a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
Size

184KB
MD5

c7387fc82c2f366985a4c980768ead49
SHA1

6f855bf09b2d6876a157d3464735f8b02d504f7a
SHA256

a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58
SHA512

a8e372c81d15b108f03af75d677d9d93ec2c8d68c9bf026271346e00b0dd797c41ff7577224ab78a3e00939a7c4023308f69c459260fbcac41e126f9d15a50ca
SSDEEP

1536:p7k/6yZAu3Lxo4C1tJOAlhwMH2IyvZclxmdtx7LR2+zewthl5hj5nizpvs:hHA3LxoX7JO0dHtWe47LRxpthlnViFE

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-6168.exeUnicorn-31400.exeUnicorn-27569.exeUnicorn-9482.exeUnicorn-26333.exeUnicorn-26333.exeUnicorn-64646.exeUnicorn-18975.exeUnicorn-18975.exeUnicorn-18460.exeUnicorn-38326.exeUnicorn-46248.exeUnicorn-44136.exeUnicorn-4727.exeUnicorn-5303.exeUnicorn-25169.exeUnicorn-7249.exeUnicorn-13129.exeUnicorn-32995.exeUnicorn-46186.exeUnicorn-46186.exeUnicorn-53114.exeUnicorn-20634.exeUnicorn-46762.exeUnicorn-60125.exeUnicorn-24800.exeUnicorn-44666.exeUnicorn-8724.exeUnicorn-11739.exeUnicorn-24546.exeUnicorn-44988.exeUnicorn-9492.exeUnicorn-12507.exeUnicorn-25314.exeUnicorn-4251.exeUnicorn-52767.exeUnicorn-17442.exeUnicorn-5019.exeUnicorn-5019.exeUnicorn-421.exeUnicorn-50499.exeUnicorn-4827.exeUnicorn-11981.exeUnicorn-11981.exeUnicorn-44462.exeUnicorn-5821.exeUnicorn-5821.exeUnicorn-7767.exeUnicorn-12173.exeUnicorn-45230.exeUnicorn-28401.exeUnicorn-28209.exeUnicorn-12391.exeUnicorn-39095.exeUnicorn-25582.exeUnicorn-25582.exeUnicorn-12967.exeUnicorn-26865.exeUnicorn-26865.exeUnicorn-26350.exeUnicorn-46216.exeUnicorn-6807.exeUnicorn-49864.exeUnicorn-62671.exe

pid	process
2644	Unicorn-6168.exe
2172	Unicorn-31400.exe
1172	Unicorn-27569.exe
1436	Unicorn-9482.exe
2760	Unicorn-26333.exe
2800	Unicorn-26333.exe
2152	Unicorn-64646.exe
2416	Unicorn-18975.exe
1788	Unicorn-18975.exe
1892	Unicorn-18460.exe
2904	Unicorn-38326.exe
1872	Unicorn-46248.exe
1764	Unicorn-44136.exe
3064	Unicorn-4727.exe
2320	Unicorn-5303.exe
1816	Unicorn-25169.exe
612	Unicorn-7249.exe
2436	Unicorn-13129.exe
1544	Unicorn-32995.exe
1992	Unicorn-46186.exe
3028	Unicorn-46186.exe
888	Unicorn-53114.exe
1612	Unicorn-20634.exe
1176	Unicorn-46762.exe
3052	Unicorn-60125.exe
920	Unicorn-24800.exe
988	Unicorn-44666.exe
2872	Unicorn-8724.exe
2408	Unicorn-11739.exe
2816	Unicorn-24546.exe
1704	Unicorn-44988.exe
2164	Unicorn-9492.exe
2656	Unicorn-12507.exe
2116	Unicorn-25314.exe
2716	Unicorn-4251.exe
2464	Unicorn-52767.exe
2744	Unicorn-17442.exe
2520	Unicorn-5019.exe
2496	Unicorn-5019.exe
2768	Unicorn-421.exe
2976	Unicorn-50499.exe
1424	Unicorn-4827.exe
1148	Unicorn-11981.exe
1868	Unicorn-11981.exe
2148	Unicorn-44462.exe
2296	Unicorn-5821.exe
2312	Unicorn-5821.exe
2040	Unicorn-7767.exe
2276	Unicorn-12173.exe
1124	Unicorn-45230.exe
448	Unicorn-28401.exe
1776	Unicorn-28209.exe
1568	Unicorn-12391.exe
632	Unicorn-39095.exe
1060	Unicorn-25582.exe
2044	Unicorn-25582.exe
2224	Unicorn-12967.exe
1656	Unicorn-26865.exe
2248	Unicorn-26865.exe
2984	Unicorn-26350.exe
2068	Unicorn-46216.exe
3048	Unicorn-6807.exe
1332	Unicorn-49864.exe
3032	Unicorn-62671.exe

Loads dropped DLL 64 IoCs

Processes:

a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exeUnicorn-6168.exeUnicorn-27569.exeUnicorn-31400.exeWerFault.exeUnicorn-26333.exeUnicorn-9482.exeUnicorn-26333.exeWerFault.exeWerFault.exeUnicorn-64646.exeUnicorn-18975.exeUnicorn-18975.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
2644	Unicorn-6168.exe
2644	Unicorn-6168.exe
2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
2644	Unicorn-6168.exe
2644	Unicorn-6168.exe
1172	Unicorn-27569.exe
1172	Unicorn-27569.exe
2172	Unicorn-31400.exe
2172	Unicorn-31400.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2172	Unicorn-31400.exe
2800	Unicorn-26333.exe
2172	Unicorn-31400.exe
1436	Unicorn-9482.exe
2800	Unicorn-26333.exe
1436	Unicorn-9482.exe
2760	Unicorn-26333.exe
2760	Unicorn-26333.exe
1172	Unicorn-27569.exe
1172	Unicorn-27569.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
1108	WerFault.exe
2704	WerFault.exe
1108	WerFault.exe
2152	Unicorn-64646.exe
2152	Unicorn-64646.exe
2416	Unicorn-18975.exe
2416	Unicorn-18975.exe
2800	Unicorn-26333.exe
2800	Unicorn-26333.exe
2760	Unicorn-26333.exe
2760	Unicorn-26333.exe
1788	Unicorn-18975.exe
1788	Unicorn-18975.exe
1436	Unicorn-9482.exe
1436	Unicorn-9482.exe
380	WerFault.exe
380	WerFault.exe
380	WerFault.exe
1516	WerFault.exe
380	WerFault.exe
1516	WerFault.exe
1516	WerFault.exe
1516	WerFault.exe
1516	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
380	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2844	2372	WerFault.exe	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
2584	2644	WerFault.exe	Unicorn-6168.exe
1108	1172	WerFault.exe	Unicorn-27569.exe
2704	2172	WerFault.exe	Unicorn-31400.exe
1516	2800	WerFault.exe	Unicorn-26333.exe
380	1436	WerFault.exe	Unicorn-9482.exe
2448	2760	WerFault.exe	Unicorn-26333.exe
1464	2152	WerFault.exe	Unicorn-64646.exe
2340	2416	WerFault.exe	Unicorn-18975.exe
1284	1892	WerFault.exe	Unicorn-18460.exe
2868	2904	WerFault.exe	Unicorn-38326.exe
1768	1788	WerFault.exe	Unicorn-18975.exe
2412	1872	WerFault.exe	Unicorn-46248.exe
2788	3064	WerFault.exe	Unicorn-4727.exe
1916	2320	WerFault.exe	Unicorn-5303.exe
2928	1816	WerFault.exe	Unicorn-25169.exe
2812	1764	WerFault.exe	Unicorn-44136.exe
2184	612	WerFault.exe	Unicorn-7249.exe
2736	2436	WerFault.exe	Unicorn-13129.exe
2460	1544	WerFault.exe	Unicorn-32995.exe
3024	3028	WerFault.exe	Unicorn-46186.exe
2540	1992	WerFault.exe	Unicorn-46186.exe
864	888	WerFault.exe	Unicorn-53114.exe
2792	1176	WerFault.exe	Unicorn-46762.exe
1672	1612	WerFault.exe	Unicorn-20634.exe
2348	920	WerFault.exe	Unicorn-24800.exe
1680	988	WerFault.exe	Unicorn-44666.exe
1132	3052	WerFault.exe	Unicorn-60125.exe
2180	2872	WerFault.exe	Unicorn-8724.exe
2604	2408	WerFault.exe	Unicorn-11739.exe
1532	1704	WerFault.exe	Unicorn-44988.exe
2096	2816	WerFault.exe	Unicorn-24546.exe
708	2656	WerFault.exe	Unicorn-12507.exe
2308	2164	WerFault.exe	Unicorn-9492.exe
1268	2716	WerFault.exe	Unicorn-4251.exe
1808	2116	WerFault.exe	Unicorn-25314.exe
3040	2520	WerFault.exe	Unicorn-5019.exe
2108	2768	WerFault.exe	Unicorn-421.exe
2380	1424	WerFault.exe	Unicorn-4827.exe
2676	2744	WerFault.exe	Unicorn-17442.exe
2592	2496	WerFault.exe	Unicorn-5019.exe
2860	2976	WerFault.exe	Unicorn-50499.exe
788	2464	WerFault.exe	Unicorn-52767.exe
3308	2312	WerFault.exe	Unicorn-5821.exe
3336	1568	WerFault.exe	Unicorn-12391.exe
3316	2296	WerFault.exe	Unicorn-5821.exe
3512	448	WerFault.exe	Unicorn-28401.exe
3584	2040	WerFault.exe	Unicorn-7767.exe
3820	2068	WerFault.exe	Unicorn-46216.exe
3896	2148	WerFault.exe	Unicorn-44462.exe
3980	1332	WerFault.exe	Unicorn-49864.exe
4004	1060	WerFault.exe	Unicorn-25582.exe
3084	2248	WerFault.exe	Unicorn-26865.exe
3260	1776	WerFault.exe	Unicorn-28209.exe
3912	2044	WerFault.exe	Unicorn-25582.exe
3252	1124	WerFault.exe	Unicorn-45230.exe
3480	1868	WerFault.exe	Unicorn-11981.exe
3212	2224	WerFault.exe	Unicorn-12967.exe
3932	2984	WerFault.exe	Unicorn-26350.exe
4060	1148	WerFault.exe	Unicorn-11981.exe
4208	1656	WerFault.exe	Unicorn-26865.exe
4484	3048	WerFault.exe	Unicorn-6807.exe
4664	632	WerFault.exe	Unicorn-39095.exe
4788	2276	WerFault.exe	Unicorn-12173.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exeUnicorn-6168.exeUnicorn-31400.exeUnicorn-27569.exeUnicorn-9482.exeUnicorn-26333.exeUnicorn-26333.exeUnicorn-18975.exeUnicorn-64646.exeUnicorn-18460.exeUnicorn-38326.exeUnicorn-18975.exeUnicorn-46248.exeUnicorn-44136.exeUnicorn-4727.exeUnicorn-5303.exeUnicorn-25169.exeUnicorn-7249.exeUnicorn-13129.exeUnicorn-32995.exeUnicorn-46186.exeUnicorn-46186.exeUnicorn-53114.exeUnicorn-20634.exeUnicorn-46762.exeUnicorn-24800.exeUnicorn-60125.exeUnicorn-44666.exeUnicorn-8724.exeUnicorn-11739.exeUnicorn-24546.exeUnicorn-44988.exeUnicorn-9492.exeUnicorn-12507.exeUnicorn-25314.exeUnicorn-4251.exeUnicorn-52767.exeUnicorn-17442.exeUnicorn-5019.exeUnicorn-5019.exeUnicorn-421.exeUnicorn-50499.exeUnicorn-4827.exeUnicorn-11981.exeUnicorn-11981.exeUnicorn-44462.exeUnicorn-7767.exeUnicorn-5821.exeUnicorn-5821.exeUnicorn-12173.exeUnicorn-45230.exeUnicorn-28401.exeUnicorn-28209.exeUnicorn-12391.exeUnicorn-39095.exeUnicorn-25582.exeUnicorn-25582.exeUnicorn-12967.exeUnicorn-26865.exeUnicorn-26865.exeUnicorn-26350.exeUnicorn-46216.exeUnicorn-6807.exeUnicorn-49864.exe

pid	process
2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
2644	Unicorn-6168.exe
2172	Unicorn-31400.exe
1172	Unicorn-27569.exe
1436	Unicorn-9482.exe
2760	Unicorn-26333.exe
2800	Unicorn-26333.exe
2416	Unicorn-18975.exe
2152	Unicorn-64646.exe
1892	Unicorn-18460.exe
2904	Unicorn-38326.exe
1788	Unicorn-18975.exe
1872	Unicorn-46248.exe
1764	Unicorn-44136.exe
3064	Unicorn-4727.exe
2320	Unicorn-5303.exe
1816	Unicorn-25169.exe
612	Unicorn-7249.exe
2436	Unicorn-13129.exe
1544	Unicorn-32995.exe
3028	Unicorn-46186.exe
1992	Unicorn-46186.exe
888	Unicorn-53114.exe
1612	Unicorn-20634.exe
1176	Unicorn-46762.exe
920	Unicorn-24800.exe
3052	Unicorn-60125.exe
988	Unicorn-44666.exe
2872	Unicorn-8724.exe
2408	Unicorn-11739.exe
2816	Unicorn-24546.exe
1704	Unicorn-44988.exe
2164	Unicorn-9492.exe
2656	Unicorn-12507.exe
2116	Unicorn-25314.exe
2716	Unicorn-4251.exe
2464	Unicorn-52767.exe
2744	Unicorn-17442.exe
2496	Unicorn-5019.exe
2520	Unicorn-5019.exe
2768	Unicorn-421.exe
2976	Unicorn-50499.exe
1424	Unicorn-4827.exe
1148	Unicorn-11981.exe
1868	Unicorn-11981.exe
2148	Unicorn-44462.exe
2040	Unicorn-7767.exe
2312	Unicorn-5821.exe
2296	Unicorn-5821.exe
2276	Unicorn-12173.exe
1124	Unicorn-45230.exe
448	Unicorn-28401.exe
1776	Unicorn-28209.exe
1568	Unicorn-12391.exe
632	Unicorn-39095.exe
2044	Unicorn-25582.exe
1060	Unicorn-25582.exe
2224	Unicorn-12967.exe
2248	Unicorn-26865.exe
1656	Unicorn-26865.exe
2984	Unicorn-26350.exe
2068	Unicorn-46216.exe
3048	Unicorn-6807.exe
1332	Unicorn-49864.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exeUnicorn-6168.exeUnicorn-27569.exeUnicorn-31400.exeUnicorn-26333.exeUnicorn-9482.exeUnicorn-26333.exeUnicorn-64646.exe

description	pid	process	target process
PID 2372 wrote to memory of 2644	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-6168.exe
PID 2372 wrote to memory of 2644	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-6168.exe
PID 2372 wrote to memory of 2644	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-6168.exe
PID 2372 wrote to memory of 2644	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-6168.exe
PID 2644 wrote to memory of 2172	2644	Unicorn-6168.exe	Unicorn-31400.exe
PID 2644 wrote to memory of 2172	2644	Unicorn-6168.exe	Unicorn-31400.exe
PID 2644 wrote to memory of 2172	2644	Unicorn-6168.exe	Unicorn-31400.exe
PID 2644 wrote to memory of 2172	2644	Unicorn-6168.exe	Unicorn-31400.exe
PID 2372 wrote to memory of 1172	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-27569.exe
PID 2372 wrote to memory of 1172	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-27569.exe
PID 2372 wrote to memory of 1172	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-27569.exe
PID 2372 wrote to memory of 1172	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	Unicorn-27569.exe
PID 2372 wrote to memory of 2844	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	WerFault.exe
PID 2372 wrote to memory of 2844	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	WerFault.exe
PID 2372 wrote to memory of 2844	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	WerFault.exe
PID 2372 wrote to memory of 2844	2372	a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe	WerFault.exe
PID 2644 wrote to memory of 1436	2644	Unicorn-6168.exe	Unicorn-9482.exe
PID 2644 wrote to memory of 1436	2644	Unicorn-6168.exe	Unicorn-9482.exe
PID 2644 wrote to memory of 1436	2644	Unicorn-6168.exe	Unicorn-9482.exe
PID 2644 wrote to memory of 1436	2644	Unicorn-6168.exe	Unicorn-9482.exe
PID 1172 wrote to memory of 2760	1172	Unicorn-27569.exe	Unicorn-26333.exe
PID 1172 wrote to memory of 2760	1172	Unicorn-27569.exe	Unicorn-26333.exe
PID 1172 wrote to memory of 2760	1172	Unicorn-27569.exe	Unicorn-26333.exe
PID 1172 wrote to memory of 2760	1172	Unicorn-27569.exe	Unicorn-26333.exe
PID 2172 wrote to memory of 2800	2172	Unicorn-31400.exe	Unicorn-26333.exe
PID 2172 wrote to memory of 2800	2172	Unicorn-31400.exe	Unicorn-26333.exe
PID 2172 wrote to memory of 2800	2172	Unicorn-31400.exe	Unicorn-26333.exe
PID 2172 wrote to memory of 2800	2172	Unicorn-31400.exe	Unicorn-26333.exe
PID 2644 wrote to memory of 2584	2644	Unicorn-6168.exe	WerFault.exe
PID 2644 wrote to memory of 2584	2644	Unicorn-6168.exe	WerFault.exe
PID 2644 wrote to memory of 2584	2644	Unicorn-6168.exe	WerFault.exe
PID 2644 wrote to memory of 2584	2644	Unicorn-6168.exe	WerFault.exe
PID 2172 wrote to memory of 2152	2172	Unicorn-31400.exe	Unicorn-64646.exe
PID 2172 wrote to memory of 2152	2172	Unicorn-31400.exe	Unicorn-64646.exe
PID 2172 wrote to memory of 2152	2172	Unicorn-31400.exe	Unicorn-64646.exe
PID 2172 wrote to memory of 2152	2172	Unicorn-31400.exe	Unicorn-64646.exe
PID 2800 wrote to memory of 2416	2800	Unicorn-26333.exe	Unicorn-18975.exe
PID 2800 wrote to memory of 2416	2800	Unicorn-26333.exe	Unicorn-18975.exe
PID 2800 wrote to memory of 2416	2800	Unicorn-26333.exe	Unicorn-18975.exe
PID 2800 wrote to memory of 2416	2800	Unicorn-26333.exe	Unicorn-18975.exe
PID 1436 wrote to memory of 1788	1436	Unicorn-9482.exe	Unicorn-18975.exe
PID 1436 wrote to memory of 1788	1436	Unicorn-9482.exe	Unicorn-18975.exe
PID 1436 wrote to memory of 1788	1436	Unicorn-9482.exe	Unicorn-18975.exe
PID 1436 wrote to memory of 1788	1436	Unicorn-9482.exe	Unicorn-18975.exe
PID 2760 wrote to memory of 2904	2760	Unicorn-26333.exe	Unicorn-38326.exe
PID 2760 wrote to memory of 2904	2760	Unicorn-26333.exe	Unicorn-38326.exe
PID 2760 wrote to memory of 2904	2760	Unicorn-26333.exe	Unicorn-38326.exe
PID 2760 wrote to memory of 2904	2760	Unicorn-26333.exe	Unicorn-38326.exe
PID 1172 wrote to memory of 1892	1172	Unicorn-27569.exe	Unicorn-18460.exe
PID 1172 wrote to memory of 1892	1172	Unicorn-27569.exe	Unicorn-18460.exe
PID 1172 wrote to memory of 1892	1172	Unicorn-27569.exe	Unicorn-18460.exe
PID 1172 wrote to memory of 1892	1172	Unicorn-27569.exe	Unicorn-18460.exe
PID 1172 wrote to memory of 1108	1172	Unicorn-27569.exe	WerFault.exe
PID 1172 wrote to memory of 1108	1172	Unicorn-27569.exe	WerFault.exe
PID 1172 wrote to memory of 1108	1172	Unicorn-27569.exe	WerFault.exe
PID 1172 wrote to memory of 1108	1172	Unicorn-27569.exe	WerFault.exe
PID 2172 wrote to memory of 2704	2172	Unicorn-31400.exe	WerFault.exe
PID 2172 wrote to memory of 2704	2172	Unicorn-31400.exe	WerFault.exe
PID 2172 wrote to memory of 2704	2172	Unicorn-31400.exe	WerFault.exe
PID 2172 wrote to memory of 2704	2172	Unicorn-31400.exe	WerFault.exe
PID 2152 wrote to memory of 1872	2152	Unicorn-64646.exe	Unicorn-46248.exe
PID 2152 wrote to memory of 1872	2152	Unicorn-64646.exe	Unicorn-46248.exe
PID 2152 wrote to memory of 1872	2152	Unicorn-64646.exe	Unicorn-46248.exe
PID 2152 wrote to memory of 1872	2152	Unicorn-64646.exe	Unicorn-46248.exe

C:\Users\Admin\AppData\Local\Temp\a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe
"C:\Users\Admin\AppData\Local\Temp\a11e27a0e0c8480d0b5233f79c6c3e883e9caf6389a0dad9ab231c49fa93ad58.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60125.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4827.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16487.exe
10⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8783.exe
11⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41929.exe
12⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
13⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51771.exe
14⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43302.exe
15⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
15⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
14⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
13⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
12⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
11⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22166.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
11⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44358.exe
12⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
13⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
14⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
13⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
12⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
11⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
10⤵
- Program crash
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62158.exe
9⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59017.exe
10⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40236.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58534.exe
12⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
13⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
12⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
10⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
9⤵
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
8⤵
- Program crash
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50499.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5344.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe
11⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
12⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe
13⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
13⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
12⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
10⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe
11⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2475.exe
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
9⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
8⤵
- Program crash
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24800.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
9⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
10⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe
11⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-3334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3334.exe
12⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
13⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
13⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
12⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8388.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15064.exe
11⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14815.exe
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 236
12⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
9⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
- Program crash
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-26350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15911.exe
8⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58849.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8618.exe
11⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6841.exe
12⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
13⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 236
13⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54455.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34558.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28105.exe
10⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26109.exe
11⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-282.exe
12⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
11⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 220
8⤵
- Program crash
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
7⤵
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
6⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12507.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32221.exe
9⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
10⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55445.exe
11⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9983.exe
12⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
13⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47219.exe
14⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 236
13⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
12⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 236
11⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
10⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50039.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28180.exe
11⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
12⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
13⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
12⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 220
9⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48619.exe
8⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59245.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61428.exe
11⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13572.exe
12⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
13⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
13⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
12⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
10⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65102.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7867.exe
11⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
12⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
12⤵
PID:14028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
11⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
8⤵
- Program crash
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39095.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15802.exe
8⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54637.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
10⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
11⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
12⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 236
13⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
12⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
11⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26671.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
10⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
11⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
12⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
11⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3059.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
9⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4607.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7305.exe
11⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11116.exe
12⤵
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 236
11⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
8⤵
- Program crash
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
7⤵
- Program crash
PID:864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
6⤵
- Program crash
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11739.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35044.exe
9⤵
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44554.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50019.exe
11⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28309.exe
12⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18271.exe
13⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40829.exe
14⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
14⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
13⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
12⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
11⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45229.exe
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17729.exe
12⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17926.exe
13⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
13⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
12⤵
PID:10644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39955.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58120.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46691.exe
12⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8356.exe
13⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
13⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
9⤵
- Program crash
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45412.exe
8⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55405.exe
9⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10333.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61236.exe
11⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19380.exe
12⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-592.exe
13⤵
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 236
13⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
9⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
8⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
8⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41020.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47118.exe
10⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52623.exe
11⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
12⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
13⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
12⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
11⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29774.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34764.exe
12⤵
PID:11752

C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7670.exe
13⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
12⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
11⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65483.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
10⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
11⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
10⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
9⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
8⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12173.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65085.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13577.exe
10⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31837.exe
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 236
12⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2867.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1561.exe
10⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61846.exe
11⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10540.exe
12⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
11⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
10⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
8⤵
- Program crash
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
7⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20073.exe
11⤵
PID:11780

C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58631.exe
12⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
11⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
8⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
7⤵
- Program crash
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
6⤵
- Program crash
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13129.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8724.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
8⤵
PID:724

C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50399.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57306.exe
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
11⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 724 -s 236
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39379.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17355.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54589.exe
11⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21647.exe
12⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
12⤵
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
8⤵
- Program crash
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15370.exe
7⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45826.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13980.exe
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33698.exe
11⤵
PID:8792

C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60843.exe
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8792 -s 216
12⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 236
11⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
10⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
9⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23599.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60960.exe
9⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
10⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
10⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
9⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 220
7⤵
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5821.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39901.exe
7⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32209.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42405.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36391.exe
11⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
12⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30132.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25602.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34746.exe
10⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54089.exe
11⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
11⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
10⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
7⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63921.exe
8⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-38757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38757.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54948.exe
10⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-866.exe
11⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
11⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
8⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
6⤵
- Program crash
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
5⤵
- Program crash
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25169.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25314.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12391.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10627.exe
8⤵
PID:656

C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7771.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64907.exe
10⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40651.exe
11⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54860.exe
12⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46536.exe
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
13⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 236
12⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
11⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
10⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45618.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
10⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 200
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 656 -s 240
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64715.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50978.exe
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54621.exe
11⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56175.exe
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
12⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
8⤵
- Program crash
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52900.exe
7⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29619.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61861.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21996.exe
11⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 216
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51087.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23101.exe
10⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
11⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
8⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
- Program crash
PID:1808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
6⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46762.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4251.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1411.exe
8⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31270.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7447.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
12⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
13⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
13⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
12⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29193.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42756.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
11⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4071.exe
12⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 216
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 236
11⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
10⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1497.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47715.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
10⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53138.exe
11⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11555.exe
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
10⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46891.exe
7⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55213.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59718.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12273.exe
10⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
11⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34729.exe
12⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
12⤵
PID:980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22831.exe
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62325.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28699.exe
10⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51968.exe
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
11⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
10⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
9⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 220
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 220
7⤵
- Program crash
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62781.exe
7⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42955.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2885.exe
9⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50828.exe
10⤵
PID:8496

C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48337.exe
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8496 -s 216
11⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
10⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
8⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1060 -s 236
7⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
6⤵
- Program crash
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
5⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50408.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61154.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35815.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62729.exe
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
9⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
8⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46123.exe
7⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4367.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59932.exe
10⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
11⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 236
11⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 236
8⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-6807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6807.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
7⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58081.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
10⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53545.exe
11⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7563.exe
12⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
7⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52923.exe
8⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64207.exe
9⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47224.exe
10⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21806.exe
11⤵
PID:13784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 236
11⤵
PID:14152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 236
10⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
9⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
8⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 220
7⤵
- Program crash
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
6⤵
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12967.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
7⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52508.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22532.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7700.exe
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 236
10⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-35129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35129.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
9⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15170.exe
10⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44044.exe
11⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
11⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
10⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
9⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
8⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 220
7⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47083.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10729.exe
7⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4760.exe
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4550.exe
9⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7124.exe
10⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
10⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
9⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
8⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 236
7⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 220
6⤵
- Program crash
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 240
5⤵
- Program crash
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9492.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28401.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2179.exe
8⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45078.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
10⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5407.exe
11⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44393.exe
12⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30828.exe
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
12⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28072.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20719.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61056.exe
11⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40140.exe
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26966.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29381.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35366.exe
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35426.exe
11⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44066.exe
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
11⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 220
8⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 216
7⤵
- Program crash
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25582.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55197.exe
7⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21576.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19375.exe
9⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54813.exe
10⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31043.exe
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
11⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
10⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
8⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
7⤵
- Program crash
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
6⤵
- Program crash
PID:2540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
5⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5303.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22140.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36459.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18498.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3775.exe
11⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3051.exe
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
12⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
11⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
9⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 216
8⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29101.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37424.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2097.exe
10⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64132.exe
11⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
12⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
11⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
8⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
9⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26717.exe
10⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
11⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 216
11⤵
PID:13348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
10⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 220
7⤵
- Program crash
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62671.exe
6⤵
- Executes dropped EXE
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-451.exe
7⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36848.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22352.exe
10⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
11⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55471.exe
12⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 216
12⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
11⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
8⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50807.exe
7⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18160.exe
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48946.exe
9⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6460.exe
10⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 216
10⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
9⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
8⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
7⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17442.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26865.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48967.exe
7⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-27533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27533.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42697.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6871.exe
10⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
11⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25660.exe
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 236
12⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 236
11⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41259.exe
10⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
11⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5548 -s 216
10⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
9⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
8⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7667.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32038.exe
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51012.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
10⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17777.exe
11⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
10⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
9⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
7⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13642.exe
6⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4175.exe
7⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65471.exe
8⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 240
9⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
8⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
7⤵
PID:4940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
6⤵
- Program crash
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
5⤵
- Program crash
PID:1916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46186.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44462.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
7⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21735.exe
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11184.exe
10⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34730.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
12⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 236
12⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 236
11⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
10⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 216
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37075.exe
7⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
8⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
8⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29293.exe
6⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
7⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27541.exe
9⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11921.exe
10⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12764.exe
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
11⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
10⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
8⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39852.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37650.exe
8⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9591.exe
9⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
10⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 216
10⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
9⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
8⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
7⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
6⤵
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7767.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
6⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4943.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28269.exe
8⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27452.exe
9⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27431.exe
10⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
10⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
9⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
8⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
7⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18326.exe
6⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
7⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54427.exe
8⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
9⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49593.exe
10⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
10⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
9⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
8⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
7⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
6⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
5⤵
- Program crash
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
4⤵
- Program crash
PID:1284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
2⤵
- Program crash
PID:2844

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18460.exe

Filesize
184KB

MD5
252f31ad1e3269bc36274397cfbb16a5

SHA1
cf2fe48890b3b0b0c4bebdff010388e096880642

SHA256
8e55c3d1409eb0b0a6a0c6d997c08e9216ba58408cb6926cbbef1c3daf75ada3

SHA512
0a27d0047a18e0ab1dc2daf7cd4a11a10289f637ca5b22274d45418f74acaf3ebf0fb6d6e3a1790caa5e14e2bda5e2a45fb1e1d2ff0f2907fb710ee946fcf437

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18975.exe

Filesize
184KB

MD5
c415084737bc0824d9f79122fae2fc48

SHA1
5f11ece4f4a813a5ce5383f13c05d7e14d55db10

SHA256
f93f62017ee42a74f7fbc50c0a698d0001ca7cd6ee8f16cc3b888dc94a7c68c5

SHA512
70d5ac0856060d037ac4e2d0ee52a4744c56c8bf6996c33b1cb99d57cb03f8557a1cd173af2e0cfef67b2d868a24a2f0a0a920d778fe986e9230e48d935564ae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21736.exe

Filesize
184KB

MD5
2e529109627ba58605ef6a44a83198d9

SHA1
34f2941b2c13b6dc7af84859233bf0aa65e635c8

SHA256
47950f9a35eb34146759671be865e8eb1c0fb01f55a698d9596ca233ef9e2d0d

SHA512
47d39ab60f51b51ca2abeb9895ea16edb2cf98c8fd0774a470fd13837d8338f6c28c22515d419d43482d0e915222b60fcfa1eed965930e1dfad60cfa187b6bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe

Filesize
184KB

MD5
f74e188f166c35dc81c4205d0ef8c26b

SHA1
9a6cfb530a5912e0bd678bd2d38692a8f8a7b45b

SHA256
1ac22e8f7a8da0bbabb5e438a3ad2baa50013f033861cd2b04e2e7dd3698f26c

SHA512
80eadf5641eeb3144e59cdb2d24e92a13d6376cb2771a842f39fb7b2353cdedf69f0c4cbc316d4c6b68f912ae7e21e3f24379fff8a69a14a4486172b6383878b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25545.exe

Filesize
184KB

MD5
47ca77ef670a51d5aa7c67812e5d367c

SHA1
f9b8ff2a10d73cc1999ae935ddc14f562d477d7e

SHA256
fdd14c959def1f4da6a3be853b9f35434af0470147e95ab55255fa7eb6f91f16

SHA512
6464c6d85a33f2448b4f364b51cd123df7882e166f9b47e8be042046668512b138f34080a9e9517702c2130c94bf2c94c7f204549c3fbdc98f7c50de2eb15fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe

Filesize
184KB

MD5
bd99e76599ff78a95df308d6bfe289f9

SHA1
11b466e465dd689d4cd9f459387ce5f050889de6

SHA256
ae7b8e0c127ee261ba3f0000a2fcf063e45468666763fadcb02dc5fc3daee34f

SHA512
0abb34ba9a38e71d41e19fcb67a665d903b0b0c46f5919631fdec9b2273519d8e4436211f5676a6f4b0e44c08a68c065e8b46c0722e7f61c75a027bfebf53498

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3754.exe

Filesize
184KB

MD5
2ae8f7d3b120761f529547b9812c73f3

SHA1
4fbdedcd9cd1ddc89a453b26b09d8adb9bd757cb

SHA256
1e69988b374d40952f9a1634bd9d9e3c57ec2d623d881552bed9bc8afde0e1a8

SHA512
1bd60790268296b24f4b1629b7b5f29f7a308c837bcc3b7a232a0d5ed6e0c2340e5398503282963544c847ace3b029f47a2d962e313310db56b06689c5688ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe

Filesize
184KB

MD5
2891e317bd14d81eadeae1e2937b442a

SHA1
90f59cf0b69d1da60082dbd852d8d0a3fecbd068

SHA256
2cd51d6127db7d034a090d35cf468db8bb981312dac7cbb6ecc7b5ee8658285c

SHA512
07150e5736d655e7b5b103bbc2f732cfe1b8bd1831ed9f747e66efe4d70dceee369a8c6ae949683ef748c099f3affaaa9385681de07031b74e0ed43f789268e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4401.exe

Filesize
184KB

MD5
db96704303ef9d29f7d633195ea7a79e

SHA1
d4a7203e97c8b1840e300cf96653c942631afb13

SHA256
514cb42893bf232e9293cb6fd31d70defa7be83a881117f50cf436c04b10a319

SHA512
586fd31b4243a04a9b9c9082ab9327044cd53e9bafe597b5957cb36b68130781678ac65b15027448a74ea20786a24324debec3ac90d7635d8c3e63f2d46af9f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5903.exe

Filesize
184KB

MD5
92cf9c62a56a8a4d33e80f1f362514d9

SHA1
917855a2c1d38c8452867cfeec76a7174e0c1061

SHA256
f48e82621b5b187bf950ff9bf7893eb861c1db88f67dbcab39dd560c4351e57f

SHA512
748cfe3eb319fdafba95c8b0061047d4417ec68a97b864e4207cc4acc941e1513a75210d7157ec65363f8e56a1082f52d622ef844503679683ed4eb72619f136

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62537.exe

Filesize
184KB

MD5
550af89399bd91ace5edbc402ec8209f

SHA1
3716842dc4b54750a34a606e87e2e495ba57a1ed

SHA256
1190e8546cddc71c08c2fec30205a81dcabee5a13a3b7e92a112b675b6d2c9fe

SHA512
ee9aab2a7089b5acb535c26022c25e3f3577df8be8c6eea0130a2878b42a78c908734e465e280a14d88aa7d6e8b33078d86c0f37c8beeb294cd7879eecf441e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6479.exe

Filesize
184KB

MD5
18aaa3185883615b6b4770201947b570

SHA1
e3ad29d555c0da5025798278c4c3a161167dde02

SHA256
e489bd08cdcbee0e8051f1c7fe620c878b331f04201c11d6574f586e5f20f35f

SHA512
b91128705323411894204d18e5116158b72bedaf79fbf72225b78dbac08c1c6692047e9e766753f896edf6fd45e4a8de82ddbb4adb172fce3f454bd90023dc89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7641.exe

Filesize
184KB

MD5
f3c62e838209945a6640980d4994359e

SHA1
359c5ddbc6d9b84508c28a708339246a7f6bab7e

SHA256
4d64ae03c429e825e29c9149deaae4d6bb48d45705eda17de07b3189f9b2c9d9

SHA512
f2255fc25879415d5215ef4ecdd5d4900b4830cd33468b2d4a77cd467eb190813ae38bf452c4a4d99c7bdcedba2a97bff2fb52fbef7d99fd511cce86e3d1338e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27569.exe

Filesize
184KB

MD5
c8f585482f3c0c61bf141e223431c365

SHA1
af4637685121fff9b852d34d47aa1c647d003596

SHA256
e24db12e4319afbf038c0547de8e89ba020945053b458d844629187e48398e49

SHA512
11d188564183f8ac567999cfc5b4795db85aa6ef004a451f164ca4c7c5bc0d097a1377775e9729c81bca8c26a2d42ad6d16ca95b4b855daedaee4afdcff5f129

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe

Filesize
184KB

MD5
cfe4cb16f496d862abbbfd220dfe10d6

SHA1
8bfeaac00bc620dfb0fc96476374413fee309474

SHA256
f4a7526fecc1c9a24d769f13b9b38a5495107cc5456a9e5cb2c2c08825c8d2b0

SHA512
6465f9cac8682587904446bf158534073541fd11728a384b77cbee882953c35dfeeb38d94228ff48a961682ecb9f9b4aecbeebaa0931e84af5aba5cbf8ce7b6a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44136.exe

Filesize
184KB

MD5
5364b87ce923270f0ebb7baa5d2835b8

SHA1
6dec40c15c50d297e7b752489805eb05e3bbc60f

SHA256
57fff51b922c139645d703c3baa2852125cb9a1124bec3af4c9166d9da8c1a51

SHA512
c164cedd60aa4ce5cf20e438d1262610e1babbbb897e2fcacb9b30293e78b6841195122ecdcef3351fe4fb4df9d91ac067bca138a824faa102453023a5c07e49

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46248.exe

Filesize
184KB

MD5
388415ed8315ed64f98b70bbb3d9b778

SHA1
58544fe5cc9d4d3795fba0260de34798943cef72

SHA256
21f6901b197d7384cc9dc75a8ed42b6b37119b4f9116da967304ddcc2d27c721

SHA512
f09662cb767536da307a08c5b912fb91ca4720bd7483aeff5767cc09861d40a734f22ee74a59e41f52f9870a2a92445f336d96f1cda71739ad82e2be137558f9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4727.exe

Filesize
184KB

MD5
540935b5d70213cc53c82ca325bf166b

SHA1
d813c72506f2ab22cda984fcc7790eb388993fd3

SHA256
1e350b78c8fd45278af1f52a6581dae7ae37945a711cefb1c97db61bb111a9c6

SHA512
b3fad2a1caea3d5e3eb711b7ca5c34a3707d57a859123e0afce5e283646f59914c363f7295f5716a7c2ff100f0ed2a32732f886c43e1fe3236a5df6d4964d5b8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6168.exe

Filesize
184KB

MD5
71c206b20f9f01f3231e1c9443ad701b

SHA1
52038cd494126e11358e5e8a33b5dfd6d1da19e9

SHA256
d1e861c750878ea36ec66c35d0f3de7be8313d19abe14c065fedc42f6102a280

SHA512
4fc3c92cdc1999199af11ad0b5e90621d856825276240b5fac426055576d62da0136df7352c1349ed53a82cb3f519b2eaaeef921d75cc6077d9c2ea1936b3f8f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64646.exe

Filesize
184KB

MD5
e69d8ded81d9dfa18718a5f5f90ce226

SHA1
b5347ae777a2dd4d6f81ada83aef5d9053cd76b6

SHA256
81faa50a32affcd07a46e236175a2ee393e02b0d6cce447e757eb3aae28107b1

SHA512
740b5b2b2a1d85647de299ee03cc76fc4c0bdb69ce2802a9dbfb912d51e4e9184cfd528755149235f29476447f56dcfee15f2a86e4c2dfba359b11e6b76c4172

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9482.exe

Filesize
184KB

MD5
42474f0aaf304ff499252b5fc52cd5bf

SHA1
ed354cc89d83c2fa545c07e583cd2f0796a4e3af

SHA256
16fce439609a1b4d933e5bc0862a28143139343350d696e9ad61a0dcd4882610

SHA512
3f5d76195cc33ed411ba85cbfc8b57828bcd70d8d576a5109c8458df681407de34dd7738ce5839e27154aa264ca900c54e56aac2b2a4d5073b1eea41fc15fd22

Download Submit