8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe
Size

184KB
MD5

85834d3385b496c25b0a24704a0740bd
SHA1

aa85270edfc8692525246cb471a17fe8dbaaa31d
SHA256

8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a
SHA512

727a57388bbda3c4da01f52e70bcd211dd47b98fe8c6bd76dabe32536227a173d98f5b56a2480e9d10a75e2fd4650253cd6691ae37916ba8eaf1fca5105dc487
SSDEEP

3072:DyJ+vxoY7JcWdjhWqM7nRqszhlnVim6n3:DyCovijhwnwszhlnVim6

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-50224.exeUnicorn-33516.exeUnicorn-13065.exeUnicorn-1602.exeUnicorn-42111.exeUnicorn-22245.exeUnicorn-23837.exeUnicorn-57744.exeUnicorn-18762.exeUnicorn-52124.exeUnicorn-6452.exeUnicorn-53637.exeUnicorn-55536.exeUnicorn-58017.exeUnicorn-8313.exeUnicorn-25863.exeUnicorn-59499.exeUnicorn-651.exeUnicorn-44922.exeUnicorn-43863.exeUnicorn-7137.exeUnicorn-21383.exeUnicorn-26479.exeUnicorn-55290.exeUnicorn-46959.exeUnicorn-32189.exeUnicorn-8827.exeUnicorn-34671.exeUnicorn-47831.exeUnicorn-2159.exeUnicorn-19901.exeUnicorn-37182.exeUnicorn-44826.exeUnicorn-13720.exeUnicorn-26277.exeUnicorn-20391.exeUnicorn-28035.exeUnicorn-47901.exeUnicorn-29017.exeUnicorn-27969.exeUnicorn-48420.exeUnicorn-24373.exeUnicorn-50968.exeUnicorn-5296.exeUnicorn-844.exeUnicorn-54949.exeUnicorn-54949.exeUnicorn-23843.exeUnicorn-23843.exeUnicorn-29489.exeUnicorn-63959.exeUnicorn-27094.exeUnicorn-29932.exeUnicorn-46958.exeUnicorn-32480.exeUnicorn-58131.exeUnicorn-34669.exeUnicorn-54535.exeUnicorn-43295.exeUnicorn-45843.exeUnicorn-11997.exeUnicorn-34411.exeUnicorn-14545.exeUnicorn-42247.exe

pid	process
2524	Unicorn-50224.exe
2588	Unicorn-33516.exe
2544	Unicorn-13065.exe
2444	Unicorn-1602.exe
2760	Unicorn-42111.exe
2216	Unicorn-22245.exe
1048	Unicorn-23837.exe
2708	Unicorn-57744.exe
2692	Unicorn-18762.exe
2332	Unicorn-52124.exe
1948	Unicorn-6452.exe
1700	Unicorn-53637.exe
852	Unicorn-55536.exe
1280	Unicorn-58017.exe
1264	Unicorn-8313.exe
1880	Unicorn-25863.exe
592	Unicorn-59499.exe
384	Unicorn-651.exe
584	Unicorn-44922.exe
2232	Unicorn-43863.exe
3016	Unicorn-7137.exe
1804	Unicorn-21383.exe
1324	Unicorn-26479.exe
2100	Unicorn-55290.exe
912	Unicorn-46959.exe
788	Unicorn-32189.exe
1304	Unicorn-8827.exe
1980	Unicorn-34671.exe
3024	Unicorn-47831.exe
1716	Unicorn-2159.exe
1528	Unicorn-19901.exe
2344	Unicorn-37182.exe
1676	Unicorn-44826.exe
2824	Unicorn-13720.exe
2816	Unicorn-26277.exe
2432	Unicorn-20391.exe
2472	Unicorn-28035.exe
2500	Unicorn-47901.exe
2204	Unicorn-29017.exe
2676	Unicorn-27969.exe
2800	Unicorn-48420.exe
2688	Unicorn-24373.exe
2780	Unicorn-50968.exe
2540	Unicorn-5296.exe
1680	Unicorn-844.exe
932	Unicorn-54949.exe
1768	Unicorn-54949.exe
1704	Unicorn-23843.exe
2116	Unicorn-23843.exe
1164	Unicorn-29489.exe
540	Unicorn-63959.exe
844	Unicorn-27094.exe
1104	Unicorn-29932.exe
1836	Unicorn-46958.exe
2840	Unicorn-32480.exe
1636	Unicorn-58131.exe
1776	Unicorn-34669.exe
624	Unicorn-54535.exe
888	Unicorn-43295.exe
752	Unicorn-45843.exe
2828	Unicorn-11997.exe
2736	Unicorn-34411.exe
2944	Unicorn-14545.exe
2596	Unicorn-42247.exe

Loads dropped DLL 64 IoCs

Processes:

8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exeUnicorn-50224.exeUnicorn-13065.exeUnicorn-33516.exeWerFault.exeUnicorn-42111.exeUnicorn-22245.exeUnicorn-1602.exeWerFault.exeWerFault.exeUnicorn-23837.exeUnicorn-57744.exeUnicorn-6452.exeUnicorn-52124.exeUnicorn-18762.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe
2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe
2524	Unicorn-50224.exe
2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe
2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe
2524	Unicorn-50224.exe
2544	Unicorn-13065.exe
2588	Unicorn-33516.exe
2588	Unicorn-33516.exe
2544	Unicorn-13065.exe
2524	Unicorn-50224.exe
2524	Unicorn-50224.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2516	WerFault.exe
2760	Unicorn-42111.exe
2760	Unicorn-42111.exe
2588	Unicorn-33516.exe
2588	Unicorn-33516.exe
2216	Unicorn-22245.exe
2216	Unicorn-22245.exe
2444	Unicorn-1602.exe
2544	Unicorn-13065.exe
2444	Unicorn-1602.exe
2544	Unicorn-13065.exe
2252	WerFault.exe
2252	WerFault.exe
2252	WerFault.exe
2252	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2252	WerFault.exe
2380	WerFault.exe
1048	Unicorn-23837.exe
2760	Unicorn-42111.exe
1048	Unicorn-23837.exe
2760	Unicorn-42111.exe
2708	Unicorn-57744.exe
2708	Unicorn-57744.exe
1948	Unicorn-6452.exe
1948	Unicorn-6452.exe
2444	Unicorn-1602.exe
2444	Unicorn-1602.exe
2332	Unicorn-52124.exe
2332	Unicorn-52124.exe
2692	Unicorn-18762.exe
2692	Unicorn-18762.exe
2216	Unicorn-22245.exe
2216	Unicorn-22245.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
1924	WerFault.exe
412	WerFault.exe
412	WerFault.exe
412	WerFault.exe
412	WerFault.exe
412	WerFault.exe
2084	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2516	2524	WerFault.exe	Unicorn-50224.exe
2252	2544	WerFault.exe	Unicorn-13065.exe
2380	2588	WerFault.exe	Unicorn-33516.exe
1924	2760	WerFault.exe	Unicorn-42111.exe
412	2216	WerFault.exe	Unicorn-22245.exe
2084	2444	WerFault.exe	Unicorn-1602.exe
1632	1048	WerFault.exe	Unicorn-23837.exe
2808	2708	WerFault.exe	Unicorn-57744.exe
2648	1948	WerFault.exe	Unicorn-6452.exe
2564	2332	WerFault.exe	Unicorn-52124.exe
2592	2692	WerFault.exe	Unicorn-18762.exe
1656	852	WerFault.exe	Unicorn-55536.exe
2420	1280	WerFault.exe	Unicorn-58017.exe
2276	1264	WerFault.exe	Unicorn-8313.exe
336	1880	WerFault.exe	Unicorn-25863.exe
804	584	WerFault.exe	Unicorn-44922.exe
688	592	WerFault.exe	Unicorn-59499.exe
560	384	WerFault.exe	Unicorn-651.exe
564	3016	WerFault.exe	Unicorn-7137.exe
1000	2232	WerFault.exe	Unicorn-43863.exe
300	1324	WerFault.exe	Unicorn-26479.exe
1936	1804	WerFault.exe	Unicorn-21383.exe
1892	2100	WerFault.exe	Unicorn-55290.exe
676	912	WerFault.exe	Unicorn-46959.exe
3068	788	WerFault.exe	Unicorn-32189.exe
2068	1304	WerFault.exe	Unicorn-8827.exe
1976	1528	WerFault.exe	Unicorn-19901.exe
2644	1980	WerFault.exe	Unicorn-34671.exe
2460	1716	WerFault.exe	Unicorn-2159.exe
2584	3024	WerFault.exe	Unicorn-47831.exe
2960	2344	WerFault.exe	Unicorn-37182.exe
1452	2204	WerFault.exe	Unicorn-29017.exe
1036	2824	WerFault.exe	Unicorn-13720.exe
3096	2432	WerFault.exe	Unicorn-20391.exe
3104	2500	WerFault.exe	Unicorn-47901.exe
3140	2472	WerFault.exe	Unicorn-28035.exe
3172	1676	WerFault.exe	Unicorn-44826.exe
3260	1680	WerFault.exe	Unicorn-844.exe
3252	1768	WerFault.exe	Unicorn-54949.exe
3340	2116	WerFault.exe	Unicorn-23843.exe
3332	2800	WerFault.exe	Unicorn-48420.exe
3352	2540	WerFault.exe	Unicorn-5296.exe
3424	932	WerFault.exe	Unicorn-54949.exe
3916	2676	WerFault.exe	Unicorn-27969.exe
3932	2780	WerFault.exe	Unicorn-50968.exe
3984	2688	WerFault.exe	Unicorn-24373.exe
4068	2816	WerFault.exe	Unicorn-26277.exe
3128	1704	WerFault.exe	Unicorn-23843.exe
3080	1164	WerFault.exe	Unicorn-29489.exe
3420	540	WerFault.exe	Unicorn-63959.exe
3388	844	WerFault.exe	Unicorn-27094.exe
3516	2424	WerFault.exe	Unicorn-18192.exe
3532	2712	WerFault.exe	Unicorn-61315.exe
3684	1996	WerFault.exe	Unicorn-6759.exe
3788	1104	WerFault.exe	Unicorn-29932.exe
3808	2200	WerFault.exe	Unicorn-23171.exe
3824	320	WerFault.exe	Unicorn-27402.exe
3820	2452	WerFault.exe	Unicorn-42238.exe
4064	2840	WerFault.exe	Unicorn-32480.exe
3952	888	WerFault.exe	Unicorn-43295.exe
4192	1136	WerFault.exe	Unicorn-63946.exe
4208	1204	WerFault.exe	Unicorn-60807.exe
4224	1776	WerFault.exe	Unicorn-34669.exe
4248	2468	WerFault.exe	Unicorn-58618.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exeUnicorn-50224.exeUnicorn-13065.exeUnicorn-33516.exeUnicorn-42111.exeUnicorn-1602.exeUnicorn-22245.exeUnicorn-23837.exeUnicorn-57744.exeUnicorn-18762.exeUnicorn-52124.exeUnicorn-6452.exeUnicorn-53637.exeUnicorn-55536.exeUnicorn-58017.exeUnicorn-8313.exeUnicorn-25863.exeUnicorn-59499.exeUnicorn-651.exeUnicorn-44922.exeUnicorn-7137.exeUnicorn-43863.exeUnicorn-21383.exeUnicorn-26479.exeUnicorn-55290.exeUnicorn-46959.exeUnicorn-32189.exeUnicorn-8827.exeUnicorn-47831.exeUnicorn-34671.exeUnicorn-2159.exeUnicorn-19901.exeUnicorn-37182.exeUnicorn-13720.exeUnicorn-44826.exeUnicorn-26277.exeUnicorn-20391.exeUnicorn-47901.exeUnicorn-28035.exeUnicorn-29017.exeUnicorn-27969.exeUnicorn-48420.exeUnicorn-24373.exeUnicorn-50968.exeUnicorn-5296.exeUnicorn-844.exeUnicorn-23843.exeUnicorn-54949.exeUnicorn-54949.exeUnicorn-23843.exeUnicorn-29489.exeUnicorn-63959.exeUnicorn-27094.exeUnicorn-29932.exeUnicorn-46958.exeUnicorn-32480.exeUnicorn-58131.exeUnicorn-34669.exeUnicorn-54535.exeUnicorn-43295.exeUnicorn-11997.exeUnicorn-14545.exeUnicorn-23171.exeUnicorn-45843.exe

pid	process
2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe
2524	Unicorn-50224.exe
2544	Unicorn-13065.exe
2588	Unicorn-33516.exe
2760	Unicorn-42111.exe
2444	Unicorn-1602.exe
2216	Unicorn-22245.exe
1048	Unicorn-23837.exe
2708	Unicorn-57744.exe
2692	Unicorn-18762.exe
2332	Unicorn-52124.exe
1948	Unicorn-6452.exe
1700	Unicorn-53637.exe
852	Unicorn-55536.exe
1280	Unicorn-58017.exe
1264	Unicorn-8313.exe
1880	Unicorn-25863.exe
592	Unicorn-59499.exe
384	Unicorn-651.exe
584	Unicorn-44922.exe
3016	Unicorn-7137.exe
2232	Unicorn-43863.exe
1804	Unicorn-21383.exe
1324	Unicorn-26479.exe
2100	Unicorn-55290.exe
912	Unicorn-46959.exe
788	Unicorn-32189.exe
1304	Unicorn-8827.exe
3024	Unicorn-47831.exe
1980	Unicorn-34671.exe
1716	Unicorn-2159.exe
1528	Unicorn-19901.exe
2344	Unicorn-37182.exe
2824	Unicorn-13720.exe
1676	Unicorn-44826.exe
2816	Unicorn-26277.exe
2432	Unicorn-20391.exe
2500	Unicorn-47901.exe
2472	Unicorn-28035.exe
2204	Unicorn-29017.exe
2676	Unicorn-27969.exe
2800	Unicorn-48420.exe
2688	Unicorn-24373.exe
2780	Unicorn-50968.exe
2540	Unicorn-5296.exe
1680	Unicorn-844.exe
1704	Unicorn-23843.exe
1768	Unicorn-54949.exe
932	Unicorn-54949.exe
2116	Unicorn-23843.exe
1164	Unicorn-29489.exe
540	Unicorn-63959.exe
844	Unicorn-27094.exe
1104	Unicorn-29932.exe
1836	Unicorn-46958.exe
2840	Unicorn-32480.exe
1636	Unicorn-58131.exe
1776	Unicorn-34669.exe
624	Unicorn-54535.exe
888	Unicorn-43295.exe
2828	Unicorn-11997.exe
2944	Unicorn-14545.exe
2200	Unicorn-23171.exe
752	Unicorn-45843.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exeUnicorn-50224.exeUnicorn-33516.exeUnicorn-13065.exeUnicorn-42111.exeUnicorn-22245.exeUnicorn-1602.exeUnicorn-23837.exe

description	pid	process	target process
PID 2200 wrote to memory of 2524	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-50224.exe
PID 2200 wrote to memory of 2524	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-50224.exe
PID 2200 wrote to memory of 2524	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-50224.exe
PID 2200 wrote to memory of 2524	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-50224.exe
PID 2524 wrote to memory of 2544	2524	Unicorn-50224.exe	Unicorn-13065.exe
PID 2524 wrote to memory of 2544	2524	Unicorn-50224.exe	Unicorn-13065.exe
PID 2524 wrote to memory of 2544	2524	Unicorn-50224.exe	Unicorn-13065.exe
PID 2524 wrote to memory of 2544	2524	Unicorn-50224.exe	Unicorn-13065.exe
PID 2200 wrote to memory of 2588	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-33516.exe
PID 2200 wrote to memory of 2588	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-33516.exe
PID 2200 wrote to memory of 2588	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-33516.exe
PID 2200 wrote to memory of 2588	2200	8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe	Unicorn-33516.exe
PID 2588 wrote to memory of 2760	2588	Unicorn-33516.exe	Unicorn-42111.exe
PID 2588 wrote to memory of 2760	2588	Unicorn-33516.exe	Unicorn-42111.exe
PID 2588 wrote to memory of 2760	2588	Unicorn-33516.exe	Unicorn-42111.exe
PID 2588 wrote to memory of 2760	2588	Unicorn-33516.exe	Unicorn-42111.exe
PID 2544 wrote to memory of 2444	2544	Unicorn-13065.exe	Unicorn-1602.exe
PID 2544 wrote to memory of 2444	2544	Unicorn-13065.exe	Unicorn-1602.exe
PID 2544 wrote to memory of 2444	2544	Unicorn-13065.exe	Unicorn-1602.exe
PID 2544 wrote to memory of 2444	2544	Unicorn-13065.exe	Unicorn-1602.exe
PID 2524 wrote to memory of 2216	2524	Unicorn-50224.exe	Unicorn-22245.exe
PID 2524 wrote to memory of 2216	2524	Unicorn-50224.exe	Unicorn-22245.exe
PID 2524 wrote to memory of 2216	2524	Unicorn-50224.exe	Unicorn-22245.exe
PID 2524 wrote to memory of 2216	2524	Unicorn-50224.exe	Unicorn-22245.exe
PID 2524 wrote to memory of 2516	2524	Unicorn-50224.exe	WerFault.exe
PID 2524 wrote to memory of 2516	2524	Unicorn-50224.exe	WerFault.exe
PID 2524 wrote to memory of 2516	2524	Unicorn-50224.exe	WerFault.exe
PID 2524 wrote to memory of 2516	2524	Unicorn-50224.exe	WerFault.exe
PID 2760 wrote to memory of 1048	2760	Unicorn-42111.exe	Unicorn-23837.exe
PID 2760 wrote to memory of 1048	2760	Unicorn-42111.exe	Unicorn-23837.exe
PID 2760 wrote to memory of 1048	2760	Unicorn-42111.exe	Unicorn-23837.exe
PID 2760 wrote to memory of 1048	2760	Unicorn-42111.exe	Unicorn-23837.exe
PID 2588 wrote to memory of 2708	2588	Unicorn-33516.exe	Unicorn-57744.exe
PID 2588 wrote to memory of 2708	2588	Unicorn-33516.exe	Unicorn-57744.exe
PID 2588 wrote to memory of 2708	2588	Unicorn-33516.exe	Unicorn-57744.exe
PID 2588 wrote to memory of 2708	2588	Unicorn-33516.exe	Unicorn-57744.exe
PID 2216 wrote to memory of 2692	2216	Unicorn-22245.exe	Unicorn-18762.exe
PID 2216 wrote to memory of 2692	2216	Unicorn-22245.exe	Unicorn-18762.exe
PID 2216 wrote to memory of 2692	2216	Unicorn-22245.exe	Unicorn-18762.exe
PID 2216 wrote to memory of 2692	2216	Unicorn-22245.exe	Unicorn-18762.exe
PID 2444 wrote to memory of 1948	2444	Unicorn-1602.exe	Unicorn-6452.exe
PID 2444 wrote to memory of 1948	2444	Unicorn-1602.exe	Unicorn-6452.exe
PID 2444 wrote to memory of 1948	2444	Unicorn-1602.exe	Unicorn-6452.exe
PID 2444 wrote to memory of 1948	2444	Unicorn-1602.exe	Unicorn-6452.exe
PID 2544 wrote to memory of 2332	2544	Unicorn-13065.exe	Unicorn-52124.exe
PID 2544 wrote to memory of 2332	2544	Unicorn-13065.exe	Unicorn-52124.exe
PID 2544 wrote to memory of 2332	2544	Unicorn-13065.exe	Unicorn-52124.exe
PID 2544 wrote to memory of 2332	2544	Unicorn-13065.exe	Unicorn-52124.exe
PID 2544 wrote to memory of 2252	2544	Unicorn-13065.exe	WerFault.exe
PID 2544 wrote to memory of 2252	2544	Unicorn-13065.exe	WerFault.exe
PID 2544 wrote to memory of 2252	2544	Unicorn-13065.exe	WerFault.exe
PID 2544 wrote to memory of 2252	2544	Unicorn-13065.exe	WerFault.exe
PID 2588 wrote to memory of 2380	2588	Unicorn-33516.exe	WerFault.exe
PID 2588 wrote to memory of 2380	2588	Unicorn-33516.exe	WerFault.exe
PID 2588 wrote to memory of 2380	2588	Unicorn-33516.exe	WerFault.exe
PID 2588 wrote to memory of 2380	2588	Unicorn-33516.exe	WerFault.exe
PID 1048 wrote to memory of 1700	1048	Unicorn-23837.exe	Unicorn-53637.exe
PID 1048 wrote to memory of 1700	1048	Unicorn-23837.exe	Unicorn-53637.exe
PID 1048 wrote to memory of 1700	1048	Unicorn-23837.exe	Unicorn-53637.exe
PID 1048 wrote to memory of 1700	1048	Unicorn-23837.exe	Unicorn-53637.exe
PID 2760 wrote to memory of 852	2760	Unicorn-42111.exe	Unicorn-55536.exe
PID 2760 wrote to memory of 852	2760	Unicorn-42111.exe	Unicorn-55536.exe
PID 2760 wrote to memory of 852	2760	Unicorn-42111.exe	Unicorn-55536.exe
PID 2760 wrote to memory of 852	2760	Unicorn-42111.exe	Unicorn-55536.exe

C:\Users\Admin\AppData\Local\Temp\8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe
"C:\Users\Admin\AppData\Local\Temp\8b0f74259b61192889d953756159c9dd731ee96b09395806b343abfe7b44ae4a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8313.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46959.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27969.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
9⤵
- Executes dropped EXE
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
10⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
11⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19513.exe
12⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
13⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24874.exe
14⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30682.exe
15⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
14⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
13⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
12⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
11⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2440.exe
10⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
12⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
13⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
13⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
11⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
10⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
9⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44217.exe
10⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
11⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20862.exe
12⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16748.exe
13⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 236
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
10⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
9⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61315.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29808.exe
9⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
10⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
11⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27104.exe
12⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
13⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
13⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
12⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
11⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
10⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
9⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
8⤵
- Program crash
PID:676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
7⤵
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32189.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24373.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18192.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
9⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
10⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37322.exe
11⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29734.exe
12⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52023.exe
13⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64077.exe
14⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
14⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 236
12⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
11⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
10⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
9⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
8⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31929.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37527.exe
10⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62346.exe
11⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53446.exe
12⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8844 -s 216
12⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 236
11⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
9⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
8⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
7⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58388.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4057.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7964.exe
11⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-19296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19296.exe
12⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 236
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 216
9⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
8⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 220
7⤵
- Program crash
PID:3068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
6⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58508.exe
8⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3542.exe
9⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5466.exe
10⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
11⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53262.exe
12⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36724.exe
13⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59704.exe
14⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 236
14⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 220
13⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
12⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
11⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42493.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36060.exe
11⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30494.exe
12⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9392.exe
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
13⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37973.exe
8⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24498.exe
9⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
10⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22128.exe
11⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
12⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11984.exe
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 216
13⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
11⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
10⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
9⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
7⤵
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
7⤵
- Program crash
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50968.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23171.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4590.exe
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52815.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
11⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11256.exe
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
12⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 236
11⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
9⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
8⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6349.exe
7⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44719.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
10⤵
PID:8904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13151.exe
11⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8904 -s 236
11⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
9⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
8⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
- Program crash
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
6⤵
- Program crash
PID:336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48420.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4211.exe
7⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63459.exe
8⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12916.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6243.exe
11⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
12⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
10⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32.exe
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34481.exe
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
10⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49214.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36262.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
9⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26547.exe
10⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30093.exe
11⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
12⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 216
12⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
11⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 236
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 216
8⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 220
7⤵
- Program crash
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
6⤵
- Program crash
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47831.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27094.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58618.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25433.exe
8⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 200
11⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
9⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
8⤵
- Program crash
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
7⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53037.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48736.exe
9⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41638.exe
10⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47143.exe
11⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
11⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
10⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
8⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
6⤵
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
5⤵
- Program crash
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-651.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2159.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42247.exe
8⤵
- Executes dropped EXE
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37386.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32974.exe
11⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38965.exe
12⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 236
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
11⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4322.exe
8⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48026.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20677.exe
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29899.exe
11⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 236
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
9⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
8⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64073.exe
8⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37834.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57973.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35912.exe
12⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
13⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
13⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 236
11⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15553.exe
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
10⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1191.exe
11⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
11⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
8⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
7⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe
7⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
8⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35908.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
10⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 236
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
9⤵
PID:5640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 216
8⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18637.exe
7⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18524.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
10⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52652.exe
11⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
11⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
10⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
9⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
8⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
7⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 240
6⤵
- Program crash
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-844.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34411.exe
7⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-57839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57839.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe
9⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61135.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6475.exe
11⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56149.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 216
12⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
11⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
10⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10557.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4628.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16409.exe
10⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
11⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6253.exe
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 220
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26733.exe
7⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
10⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
11⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
9⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
8⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 220
7⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42238.exe
6⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26215.exe
7⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10666.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3533.exe
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2868.exe
10⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48505.exe
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
11⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
10⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
8⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
7⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
6⤵
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
5⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44922.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34671.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54949.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3355.exe
7⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
8⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49074.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19993.exe
10⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50478.exe
12⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 236
12⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 236
10⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 220
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28160.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5839.exe
10⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42580.exe
11⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57997.exe
12⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
12⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58427.exe
7⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48550.exe
8⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61569.exe
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13483.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25398.exe
11⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
10⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
9⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
7⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
6⤵
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40000.exe
7⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28899.exe
8⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43304.exe
10⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58847.exe
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
11⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
9⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
8⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41202.exe
7⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42848.exe
8⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55523.exe
9⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12007.exe
10⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
10⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 236
9⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
8⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 240
7⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
6⤵
- Program crash
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23843.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32656.exe
6⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3931.exe
7⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15076.exe
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34444.exe
9⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
10⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32261.exe
11⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
11⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
10⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
9⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
8⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 236
7⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
6⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 220
5⤵
- Program crash
PID:804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33516.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43863.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
9⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55539.exe
10⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23646.exe
11⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2035.exe
12⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10538.exe
13⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
14⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 236
14⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
13⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
11⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43260.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47674.exe
10⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
11⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47194.exe
12⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
10⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 220
9⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7819.exe
8⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25022.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36109.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32502.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
12⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
13⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
11⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
9⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
8⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11997.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8306.exe
8⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35301.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
11⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
12⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55378.exe
13⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10540 -s 216
13⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
11⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51689.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29414.exe
9⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-922.exe
10⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 236
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
8⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
7⤵
- Program crash
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13720.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32480.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
8⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59084.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36421.exe
11⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47258.exe
12⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39037.exe
13⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
13⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
12⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
11⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
10⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10573.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36256.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37954.exe
11⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11193.exe
12⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 236
12⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
8⤵
- Program crash
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45828.exe
7⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34508.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55351.exe
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45023.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18378.exe
11⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
12⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 236
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
11⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
7⤵
- Program crash
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37182.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29489.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52618.exe
8⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13872.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56877.exe
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40389.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38306.exe
12⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
13⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 216
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29095.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30009.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
10⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29446.exe
11⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38539.exe
12⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
12⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
11⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
9⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
8⤵
- Program crash
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
7⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60725.exe
8⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42297.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18585.exe
10⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48830.exe
11⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
12⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
12⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
11⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
8⤵
- Program crash
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
7⤵
- Program crash
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60807.exe
7⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59677.exe
8⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19968.exe
10⤵
PID:6900

C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50975.exe
11⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6900 -s 216
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
10⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 216
8⤵
- Program crash
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28047.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43297.exe
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25112.exe
9⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe
10⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16742.exe
11⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 236
10⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 236
9⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
8⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
7⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
6⤵
- Program crash
PID:564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
5⤵
- Program crash
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21383.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58131.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39117.exe
8⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62602.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29173.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59673.exe
11⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15961.exe
12⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14599.exe
13⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 236
13⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
12⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
9⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24160.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16789.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64098.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32821.exe
11⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63736.exe
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 216
12⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13631.exe
7⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55781.exe
9⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
10⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52685.exe
11⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18429.exe
12⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 236
12⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 236
8⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
7⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51405.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52414.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15665.exe
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
11⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1203.exe
12⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
12⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
10⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48486.exe
7⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42365.exe
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-11993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11993.exe
9⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15436.exe
10⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61832.exe
11⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
11⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
10⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
9⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
8⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
7⤵
- Program crash
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
6⤵
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15831.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53095.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63898.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7690.exe
10⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-645.exe
11⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58265.exe
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 236
12⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18533.exe
8⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-13386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13386.exe
9⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1651.exe
10⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
10⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
9⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
8⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
7⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
6⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16707.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9389.exe
8⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62095.exe
9⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
10⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 236
10⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 236
9⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
8⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
6⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
5⤵
- Program crash
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26479.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26277.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45843.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
8⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43493.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-42056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42056.exe
12⤵
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34801.exe
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41857.exe
11⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
12⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
8⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61502.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30812.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29130.exe
9⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe
10⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22744.exe
11⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10560 -s 236
11⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 220
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 220
9⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
8⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
7⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
7⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13257.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26297.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33550.exe
10⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60927.exe
11⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 236
11⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18842.exe
8⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24697.exe
9⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50926.exe
10⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48890.exe
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
10⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
9⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
8⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
6⤵
- Program crash
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30084.exe
6⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26561.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40918.exe
8⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54773.exe
9⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-420.exe
10⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
10⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
9⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
8⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
7⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
6⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
5⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29017.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21194.exe
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32091.exe
10⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
11⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
12⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 236
10⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
9⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58292.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23194.exe
8⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60045.exe
9⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
10⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34652.exe
11⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
11⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
10⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
8⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
7⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
6⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1188.exe
7⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17181.exe
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
9⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4527.exe
10⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-696.exe
11⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 236
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
10⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
9⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
8⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
7⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
6⤵
- Program crash
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46958.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
6⤵
PID:280

C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8305.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55454.exe
9⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31484.exe
10⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56950.exe
11⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 236
11⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 216
10⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
9⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
8⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 236
7⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4728.exe
6⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
7⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20686.exe
8⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
9⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51459.exe
10⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 216
10⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
9⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
8⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
7⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
6⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Program crash
PID:1892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
4⤵
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2380

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13147.exe

Filesize
184KB

MD5
61de651b6573eed52888f1db529fbf06

SHA1
d43dbe9ffc79198abe63132cc33e9fe162354a6d

SHA256
bcfcd4a77f44ae0eee0623ec950a7f41ade5c7387093dbc6d3b48aa1462fe5cd

SHA512
0d2b76dd3244ab5f2888ca0736c2033ba8f500ba3442e4c0f198f289adf2cfef55850fbf512a9454c8be9d21109a6863a61cbb2d87ddba9aaeb567547c37da6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe

Filesize
184KB

MD5
d7f34a54b346720ec196efb2f769bb6d

SHA1
789cdb338692d6dd7d75ad6b7e4345d3749b623c

SHA256
9efc24975217b6f837d6a8e99fada2ebc4a5aa3c8fd268a5537b93ab65be6eab

SHA512
79d51995297e7cc5fc822fbffa798b83f201483bf2bab4ea661e646d1fec234d23c69f78ea08993dc3b57d6c09a5b7d89211ca8b14bd976f1e99bd6cab76581f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28762.exe

Filesize
184KB

MD5
e4102ef47e73a499bb72462805b01295

SHA1
7a830130bed5c4166c11f4a6148a723c3b991dc4

SHA256
975c0b13b309cb253808e02d1ffc2892ade8bb2e305c1bc0610f863cca4cabfd

SHA512
2f9228de9bed51d309fcfc9f484fcf77f793086706cdba5e00c0bf217bd493a0791550d9617eea85c2c6d94fa818fabd084cff5024ec82a41c05c6b254575cfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe

Filesize
184KB

MD5
580ee0a6c0658c615dcf1e707cbdffa6

SHA1
a5fa24f3f4972fcd2c28ca0c40344564a1ef73af

SHA256
9563e452d18de8a7d65a1e469e255f38c1cd7b5d2fca3d3006e359ca9ab92b6c

SHA512
54041fb52aea6af2c1ad3ed93dee7c5fa4062d2efad8f462be728868572ba9556c1d0c07ad64b01df179bd93ee9b946dc59e29bdb091c58c7dc9673312bdd670

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40953.exe

Filesize
184KB

MD5
28ff5365cdfcc413a5749fd318367f6e

SHA1
f24b670a40a18ac0ecb5436666d9d85855b8de8d

SHA256
c0178990c4620e5ce3c0f1b8df1b6e4323895a7c34f7843fde439a68e23a67d1

SHA512
242f3122d1b182e8fbdc30c2cf3c3e547c27c7fed611d85cbc2ca600ac7f94e378ba8d02627075732852456a667e90216ba135bb449ff8535fa81aa300bb4387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe

Filesize
184KB

MD5
1e7e9e3276b2f09f7dd7ddc91200e0f5

SHA1
3aa2f9406d568ff5d4b8013f1edb491e95575547

SHA256
0aca3c6b45c463b9557ac953827bf50796b0f1a73b7630e315e1025914fe8f8e

SHA512
9ef6a031a54fc789b5f687e29e162aed1d42acf7aa99e4e7f11267b43a72597d3e1200479b815a964f0453d42431979ca0b2db0860364dc8b62f67dbc2a6af44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6017.exe

Filesize
184KB

MD5
91d46aff0c1c59d67b0db04998792cc9

SHA1
9c8c38d245c1f8954f84939ae9bd9d38c66bea92

SHA256
c30905e38288ea913033b6f6ca95ba18602165076c80f0b38c5483bcb0d33980

SHA512
5d2ded85e5803a541a4b1cc00e16b3b7423abd970375b72ec933b09d64961cb91bd5c5f4a4179a3eb0e040d98d05864f07aeac3b033713c8ef3e59f81f3e24e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64058.exe

Filesize
184KB

MD5
cdd02971237ac8d6efefeb2f33388f79

SHA1
db7a6bc099ade7314b6b9ec141cc329698d2eaa6

SHA256
028299aa1a81e45351af4ddd8a48e60a9192ae33b271c0c54318f212db52a5cb

SHA512
307f0d1d6fdb9aee89769b26bf45a1b1a847ad9287b1625bbdb483bdcf5dc486b2e291539d0fe41d3a84e2aed47fc2fb718b92971049f4933442b4a182fb03a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe

Filesize
184KB

MD5
029e2c59c4e2f73a683e12df23de5494

SHA1
656ef826d5817d11305968edb301b0fa39e83969

SHA256
240e64cd2531362c8fac267b3b1d48937369187f545448347160503389c4b36a

SHA512
7f26ece88b79647f969cf6a03ae683243251af2db6efc5b542255b24a926d0d26f747e251310697c59311d3d34012e88fa850df3b66b01d746835c57952bb991

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6759.exe

Filesize
184KB

MD5
48e93db4fb5eab9a17bf4225facd521e

SHA1
acbcc518d4e286dbd754f7b4573a070c77a11f50

SHA256
295bf0bd566f0f83cafce6ed52e5883b31f323a64a1a2429814eba1e96f50a97

SHA512
56aa5c95dd61a671037222817205cd989328b903c887caeee4a4863ce3ee28178b7fb506eead34d4224dc2707055e55dc70b389ea74c0ceae3c5a6b914429651

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe

Filesize
184KB

MD5
74519e4d20eec4647e157be47f379cc5

SHA1
95e73f4d899d22582d0afdde5898795eb2f3492c

SHA256
e7baa79ebb8935618d78fae72e74cec838ef71acbb528ed71106515f8e1927a8

SHA512
8791cb775ca06afd40caca884c41a2640352b3c2392304520c5c5715599ee0e694e92ec849e0ef206b680fa830a8ed1c3df7c73b813f26f63ff362b0b3469c9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe

Filesize
184KB

MD5
b5e7065a599142a41b68c032eecb74b7

SHA1
250c852f6a24ec795f977e01236626d0c67d51b3

SHA256
bdde9636d82de4d2541e8a857dbcc55e58c6f1ac3993910c44ee48031ca613a7

SHA512
6940883f88777cd904fa42fe53ccee487121a1357ac7739e6e882f0f9f1f10c74c61263699d1816af7906f493d0e593805555c66c6bb41dac5c100ff6b7a471f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13065.exe

Filesize
184KB

MD5
0592a86d9e2e3ba3a8a19cb6a57e6ada

SHA1
a5c88a1e625c0ae8a6c22c026bc9937632dc253c

SHA256
6c216739f5319685caeab19f6cac0484aeabe627a57f91dfdf02903736d7323d

SHA512
b1c7cc9c373207aa878fad8494b66f10b525de22e4dc72b90bbac6bb0d9cd24fd6bad87235a4c8d0535fed17ca1e3b1d29b1cdf1221b5122ee8c1c1a3fac9860

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1602.exe

Filesize
184KB

MD5
3a44dc7b803a02b040f05743958afc28

SHA1
db0c996ccb9c9e119aff63581bc1e38ee4a6466a

SHA256
89cab06b8735fb23d642f74a45312f7a6c04ccf55ac70513239425b27262ded4

SHA512
0b9866861b05ce7dd8121f283e3bf94cefe4753e1d3308f1b6db44be861feca32f5addaeea473c9018fe38a85803771c3999016ead9089cd234e0bcdb514763f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe

Filesize
184KB

MD5
6ea5055052c192b102b5f293b0dd41d2

SHA1
130b6cf658557a2f95355ed2178f431a9ab17c9e

SHA256
1074ad0323725e96852ad13d4a42969a4b8fbf4787d8ccabe19aedee447dd98b

SHA512
40f0bdb74cc50e1316d1c45063d28cecb870eacfbeefaa4072f1baeac6e4cc5f67b4de29154c0e426f194b998632ca6ccaf6e9e02306f62f3f4e1c69b6caf0c5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22245.exe

Filesize
184KB

MD5
7fa468eaa224f59fffd2a4adcea3d5d0

SHA1
ef45981a88318cb6ab76666ba30735ca45ee1c4a

SHA256
a89ef5e8b1257bc906422390676133cae681b7d7050dabf8b08befcf959f888d

SHA512
eec9b0d91d9fe08a054ca640f92f75509254f971badef2cf776ba8c3b08daff79443a231dc1bdaad20a032990d0a0bed244ff8bbf4c1fceaae039fc7df77202d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe

Filesize
184KB

MD5
29def2bbb5a3bc4bf64befcec2282f23

SHA1
89ad05b22d4c6380e779cbb105422ded4edeeaca

SHA256
b0fefa63ef087a8e1fa8ce1d6b557ddf86c57ab3b6ba908e9b3533c3168f22ba

SHA512
33f01ff83dfa0edcb9fd40fdf11aa8fad1257be0b571cdc2591dd4bffa57638d124fcbdc8053a6ef2dc4fb902b58d258d105c416ba4284b123910ee80d649205

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33516.exe

Filesize
184KB

MD5
bbeb1904e953133fdbeb8394a01ac712

SHA1
a6711966c1dc0a3076ce8fa005960010f8961ab0

SHA256
03282ba7f240fa9405ce7b4e0d46bb250eb11d47f99c51b6edba00fb27412481

SHA512
e9384e485b4e21ac3b23329c39ff08510a5ffeed28d6313c8a3b74817ac44c2f2ddb5d242df0ab0c7b1d3a06714c52c3814a2b43b6169b2f59c094d28f76c39d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe

Filesize
184KB

MD5
064e71582f02a92ded39cce061881885

SHA1
567fbb4bb9c24bdeca27bba63692438f44160a63

SHA256
d00082a6e5a0a710af85e4d7b4b3264fb62ed47fcf6342b08af545120584c1d1

SHA512
36d0dfbf483fbd8ef68884e61ca745c457d678f7ae5292d9651c14fdc1cf575301809de45472bb1ea27d546e3ab8b40db0bb27b7f1cbd9fac6c0f7467a3c1df8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50224.exe

Filesize
184KB

MD5
022e087ee34d59b2e2c2beb573feb55a

SHA1
54d3f7d839975cafe39d3f2d72244dfbe10432c5

SHA256
d853af8bcc511fdd96ab50a202fed366a691ee798791f1bf1842adb654a30dc1

SHA512
45169484f9d23f76c43dada7cd7ad0c3e966827accdb576415a9ed47aa7f640a3d5eceff60fb47fe0ac28f29313e60a68e92dca33866bc13e6d4f112570c47ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52124.exe

Filesize
184KB

MD5
132b42ee388af23a835b37f667f0530c

SHA1
734509cb5ca7d8c0352f83a7bb30201d31c55b85

SHA256
336242c4da95d94802ed21fb568229d55b6c2248501b595ad1bce56063643c81

SHA512
5066267838189e5e93cef07419f65c9048de6a52cb7529707caaf2709a67555c8f472fc59467b2d15b6a241e44977c3da18bfe0b17a32d54e60fa3d8a94f60fc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe

Filesize
184KB

MD5
2555c7b850fae9a6abd4678c76e3cc41

SHA1
22a8ba0a1afbdfde2e388e4cbe699963584e1706

SHA256
1dc8f79763e08e44479a712dcf5cf5ba1a30682914dda2969439a8abecc180e2

SHA512
b238a4e653c93b598cbd3eab6a9b55081e099773d8011318787e80bb177babf2875f57ba9b261964bde9b80c15d2d1598eff1e562aeae82bd631690b8fe5d313

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55536.exe

Filesize
184KB

MD5
8bddb3da34f42a4d5100ec12c77cb556

SHA1
39bb66ea88008e5ed00aa6aa4a04f83f08e8acd3

SHA256
8ee6af19fd3388bdee8a9658306d2c0cc08de72892c6a02ecc0e8b157745e321

SHA512
5e24df2dd459681760f0e64a96d5d2274bd42b60dc1a4952e94e20f14d41e1190a5234775b3bca1ad95c31141f7d63426d123b39b6336c11e35c272a772111a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58017.exe

Filesize
184KB

MD5
eb48dbef58d18b30e6e4a9b6df2a9214

SHA1
356f47a4244b5a89318c08ada9b1d7ef0090fbfc

SHA256
0ad359a4bf9a6c23444d2c18c66a43c190859c67a1a385577efd802fa1fc1e3a

SHA512
470c27ed9d1ec25ed0dc6a493a3c499b58aeb40eeb1c24c2827f04967459a8410c40310c71b6292c41a26bca9ae06fcf739f05cf7a6bf9be4768faf633c7574d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe

Filesize
184KB

MD5
94c5f933fb66b73a15c06180c83ec7f8

SHA1
29f4f773153843aa6b0e85d0bb43dfd7005427da

SHA256
146e9cc61d596f212f1e0c26b304fe3b78298c9d8bb3023a9c838b80f16b5d26

SHA512
b103a70ca1c956f9197ea2e74380f14044f40dd72050737dbb2026176ff5a0ff6095374164ed3f25b94409333ee7895e86e923e3421f620072ad1c8812c07d1b

Download Submit