn-10569.exe
620	Unicorn-24170.exe
2024	Unicorn-13065.exe
2228	Unicorn-42291.exe
2236	Unicorn-62157.exe
2196	Unicorn-25742.exe
484	Unicorn-36410.exe
708	Unicorn-29390.exe
2860	Unicorn-47371.exe
1744	Unicorn-26545.exe
2456	Unicorn-7236.exe
1904	Unicorn-35310.exe
1792	Unicorn-55176.exe
1624	Unicorn-11095.exe
1532	Unicorn-43253.exe
1576	Unicorn-28117.exe
2128	Unicorn-46674.exe
1620	Unicorn-9211.exe
872	Unicorn-61583.exe
2156	Unicorn-6715.exe
880	Unicorn-31625.exe
1512	Unicorn-22985.exe
2072	Unicorn-3119.exe
2780	Unicorn-4079.exe
2372	Unicorn-23945.exe
2688	Unicorn-27228.exe
2792	Unicorn-60922.exe
2412	Unicorn-32272.exe
2924	Unicorn-9910.exe
2728	Unicorn-20560.exe
2812	Unicorn-60170.exe
1648	Unicorn-13190.exe
1540	Unicorn-13190.exe
756	Unicorn-26128.exe
1772	Unicorn-40880.exe
1668	Unicorn-21747.exe
2120	Unicorn-41613.exe
1172	Unicorn-38768.exe
1100	Unicorn-23632.exe
2216	Unicorn-11654.exe
2232	Unicorn-42189.exe
1972	Unicorn-22323.exe
664	Unicorn-8810.exe
1412	Unicorn-28676.exe
984	Unicorn-44250.exe
856	Unicorn-26653.exe
748	Unicorn-25344.exe
2132	Unicorn-3116.exe
2144	Unicorn-30998.exe
2136	Unicorn-37351.exe
2584	Unicorn-47444.exe
2188	Unicorn-1772.exe
2616	Unicorn-57081.exe
2540	Unicorn-24034.exe
2508	Unicorn-61689.exe
1560	Unicorn-22498.exe

Loads dropped DLL 64 IoCs

Processes:

96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exeUnicorn-17600.exeUnicorn-14406.exeWerFault.exeUnicorn-17374.exeUnicorn-26018.exeWerFault.exeWerFault.exeUnicorn-38258.exeUnicorn-9729.exeUnicorn-5804.exeUnicorn-25670.exeWerFault.exeUnicorn-10569.exeUnicorn-24170.exeUnicorn-13065.exeUnicorn-62157.exeUnicorn-42291.exeWerFault.exe

pid	process
1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
2160	Unicorn-17600.exe
2160	Unicorn-17600.exe
1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
2160	Unicorn-17600.exe
2600	Unicorn-14406.exe
2160	Unicorn-17600.exe
2600	Unicorn-14406.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2704	Unicorn-17374.exe
2704	Unicorn-17374.exe
2600	Unicorn-14406.exe
2600	Unicorn-14406.exe
2732	Unicorn-26018.exe
2732	Unicorn-26018.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
752	WerFault.exe
1896	WerFault.exe
2932	Unicorn-38258.exe
752	WerFault.exe
2932	Unicorn-38258.exe
2628	Unicorn-9729.exe
2628	Unicorn-9729.exe
1236	Unicorn-5804.exe
1236	Unicorn-5804.exe
2732	Unicorn-26018.exe
2732	Unicorn-26018.exe
2820	Unicorn-25670.exe
2820	Unicorn-25670.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1724	WerFault.exe
1644	Unicorn-10569.exe
1644	Unicorn-10569.exe
2932	Unicorn-38258.exe
2932	Unicorn-38258.exe
620	Unicorn-24170.exe
620	Unicorn-24170.exe
2024	Unicorn-13065.exe
2024	Unicorn-13065.exe
1236	Unicorn-5804.exe
1236	Unicorn-5804.exe
2236	Unicorn-62157.exe
2236	Unicorn-62157.exe
2820	Unicorn-25670.exe
2820	Unicorn-25670.exe
2228	Unicorn-42291.exe
2228	Unicorn-42291.exe
2388	WerFault.exe
2388	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2748	1868	WerFault.exe	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
2568	2160	WerFault.exe	Unicorn-17600.exe
1896	2704	WerFault.exe	Unicorn-17374.exe
752	2600	WerFault.exe	Unicorn-14406.exe
1724	2732	WerFault.exe	Unicorn-26018.exe
2388	2932	WerFault.exe	Unicorn-38258.exe
956	1236	WerFault.exe	Unicorn-5804.exe
2096	2820	WerFault.exe	Unicorn-25670.exe
2700	1644	WerFault.exe	Unicorn-10569.exe
2648	620	WerFault.exe	Unicorn-24170.exe
2492	2024	WerFault.exe	Unicorn-13065.exe
1504	2236	WerFault.exe	Unicorn-62157.exe
1248	2228	WerFault.exe	Unicorn-42291.exe
1112	2196	WerFault.exe	Unicorn-25742.exe
2368	484	WerFault.exe	Unicorn-36410.exe
2320	708	WerFault.exe	Unicorn-29390.exe
2276	2860	WerFault.exe	Unicorn-47371.exe
896	1744	WerFault.exe	Unicorn-26545.exe
340	2456	WerFault.exe	Unicorn-7236.exe
344	1792	WerFault.exe	Unicorn-55176.exe
2264	1624	WerFault.exe	Unicorn-11095.exe
3064	1532	WerFault.exe	Unicorn-43253.exe
2528	1620	WerFault.exe	Unicorn-9211.exe
2956	2128	WerFault.exe	Unicorn-46674.exe
2564	2156	WerFault.exe	Unicorn-6715.exe
3068	872	WerFault.exe	Unicorn-61583.exe
2900	880	WerFault.exe	Unicorn-31625.exe
1564	2372	WerFault.exe	Unicorn-23945.exe
1892	1512	WerFault.exe	Unicorn-22985.exe
1356	2072	WerFault.exe	Unicorn-3119.exe
2016	2780	WerFault.exe	Unicorn-4079.exe
2040	2212	WerFault.exe	Unicorn-449.exe
2692	2688	WerFault.exe	Unicorn-27228.exe
2088	2792	WerFault.exe	Unicorn-60922.exe
2592	2924	WerFault.exe	Unicorn-9910.exe
3076	2412	WerFault.exe	Unicorn-32272.exe
3132	2728	WerFault.exe	Unicorn-20560.exe
3300	1648	WerFault.exe	Unicorn-13190.exe
3320	2812	WerFault.exe	Unicorn-60170.exe
3356	664	WerFault.exe	Unicorn-8810.exe
3380	1412	WerFault.exe	Unicorn-28676.exe
3560	756	WerFault.exe	Unicorn-26128.exe
3724	2232	WerFault.exe	Unicorn-42189.exe
3764	1100	WerFault.exe	Unicorn-23632.exe
3812	2120	WerFault.exe	Unicorn-41613.exe
3820	1772	WerFault.exe	Unicorn-40880.exe
3880	2216	WerFault.exe	Unicorn-11654.exe
3892	1172	WerFault.exe	Unicorn-38768.exe
3864	2584	WerFault.exe	Unicorn-47444.exe
3960	856	WerFault.exe	Unicorn-26653.exe
3984	1972	WerFault.exe	Unicorn-22323.exe
3280	2136	WerFault.exe	Unicorn-37351.exe
3536	1548	WerFault.exe	Unicorn-8129.exe
3672	1596	WerFault.exe	Unicorn-64642.exe
3676	1664	WerFault.exe	Unicorn-16895.exe
3796	2476	WerFault.exe	Unicorn-13282.exe
4092	112	WerFault.exe	Unicorn-62374.exe
3200	2340	WerFault.exe	Unicorn-18239.exe
3168	824	WerFault.exe	Unicorn-15358.exe
3252	632	WerFault.exe	Unicorn-44777.exe
3312	1572	WerFault.exe	Unicorn-26795.exe
3604	680	WerFault.exe	Unicorn-46661.exe
3240	1536	WerFault.exe	Unicorn-58156.exe
1700	2520	WerFault.exe	Unicorn-42322.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exeUnicorn-17600.exeUnicorn-14406.exeUnicorn-17374.exeUnicorn-9729.exeUnicorn-26018.exeUnicorn-38258.exeUnicorn-5804.exeUnicorn-25670.exeUnicorn-10569.exeUnicorn-24170.exeUnicorn-13065.exeUnicorn-62157.exeUnicorn-42291.exeUnicorn-25742.exeUnicorn-36410.exeUnicorn-29390.exeUnicorn-47371.exeUnicorn-26545.exeUnicorn-7236.exeUnicorn-55176.exeUnicorn-11095.exeUnicorn-28117.exeUnicorn-43253.exeUnicorn-46674.exeUnicorn-9211.exeUnicorn-61583.exeUnicorn-6715.exeUnicorn-31625.exeUnicorn-3119.exeUnicorn-22985.exeUnicorn-23945.exeUnicorn-4079.exeUnicorn-27228.exeUnicorn-60922.exeUnicorn-32272.exeUnicorn-9910.exeUnicorn-20560.exeUnicorn-60170.exeUnicorn-13190.exeUnicorn-13190.exeUnicorn-26128.exeUnicorn-21747.exeUnicorn-40880.exeUnicorn-41613.exeUnicorn-38768.exeUnicorn-23632.exeUnicorn-11654.exeUnicorn-42189.exeUnicorn-28676.exeUnicorn-22323.exeUnicorn-8810.exeUnicorn-26653.exeUnicorn-44250.exeUnicorn-25344.exeUnicorn-3116.exeUnicorn-30998.exeUnicorn-37351.exeUnicorn-47444.exeUnicorn-1772.exeUnicorn-57081.exeUnicorn-24034.exeUnicorn-61689.exeUnicorn-22498.exe

pid	process
1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
2160	Unicorn-17600.exe
2600	Unicorn-14406.exe
2704	Unicorn-17374.exe
2628	Unicorn-9729.exe
2732	Unicorn-26018.exe
2932	Unicorn-38258.exe
1236	Unicorn-5804.exe
2820	Unicorn-25670.exe
1644	Unicorn-10569.exe
620	Unicorn-24170.exe
2024	Unicorn-13065.exe
2236	Unicorn-62157.exe
2228	Unicorn-42291.exe
2196	Unicorn-25742.exe
484	Unicorn-36410.exe
708	Unicorn-29390.exe
2860	Unicorn-47371.exe
1744	Unicorn-26545.exe
2456	Unicorn-7236.exe
1792	Unicorn-55176.exe
1624	Unicorn-11095.exe
1576	Unicorn-28117.exe
1532	Unicorn-43253.exe
2128	Unicorn-46674.exe
1620	Unicorn-9211.exe
872	Unicorn-61583.exe
2156	Unicorn-6715.exe
880	Unicorn-31625.exe
2072	Unicorn-3119.exe
1512	Unicorn-22985.exe
2372	Unicorn-23945.exe
2780	Unicorn-4079.exe
2688	Unicorn-27228.exe
2792	Unicorn-60922.exe
2412	Unicorn-32272.exe
2924	Unicorn-9910.exe
2728	Unicorn-20560.exe
2812	Unicorn-60170.exe
1540	Unicorn-13190.exe
1648	Unicorn-13190.exe
756	Unicorn-26128.exe
1668	Unicorn-21747.exe
1772	Unicorn-40880.exe
2120	Unicorn-41613.exe
1172	Unicorn-38768.exe
1100	Unicorn-23632.exe
2216	Unicorn-11654.exe
2232	Unicorn-42189.exe
1412	Unicorn-28676.exe
1972	Unicorn-22323.exe
664	Unicorn-8810.exe
856	Unicorn-26653.exe
984	Unicorn-44250.exe
748	Unicorn-25344.exe
2132	Unicorn-3116.exe
2144	Unicorn-30998.exe
2136	Unicorn-37351.exe
2584	Unicorn-47444.exe
2188	Unicorn-1772.exe
2616	Unicorn-57081.exe
2540	Unicorn-24034.exe
2508	Unicorn-61689.exe
1560	Unicorn-22498.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exeUnicorn-17600.exeUnicorn-14406.exeUnicorn-17374.exeUnicorn-26018.exeUnicorn-38258.exeUnicorn-9729.exeUnicorn-5804.exe

description	pid	process	target process
PID 1868 wrote to memory of 2160	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17600.exe
PID 1868 wrote to memory of 2160	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17600.exe
PID 1868 wrote to memory of 2160	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17600.exe
PID 1868 wrote to memory of 2160	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17600.exe
PID 2160 wrote to memory of 2600	2160	Unicorn-17600.exe	Unicorn-14406.exe
PID 2160 wrote to memory of 2600	2160	Unicorn-17600.exe	Unicorn-14406.exe
PID 2160 wrote to memory of 2600	2160	Unicorn-17600.exe	Unicorn-14406.exe
PID 2160 wrote to memory of 2600	2160	Unicorn-17600.exe	Unicorn-14406.exe
PID 1868 wrote to memory of 2704	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17374.exe
PID 1868 wrote to memory of 2704	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17374.exe
PID 1868 wrote to memory of 2704	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17374.exe
PID 1868 wrote to memory of 2704	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	Unicorn-17374.exe
PID 1868 wrote to memory of 2748	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	WerFault.exe
PID 1868 wrote to memory of 2748	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	WerFault.exe
PID 1868 wrote to memory of 2748	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	WerFault.exe
PID 1868 wrote to memory of 2748	1868	96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe	WerFault.exe
PID 2160 wrote to memory of 2732	2160	Unicorn-17600.exe	Unicorn-26018.exe
PID 2160 wrote to memory of 2732	2160	Unicorn-17600.exe	Unicorn-26018.exe
PID 2160 wrote to memory of 2732	2160	Unicorn-17600.exe	Unicorn-26018.exe
PID 2160 wrote to memory of 2732	2160	Unicorn-17600.exe	Unicorn-26018.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-14406.exe	Unicorn-9729.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-14406.exe	Unicorn-9729.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-14406.exe	Unicorn-9729.exe
PID 2600 wrote to memory of 2628	2600	Unicorn-14406.exe	Unicorn-9729.exe
PID 2160 wrote to memory of 2568	2160	Unicorn-17600.exe	WerFault.exe
PID 2160 wrote to memory of 2568	2160	Unicorn-17600.exe	WerFault.exe
PID 2160 wrote to memory of 2568	2160	Unicorn-17600.exe	WerFault.exe
PID 2160 wrote to memory of 2568	2160	Unicorn-17600.exe	WerFault.exe
PID 2704 wrote to memory of 2932	2704	Unicorn-17374.exe	Unicorn-38258.exe
PID 2704 wrote to memory of 2932	2704	Unicorn-17374.exe	Unicorn-38258.exe
PID 2704 wrote to memory of 2932	2704	Unicorn-17374.exe	Unicorn-38258.exe
PID 2704 wrote to memory of 2932	2704	Unicorn-17374.exe	Unicorn-38258.exe
PID 2600 wrote to memory of 1236	2600	Unicorn-14406.exe	Unicorn-5804.exe
PID 2600 wrote to memory of 1236	2600	Unicorn-14406.exe	Unicorn-5804.exe
PID 2600 wrote to memory of 1236	2600	Unicorn-14406.exe	Unicorn-5804.exe
PID 2600 wrote to memory of 1236	2600	Unicorn-14406.exe	Unicorn-5804.exe
PID 2732 wrote to memory of 2820	2732	Unicorn-26018.exe	Unicorn-25670.exe
PID 2732 wrote to memory of 2820	2732	Unicorn-26018.exe	Unicorn-25670.exe
PID 2732 wrote to memory of 2820	2732	Unicorn-26018.exe	Unicorn-25670.exe
PID 2732 wrote to memory of 2820	2732	Unicorn-26018.exe	Unicorn-25670.exe
PID 2704 wrote to memory of 1896	2704	Unicorn-17374.exe	WerFault.exe
PID 2704 wrote to memory of 1896	2704	Unicorn-17374.exe	WerFault.exe
PID 2704 wrote to memory of 1896	2704	Unicorn-17374.exe	WerFault.exe
PID 2704 wrote to memory of 1896	2704	Unicorn-17374.exe	WerFault.exe
PID 2600 wrote to memory of 752	2600	Unicorn-14406.exe	WerFault.exe
PID 2600 wrote to memory of 752	2600	Unicorn-14406.exe	WerFault.exe
PID 2600 wrote to memory of 752	2600	Unicorn-14406.exe	WerFault.exe
PID 2600 wrote to memory of 752	2600	Unicorn-14406.exe	WerFault.exe
PID 2932 wrote to memory of 1644	2932	Unicorn-38258.exe	Unicorn-10569.exe
PID 2932 wrote to memory of 1644	2932	Unicorn-38258.exe	Unicorn-10569.exe
PID 2932 wrote to memory of 1644	2932	Unicorn-38258.exe	Unicorn-10569.exe
PID 2932 wrote to memory of 1644	2932	Unicorn-38258.exe	Unicorn-10569.exe
PID 2628 wrote to memory of 620	2628	Unicorn-9729.exe	Unicorn-24170.exe
PID 2628 wrote to memory of 620	2628	Unicorn-9729.exe	Unicorn-24170.exe
PID 2628 wrote to memory of 620	2628	Unicorn-9729.exe	Unicorn-24170.exe
PID 2628 wrote to memory of 620	2628	Unicorn-9729.exe	Unicorn-24170.exe
PID 1236 wrote to memory of 2024	1236	Unicorn-5804.exe	Unicorn-13065.exe
PID 1236 wrote to memory of 2024	1236	Unicorn-5804.exe	Unicorn-13065.exe
PID 1236 wrote to memory of 2024	1236	Unicorn-5804.exe	Unicorn-13065.exe
PID 1236 wrote to memory of 2024	1236	Unicorn-5804.exe	Unicorn-13065.exe
PID 2732 wrote to memory of 2228	2732	Unicorn-26018.exe	Unicorn-42291.exe
PID 2732 wrote to memory of 2228	2732	Unicorn-26018.exe	Unicorn-42291.exe
PID 2732 wrote to memory of 2228	2732	Unicorn-26018.exe	Unicorn-42291.exe
PID 2732 wrote to memory of 2228	2732	Unicorn-26018.exe	Unicorn-42291.exe

C:\Users\Admin\AppData\Local\Temp\96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe
"C:\Users\Admin\AppData\Local\Temp\96bbe0e110cd34cc822fd43233af99ccba7a9a47c66d8cacbdc0fb10003fabe5.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46674.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61689.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
10⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13591.exe
11⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
12⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
13⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22668.exe
14⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56285.exe
15⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
14⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
13⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
12⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
11⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
10⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17030.exe
11⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34284.exe
12⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55202.exe
13⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44050.exe
14⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
14⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
13⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
11⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
10⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48924.exe
9⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58962.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
11⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
12⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
13⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
14⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
14⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
13⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe
8⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40510.exe
9⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56850.exe
10⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
11⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10350.exe
12⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
13⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11728.exe
14⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
14⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
13⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
12⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
11⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
10⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11515.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62162.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
11⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9294.exe
12⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39425.exe
13⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 220
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
11⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
9⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 220
8⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-449.exe
8⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
9⤵
- Program crash
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60660.exe
8⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29796.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
11⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-463.exe
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 236
12⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
11⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 216
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
8⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
7⤵
- Program crash
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9211.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2136.exe
8⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24777.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29149.exe
11⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
12⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42706.exe
13⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 220
13⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
12⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
9⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 216
8⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22498.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58299.exe
8⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23384.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
10⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22520.exe
11⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
12⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
13⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 216
13⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
11⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63163.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17411.exe
11⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15086.exe
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 220
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
10⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 220
8⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
7⤵
- Program crash
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
6⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47371.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61583.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26128.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-641.exe
9⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11634.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
11⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
12⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36911.exe
13⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48564.exe
14⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 236
14⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
13⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
12⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
11⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
9⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4152.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20646.exe
11⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6373.exe
12⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
13⤵
PID:11096

C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16782.exe
14⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11096 -s 216
14⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 236
12⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
10⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
9⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
8⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1283.exe
9⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62749.exe
10⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25512.exe
11⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32248.exe
12⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23728.exe
13⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
14⤵
PID:12724

C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
14⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
13⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
12⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
10⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 236
9⤵
- Program crash
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
8⤵
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21747.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
8⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
9⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
10⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
11⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
12⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
13⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
13⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
12⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
11⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
10⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 236
9⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48491.exe
8⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50364.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
10⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60265.exe
11⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1449.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29771.exe
13⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
13⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
12⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
11⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 216
9⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
7⤵
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13190.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57081.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-51960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51960.exe
9⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21848.exe
10⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
11⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6723.exe
12⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe
13⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
14⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 220
14⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
13⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
12⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
11⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46677.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24949.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
12⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
13⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
12⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
9⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19925.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59764.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14585.exe
11⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45833.exe
12⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35180.exe
13⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
13⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
12⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
9⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
8⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24034.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27873.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12634.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8140.exe
11⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15511.exe
12⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59207.exe
13⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 220
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
12⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
11⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16495.exe
10⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
11⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42514.exe
12⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
12⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
7⤵
- Program crash
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
6⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26545.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31625.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41613.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18239.exe
8⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
9⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16514.exe
10⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62654.exe
11⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7480.exe
12⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15930.exe
13⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45595.exe
14⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
14⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 236
13⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
12⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
11⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
10⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
9⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51444.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38600.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35768.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15470.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
12⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2064.exe
13⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
13⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 216
9⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
8⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55632.exe
8⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23883.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36095.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64201.exe
12⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-47131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47131.exe
13⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 216
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
12⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
9⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
8⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
7⤵
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38768.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
8⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39923.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17700.exe
10⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50268.exe
11⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26389.exe
12⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
13⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
13⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
12⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59059.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7417.exe
10⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59911.exe
11⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10069.exe
12⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
12⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
10⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 220
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16441.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37064.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
9⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17886.exe
10⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53511.exe
11⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
11⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
10⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 220
9⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
8⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
7⤵
- Program crash
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
6⤵
- Program crash
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
5⤵
- Program crash
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-7236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22985.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11654.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46661.exe
9⤵
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
10⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44332.exe
11⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41594.exe
12⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
13⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22069.exe
14⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
14⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
13⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
12⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
11⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 236
10⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17401.exe
9⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56581.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1149.exe
11⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31288.exe
12⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65331.exe
13⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59205.exe
14⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 220
14⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 236
13⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
12⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
11⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
9⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
8⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
9⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25419.exe
10⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47169.exe
11⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28216.exe
12⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25980.exe
13⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55240.exe
14⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 220
14⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
13⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
12⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
11⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
10⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
9⤵
- Program crash
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 220
8⤵
- Program crash
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
8⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
10⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54405.exe
11⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
12⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45928.exe
13⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
13⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 236
12⤵
PID:1472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 236
11⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
9⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 216
8⤵
- Program crash
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
7⤵
- Program crash
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3119.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16895.exe
8⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14988.exe
9⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
10⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
11⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
12⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
13⤵
PID:11656

C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12657.exe
14⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
13⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
12⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 216
10⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
9⤵
- Program crash
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
8⤵
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17858.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15675.exe
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9850.exe
11⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
12⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59729.exe
13⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10388 -s 216
13⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 220
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 216
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46121.exe
7⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5772.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43568.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61641.exe
12⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
9⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:1356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
6⤵
- Program crash
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35310.exe
5⤵
- Executes dropped EXE
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
5⤵
- Program crash
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55176.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23945.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23632.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
8⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34314.exe
9⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53460.exe
10⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
11⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30094.exe
12⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20772.exe
13⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39856.exe
14⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
14⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
13⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
10⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
9⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46955.exe
8⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32767.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
11⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25264.exe
12⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
13⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
12⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
11⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 216
9⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
8⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
7⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6348.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1272.exe
9⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51234.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56768.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31996.exe
11⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29023.exe
12⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
11⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
10⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 220
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35555.exe
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
10⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63911.exe
11⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
11⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
10⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
8⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
7⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22323.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34684.exe
7⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7884.exe
8⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31039.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53100.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe
11⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-437.exe
12⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39594.exe
13⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
13⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 236
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
9⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32034.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33007.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
10⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60629.exe
11⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 220
12⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
11⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
10⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
8⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2736.exe
7⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60009.exe
8⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61376.exe
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
10⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
11⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
10⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
9⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 216
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
7⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
6⤵
- Program crash
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4079.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28676.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
7⤵
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41927.exe
8⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12837.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9139.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
11⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
12⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
11⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 216
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35766.exe
7⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57712.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60263.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
10⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24542.exe
11⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38524.exe
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 236
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
11⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
10⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
8⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 220
7⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62374.exe
6⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63312.exe
7⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13513.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
10⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25568.exe
12⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 216
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 216
11⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 236
10⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
9⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 236
8⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
7⤵
- Program crash
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
6⤵
- Program crash
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
5⤵
- Program crash
PID:1248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-11095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11095.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27228.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44250.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25650.exe
9⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7164.exe
11⤵
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33912.exe
9⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 200
10⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59152.exe
8⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5070.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19791.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
11⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59810.exe
12⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 216
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
12⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
11⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
9⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
8⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44399.exe
8⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56590.exe
11⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38108.exe
12⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11683.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 220
13⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
12⤵
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
11⤵
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 236
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54357.exe
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47346.exe
10⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16451.exe
11⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13550.exe
12⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 220
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
11⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
10⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
7⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60922.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58156.exe
8⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
9⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 240
10⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
9⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30627.exe
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56119.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62921.exe
11⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28524.exe
12⤵
PID:11600

C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 236
11⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
8⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
7⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20843.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41666.exe
11⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57533.exe
12⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28927.exe
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 236
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
12⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
9⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
6⤵
- Program crash
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43253.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1772.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16434.exe
8⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
11⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
12⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28226.exe
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
12⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
11⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10522.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32896.exe
11⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48058.exe
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 220
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31570.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59779.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23226.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
10⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56096.exe
11⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26286.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 216
12⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
11⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
10⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
8⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47444.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 220
7⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
6⤵
- Program crash
PID:3064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
5⤵
- Program crash
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36410.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28117.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32272.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37351.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-58978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58978.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-348.exe
11⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
12⤵
PID:10856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42928.exe
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10856 -s 216
13⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
12⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
8⤵
- Program crash
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
7⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
7⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58819.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40771.exe
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44634.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23583.exe
11⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40978.exe
12⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
10⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56886.exe
7⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10812.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
9⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
10⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12098.exe
11⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
11⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
10⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
8⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3116.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18930.exe
7⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58804.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26269.exe
10⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
11⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 216
12⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
9⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
8⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14706.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5628.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
9⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
10⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64698.exe
11⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
11⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
10⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
9⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
8⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
7⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62105.exe
6⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24396.exe
7⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12997.exe
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
9⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
10⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-10223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10223.exe
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
11⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
10⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
8⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
7⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
6⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
5⤵
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
2⤵
- Program crash
PID:2748

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe

Filesize
184KB

MD5
48786049b051bfb16aa9d6acf0ea29a2

SHA1
137135662a8b74c5831814dbbd3d16239051ac8e

SHA256
720935d07b1b642d7cc4efa113e1418778fc3b468f24af03da42ed5ae99eb3cc

SHA512
f220a2f5a6566df322f838d163a614f539147dff19c57b4d59b96d8438bfd186aa28c77639d710d22857187495ad8cff131139eebec932272e8a02ebaf9f01c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20079.exe

Filesize
184KB

MD5
d3f5a823b85107d24771b489e1f11461

SHA1
663743f350d63f37745213f9ae97b77c4cbb831a

SHA256
83b0df8357fb10242c82d38fe4eadbed2d957aa20e620512f962193869a5394a

SHA512
6c17ddbedd4451b2535e6fe568bdbdc1b8f65c65a97672b428e8c6461388dd3fb131d741cf2f9be0bf362d6fee600a78c6afd3fe1d054d934f6c8caa1c6aff8a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24780.exe

Filesize
184KB

MD5
943717cae7040547bc96de497e12fd3f

SHA1
26428bbe943c1e5f78e8af70d27bf01644ad00d9

SHA256
6a996cd93765f583afe771abec4b312cfd330899fd05e7ea7053ebd3509a3c2c

SHA512
5ac56585936815da032ddf115421eb49821951cfb78065055edd4e389dacb55fdb64168d88271f7a9533d50c39f5db35ee501af32647feebcff42da4116360bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe

Filesize
184KB

MD5
c9901e1361af4dc640acbee1cc4e7c35

SHA1
e5174380b1663a3a117efb50067071113d5b3e7e

SHA256
cdf1d6a182f1f15b6921102891b14a238b8477a36cc9e86b5f93714b9b161589

SHA512
b651349557cd4994e074494eee64e11d40965d4059b069f1b30c130595a31b39a42185afa037c66ff7f9f61c0dddae29c117095a66692011ee38b307426ba206

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26431.exe

Filesize
184KB

MD5
18184843631c91b420795a6722cd1583

SHA1
a40e3bb15cf64f70ddbb63cb2bfff25683808d22

SHA256
c0cb4796b4c4755b082e5291264d9776672eb267b3ed11fc94c3a08eaa2d8ace

SHA512
6c7358d61beeeff351a5170dbfd6c245e238208f403bdb583597ec2dc7ca7de465e455705fc1f40cc61cd5734bb210e86a14d296baf194536fdfce78b40a8aa4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe

Filesize
184KB

MD5
dc6e6cd5445efbd14e47a002b2912002

SHA1
d4aab2eeda05ac9651b0703a93bf82a6295014ce

SHA256
d9bec6d471e0c71faf84c62e6011f7703b0dd5058821dd4f1375b4b81147be37

SHA512
6254fd9da8187a1a0cfca52418608308a743dbef43c0fa11b57a101060f3acd523c3396c21c5f934c534f07fd2860c653ce4100fd843aa8ec9b798fab9302968

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40095.exe

Filesize
184KB

MD5
806f11b324696f29b5773d5e8a1cf1a7

SHA1
d14c0f5eac07ccbd7f0175f9c299dc457537ddf3

SHA256
75c91e1b9570c312979d4006a49ceacb6797785b143ae0841893e665fa572fbd

SHA512
adf989381e75915742620263fa579aa5b8c9a53d290d1660af18fe2192d9f26d94ba2cf9c07ac56981a554a3a676f1f2e31eec3dd752c5d9606c3c6d44b97f2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40880.exe

Filesize
184KB

MD5
abb6e6d3f5f897fbdcd18da4ebebc800

SHA1
b1491f9cbbc93f5458ad12375fd02c820569945b

SHA256
9687938e99214f8d371fcb443b2fc92c2a1fe07edb0bc1a82da0b366e4e775c1

SHA512
37bd37bcc97c3526d78377e92b9e4af19585a002118a3d8faff4f23944739c3a2e6a2085e3be673b03602a9f4cade8eef341c07d00cbc552eb55ea3cc2f181c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42291.exe

Filesize
184KB

MD5
ff41b5609b828a92e2ddcc59e4fadc20

SHA1
cb1f37ac5e73e652fc14dd30c828fdf84f152c36

SHA256
ae56fc3368809a73032a7ea611694338439d2f53a3e5ec7792337ae427c0e47c

SHA512
7bc803dbe08631c5a13091c5bb9ffe99a8d40a5b6f06959c42d3f035b1186872497119808b1276d87fc253246c71e240178ff324ab4b1f7ecca0448d0c4d5f0a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5283.exe

Filesize
184KB

MD5
d9557ce9596c566e02dfbd60b058b903

SHA1
b12fdd923cb4894b25987bcb21083e2e406be063

SHA256
ba0cef767e556d002dababbd1b904c22fb3e05dbc580a66bdceb53d53951f263

SHA512
36ba808317787cd0f1965d937449414e38f9a66440c9d837dadf5c3dc0704399a4538d1b16bb32bae32ccc4295303a4ac2531c06e4b1f92f9b79cf2ee7292f54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9729.exe

Filesize
184KB

MD5
5ab4d39e74d48badd4ddfc13c208c4cc

SHA1
67fa64fd0179172d077dfa4d63b7c5b037d55edd

SHA256
d2eb93db557054ea8c2d79e1f107f48a745ef4d4757c44bef45d1094c6cd2059

SHA512
ce3f36651e3e8b73a3221be2e0f74fd6fc4d84fdffc23f2989eaf2521a436bb344005c2f6f22944232e02227e306c816803ba1d551a1b0f09421f41225e26e03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe

Filesize
184KB

MD5
ed5c2f2adca5a5d2018d4e86542ce78c

SHA1
fa92d999643e8414f62a26f9e0168250ba85638f

SHA256
f7d6606f6dd4881a1d092ebf575bd4e3c24ba0e0f97a777c823af7e5ebf82e18

SHA512
4433a33422bc06719d8a1a619e894c977f3ed4b5db00116990fc4fbbfa040f83ba532148a221a402b91f9338d6c1574a3931594c25e3b0baf1345e7e01286267

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe

Filesize
184KB

MD5
983b832a3fbf18acfd822210f4ee127c

SHA1
96b2877d75efdebde31da593d2cb3689be79f1a8

SHA256
234a1cb85478a3276fced6fefc2f9242eaaab4d1d18afedd239b060f0652290c

SHA512
9476d28ceebb01501ed84942e70346f0be2626b83baf661d0a7691c62e6edd9fa046f4416309db1d06289241c387b63f9c958223f31f58e8d4d5e3cc7a92a03c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14406.exe

Filesize
184KB

MD5
518762f587659537951774cac152d4e8

SHA1
1aa45e0604a0233443dcbf6b1d7b64165f2a50b7

SHA256
2fd5d79171a8bc41d39d60fef533394e73d77236b0c32bc1327ee56cf6d4c8a5

SHA512
7a400c5b104ce118d515bcdfe482e6ce1887545f80d189c067f339e5ab47b8473c1d4915b6cef0aeb7a544c6e463d893837311d8ca869851d194ac6c476bd6a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17374.exe

Filesize
184KB

MD5
c9975068a52f4fcb86172e693d10f43e

SHA1
491e896d8b84490fb404351af2b269f47c5efc7b

SHA256
634d303a9c72d5ecb57c73180562d841457434f272d1ce480dad661d576076ab

SHA512
2ea087a5a1d448bc556e2ead1002ad24ae42b0a5da701bdc8830b199f3d2614d03bb305de6ad41954be31f25bcf199ef64ada65ad092c5b953bd000f2d0f91bc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17600.exe

Filesize
184KB

MD5
4adb275c86d3c7cc8c92168de66bb898

SHA1
523243d0fb56f65487952c6a3c1ff3bc6ef27a6d

SHA256
5d3a2f5c90f9367d80d483c909696c14560d5597f3ec40a37187425f8c49eeca

SHA512
d5c4c0ffb25c71ecfd0578edddea5159ae88cfc463cf7769e6423db45d050096c152526de16eecf5bd1680c3ae4ffd05d02d8aa553064fed911a77a3b608c3f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24170.exe

Filesize
184KB

MD5
d574f1d303db38a5b8f1c1f5332c0b70

SHA1
ba9cd3bcc14e9bfd20c103441ee368dca76343c9

SHA256
b45d5667a6ada232b66212ebaeef5d8db4c3a038cb0d920e33013cb2f401268d

SHA512
4b4fd1c73c3c6095e3e1daa1a9bd7a037c433e001969946faa93552df1fe5c6c294fec8348c07b3d734110a16fdba0cb45b88fbbdfb3414ccd8c9664eb62930b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26018.exe

Filesize
184KB

MD5
d5cd767e40e21370969f7d0a855b66f1

SHA1
b38654ef27b2621618cc0058b9a7aa6637c4f87e

SHA256
1adea191abbba7f13370ecaf798319b1c18965a5b5644d7744e7d99df32ed707

SHA512
deeffbf230690dff8c1291e1e7d33bd985b8d826b9d719e5cc912123d88f90e16b7c2c12c522808d59de74abe186d30624677a2453b8b66f374491cc4bef55db

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe

Filesize
184KB

MD5
5a70f655d614c5a1e92714c8dfaf501f

SHA1
4bda3854204feda9a64989fec35dc297e053b4a4

SHA256
155f95d0623549e8a10e25657e174029e3228895218345d372849664e18b7443

SHA512
922d8277a2ead81dbf189d9bedd5279242b975bd3fe0fa96fad89c830fa985116bbb93345a4e6c9240f5c41e7cf6af50e981348782f5729ea4e46cef30f0ab9f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe

Filesize
184KB

MD5
e3c313d169be707491ddf0e3630971ab

SHA1
466f033e6e9a8a4e9c796cde85ea00ab9223e00a

SHA256
f1180f798ec91b52d3556e80f19234203bde13a9f3258607e41fa6cc663f39cf

SHA512
14e60bb92d73ce78de7af57c7aa57d5d81775028aad2fbb241338076ad2141da6b407dbc82a738930c32175031239a78da2ca5463eba4f25921fa6d554c8719c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62157.exe

Filesize
184KB

MD5
01eab0994eaf5bdc508df12487dbdf35

SHA1
b4fb31268b0b845683e8419b49dd299640ac63d5

SHA256
c923675caf6311f7136fbe23f21b204201f9020eb9a0736a484d9123e9856de4

SHA512
a52d97dc9964c886853bc0c4ea83e64c29519479c9128b73e9ca9ce45c922b5c68f276358880593d0bd9f25952d315173f240970fceb64dc46f933d1dc19172d

Download Submit