7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50

Analysis

max time kernel
149s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
Size

184KB
MD5

672a9524e983326808b293e5e78dcba7
SHA1

d30ad62b4fa1118021425540457a0f6ce4921aab
SHA256

7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50
SHA512

88d60b1968cea9cc61c6426b4c00846b41890aca2603ade896b51b45cd30e1c728c305eafa3329b78f4313b4e9a73647ed176539376e484222559e74ea707c98
SSDEEP

3072:vga3Hxoz7JOGjGSWVlvL+KsFhlnViFIn3:vgsogMGS4L9sFhlnViFI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-43783.exeUnicorn-21670.exeUnicorn-29284.exeUnicorn-58147.exeUnicorn-54063.exeUnicorn-46450.exeUnicorn-53653.exeUnicorn-29703.exeUnicorn-39455.exeUnicorn-8728.exeUnicorn-1115.exeUnicorn-11886.exeUnicorn-64979.exeUnicorn-10303.exeUnicorn-7610.exeUnicorn-11694.exeUnicorn-15779.exeUnicorn-38891.exeUnicorn-65534.exeUnicorn-1471.exeUnicorn-12332.exeUnicorn-39550.exeUnicorn-16438.exeUnicorn-36858.exeUnicorn-51056.exeUnicorn-27106.exeUnicorn-59224.exeUnicorn-55140.exeUnicorn-32582.exeUnicorn-55695.exeUnicorn-44834.exeUnicorn-20884.exeUnicorn-35488.exeUnicorn-31404.exeUnicorn-58601.exeUnicorn-53469.exeUnicorn-26827.exeUnicorn-2877.exeUnicorn-49748.exeUnicorn-4076.exeUnicorn-6214.exeUnicorn-41579.exeUnicorn-59883.exeUnicorn-45685.exeUnicorn-53853.exeUnicorn-50132.exeUnicorn-50132.exeUnicorn-4460.exeUnicorn-11237.exeUnicorn-12628.exeUnicorn-32063.exeUnicorn-59260.exeUnicorn-60651.exeUnicorn-29925.exeUnicorn-36701.exeUnicorn-5228.exeUnicorn-36509.exeUnicorn-50345.exeUnicorn-5804.exeUnicorn-51476.exeUnicorn-38669.exeUnicorn-65311.exeUnicorn-8497.exeUnicorn-31055.exe

pid	process
3040	Unicorn-43783.exe
2480	Unicorn-21670.exe
2580	Unicorn-29284.exe
2592	Unicorn-58147.exe
2628	Unicorn-54063.exe
2420	Unicorn-46450.exe
572	Unicorn-53653.exe
588	Unicorn-29703.exe
1588	Unicorn-39455.exe
2688	Unicorn-8728.exe
2808	Unicorn-1115.exe
2896	Unicorn-11886.exe
1492	Unicorn-64979.exe
1408	Unicorn-10303.exe
2228	Unicorn-7610.exe
1764	Unicorn-11694.exe
2552	Unicorn-15779.exe
1784	Unicorn-38891.exe
268	Unicorn-65534.exe
1012	Unicorn-1471.exe
1104	Unicorn-12332.exe
1080	Unicorn-39550.exe
2264	Unicorn-16438.exe
544	Unicorn-36858.exe
2192	Unicorn-51056.exe
2216	Unicorn-27106.exe
2724	Unicorn-59224.exe
2064	Unicorn-55140.exe
2348	Unicorn-32582.exe
1208	Unicorn-55695.exe
3004	Unicorn-44834.exe
2868	Unicorn-20884.exe
2492	Unicorn-35488.exe
2544	Unicorn-31404.exe
2684	Unicorn-58601.exe
792	Unicorn-53469.exe
1364	Unicorn-26827.exe
2696	Unicorn-2877.exe
2664	Unicorn-49748.exe
2296	Unicorn-4076.exe
1936	Unicorn-6214.exe
752	Unicorn-41579.exe
1680	Unicorn-59883.exe
2120	Unicorn-45685.exe
1360	Unicorn-53853.exe
3000	Unicorn-50132.exe
2044	Unicorn-50132.exe
2056	Unicorn-4460.exe
2932	Unicorn-11237.exe
2736	Unicorn-12628.exe
1724	Unicorn-32063.exe
892	Unicorn-59260.exe
2336	Unicorn-60651.exe
748	Unicorn-29925.exe
1292	Unicorn-36701.exe
1596	Unicorn-5228.exe
1920	Unicorn-36509.exe
1872	Unicorn-50345.exe
2180	Unicorn-5804.exe
940	Unicorn-51476.exe
2672	Unicorn-38669.exe
1652	Unicorn-65311.exe
1944	Unicorn-8497.exe
3020	Unicorn-31055.exe

Loads dropped DLL 64 IoCs

Processes:

7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exeUnicorn-43783.exeUnicorn-21670.exeUnicorn-29284.exeWerFault.exeUnicorn-54063.exeUnicorn-58147.exeUnicorn-46450.exeWerFault.exeWerFault.exeUnicorn-29703.exeUnicorn-8728.exeUnicorn-1115.exeUnicorn-39455.exeUnicorn-53653.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
3040	Unicorn-43783.exe
3040	Unicorn-43783.exe
2480	Unicorn-21670.exe
2480	Unicorn-21670.exe
2580	Unicorn-29284.exe
2580	Unicorn-29284.exe
3040	Unicorn-43783.exe
3040	Unicorn-43783.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2628	Unicorn-54063.exe
2580	Unicorn-29284.exe
2628	Unicorn-54063.exe
2580	Unicorn-29284.exe
2592	Unicorn-58147.exe
2592	Unicorn-58147.exe
2420	Unicorn-46450.exe
2480	Unicorn-21670.exe
2420	Unicorn-46450.exe
2480	Unicorn-21670.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
3008	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
1972	WerFault.exe
3008	WerFault.exe
1972	WerFault.exe
588	Unicorn-29703.exe
588	Unicorn-29703.exe
2688	Unicorn-8728.exe
2688	Unicorn-8728.exe
2420	Unicorn-46450.exe
2420	Unicorn-46450.exe
2808	Unicorn-1115.exe
2808	Unicorn-1115.exe
1588	Unicorn-39455.exe
1588	Unicorn-39455.exe
572	Unicorn-53653.exe
572	Unicorn-53653.exe
2628	Unicorn-54063.exe
2592	Unicorn-58147.exe
2628	Unicorn-54063.exe
2592	Unicorn-58147.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2980	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
2196	WerFault.exe
1988	WerFault.exe
1988	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2600	2888	WerFault.exe	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
2568	3040	WerFault.exe	Unicorn-43783.exe
3008	2480	WerFault.exe	Unicorn-21670.exe
1972	2580	WerFault.exe	Unicorn-29284.exe
2980	2628	WerFault.exe	Unicorn-54063.exe
2196	2592	WerFault.exe	Unicorn-58147.exe
1988	2420	WerFault.exe	Unicorn-46450.exe
2520	588	WerFault.exe	Unicorn-29703.exe
2536	2688	WerFault.exe	Unicorn-8728.exe
2396	2808	WerFault.exe	Unicorn-1115.exe
2460	572	WerFault.exe	Unicorn-53653.exe
2368	1588	WerFault.exe	Unicorn-39455.exe
1844	2896	WerFault.exe	Unicorn-11886.exe
1868	1492	WerFault.exe	Unicorn-64979.exe
620	1408	WerFault.exe	Unicorn-10303.exe
2172	2552	WerFault.exe	Unicorn-15779.exe
2900	268	WerFault.exe	Unicorn-65534.exe
2564	1784	WerFault.exe	Unicorn-38891.exe
3036	2228	WerFault.exe	Unicorn-7610.exe
2660	1764	WerFault.exe	Unicorn-11694.exe
1648	1012	WerFault.exe	Unicorn-1471.exe
608	2192	WerFault.exe	Unicorn-51056.exe
2060	2868	WerFault.exe	Unicorn-20884.exe
2996	2684	WerFault.exe	Unicorn-58601.exe
368	1104	WerFault.exe	Unicorn-12332.exe
2244	2544	WerFault.exe	Unicorn-31404.exe
2084	792	WerFault.exe	Unicorn-53469.exe
3012	2348	WerFault.exe	Unicorn-32582.exe
2136	1364	WerFault.exe	Unicorn-26827.exe
240	2264	WerFault.exe	Unicorn-16438.exe
1848	2664	WerFault.exe	Unicorn-49748.exe
2968	2120	WerFault.exe	Unicorn-45685.exe
2908	2492	WerFault.exe	Unicorn-35488.exe
320	1936	WerFault.exe	Unicorn-6214.exe
1856	2216	WerFault.exe	Unicorn-27106.exe
2584	2044	WerFault.exe	Unicorn-50132.exe
3216	2736	WerFault.exe	Unicorn-12628.exe
3300	1080	WerFault.exe	Unicorn-39550.exe
3324	2724	WerFault.exe	Unicorn-59224.exe
3356	2932	WerFault.exe	Unicorn-11237.exe
3444	2696	WerFault.exe	Unicorn-2877.exe
3504	544	WerFault.exe	Unicorn-36858.exe
3528	1360	WerFault.exe	Unicorn-53853.exe
3552	752	WerFault.exe	Unicorn-41579.exe
3560	1208	WerFault.exe	Unicorn-55695.exe
3592	3004	WerFault.exe	Unicorn-44834.exe
3632	2064	WerFault.exe	Unicorn-55140.exe
3652	3000	WerFault.exe	Unicorn-50132.exe
4016	1724	WerFault.exe	Unicorn-32063.exe
3144	2672	WerFault.exe	Unicorn-38669.exe
3204	2432	WerFault.exe	Unicorn-13842.exe
3208	940	WerFault.exe	Unicorn-51476.exe
3272	2296	WerFault.exe	Unicorn-4076.exe
3312	1752	WerFault.exe	Unicorn-9950.exe
3352	1436	WerFault.exe	Unicorn-48098.exe
3380	2056	WerFault.exe	Unicorn-4460.exe
3400	1768	WerFault.exe	Unicorn-35654.exe
3440	1680	WerFault.exe	Unicorn-59883.exe
3480	2204	WerFault.exe	Unicorn-29624.exe
3684	2336	WerFault.exe	Unicorn-60651.exe
3736	3068	WerFault.exe	Unicorn-60542.exe
3760	1580	WerFault.exe	Unicorn-36614.exe
3840	1652	WerFault.exe	Unicorn-65311.exe
3848	1620	WerFault.exe	Unicorn-9011.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exeUnicorn-43783.exeUnicorn-21670.exeUnicorn-29284.exeUnicorn-58147.exeUnicorn-54063.exeUnicorn-46450.exeUnicorn-53653.exeUnicorn-29703.exeUnicorn-39455.exeUnicorn-8728.exeUnicorn-1115.exeUnicorn-11886.exeUnicorn-64979.exeUnicorn-10303.exeUnicorn-38891.exeUnicorn-7610.exeUnicorn-15779.exeUnicorn-11694.exeUnicorn-65534.exeUnicorn-1471.exeUnicorn-12332.exeUnicorn-16438.exeUnicorn-39550.exeUnicorn-36858.exeUnicorn-51056.exeUnicorn-27106.exeUnicorn-59224.exeUnicorn-55140.exeUnicorn-55695.exeUnicorn-32582.exeUnicorn-44834.exeUnicorn-20884.exeUnicorn-35488.exeUnicorn-58601.exeUnicorn-31404.exeUnicorn-53469.exeUnicorn-26827.exeUnicorn-2877.exeUnicorn-4076.exeUnicorn-49748.exeUnicorn-6214.exeUnicorn-41579.exeUnicorn-59883.exeUnicorn-45685.exeUnicorn-53853.exeUnicorn-11237.exeUnicorn-50132.exeUnicorn-50132.exeUnicorn-4460.exeUnicorn-12628.exeUnicorn-32063.exeUnicorn-60651.exeUnicorn-59260.exeUnicorn-36701.exeUnicorn-29925.exeUnicorn-5228.exeUnicorn-36509.exeUnicorn-50345.exeUnicorn-5804.exeUnicorn-51476.exeUnicorn-38669.exeUnicorn-65311.exeUnicorn-8497.exe

pid	process
2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
3040	Unicorn-43783.exe
2480	Unicorn-21670.exe
2580	Unicorn-29284.exe
2592	Unicorn-58147.exe
2628	Unicorn-54063.exe
2420	Unicorn-46450.exe
572	Unicorn-53653.exe
588	Unicorn-29703.exe
1588	Unicorn-39455.exe
2688	Unicorn-8728.exe
2808	Unicorn-1115.exe
2896	Unicorn-11886.exe
1492	Unicorn-64979.exe
1408	Unicorn-10303.exe
1784	Unicorn-38891.exe
2228	Unicorn-7610.exe
2552	Unicorn-15779.exe
1764	Unicorn-11694.exe
268	Unicorn-65534.exe
1012	Unicorn-1471.exe
1104	Unicorn-12332.exe
2264	Unicorn-16438.exe
1080	Unicorn-39550.exe
544	Unicorn-36858.exe
2192	Unicorn-51056.exe
2216	Unicorn-27106.exe
2724	Unicorn-59224.exe
2064	Unicorn-55140.exe
1208	Unicorn-55695.exe
2348	Unicorn-32582.exe
3004	Unicorn-44834.exe
2868	Unicorn-20884.exe
2492	Unicorn-35488.exe
2684	Unicorn-58601.exe
2544	Unicorn-31404.exe
792	Unicorn-53469.exe
1364	Unicorn-26827.exe
2696	Unicorn-2877.exe
2296	Unicorn-4076.exe
2664	Unicorn-49748.exe
1936	Unicorn-6214.exe
752	Unicorn-41579.exe
1680	Unicorn-59883.exe
2120	Unicorn-45685.exe
1360	Unicorn-53853.exe
2932	Unicorn-11237.exe
2044	Unicorn-50132.exe
3000	Unicorn-50132.exe
2056	Unicorn-4460.exe
2736	Unicorn-12628.exe
1724	Unicorn-32063.exe
2336	Unicorn-60651.exe
892	Unicorn-59260.exe
1292	Unicorn-36701.exe
748	Unicorn-29925.exe
1596	Unicorn-5228.exe
1920	Unicorn-36509.exe
1872	Unicorn-50345.exe
2180	Unicorn-5804.exe
940	Unicorn-51476.exe
2672	Unicorn-38669.exe
1652	Unicorn-65311.exe
1944	Unicorn-8497.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exeUnicorn-43783.exeUnicorn-21670.exeUnicorn-29284.exeUnicorn-54063.exeUnicorn-58147.exeUnicorn-46450.exeUnicorn-29703.exe

description	pid	process	target process
PID 2888 wrote to memory of 3040	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-43783.exe
PID 2888 wrote to memory of 3040	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-43783.exe
PID 2888 wrote to memory of 3040	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-43783.exe
PID 2888 wrote to memory of 3040	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-43783.exe
PID 2888 wrote to memory of 2480	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-21670.exe
PID 2888 wrote to memory of 2480	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-21670.exe
PID 2888 wrote to memory of 2480	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-21670.exe
PID 2888 wrote to memory of 2480	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	Unicorn-21670.exe
PID 3040 wrote to memory of 2580	3040	Unicorn-43783.exe	Unicorn-29284.exe
PID 3040 wrote to memory of 2580	3040	Unicorn-43783.exe	Unicorn-29284.exe
PID 3040 wrote to memory of 2580	3040	Unicorn-43783.exe	Unicorn-29284.exe
PID 3040 wrote to memory of 2580	3040	Unicorn-43783.exe	Unicorn-29284.exe
PID 2888 wrote to memory of 2600	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	WerFault.exe
PID 2888 wrote to memory of 2600	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	WerFault.exe
PID 2888 wrote to memory of 2600	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	WerFault.exe
PID 2888 wrote to memory of 2600	2888	7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe	WerFault.exe
PID 2480 wrote to memory of 2592	2480	Unicorn-21670.exe	Unicorn-58147.exe
PID 2480 wrote to memory of 2592	2480	Unicorn-21670.exe	Unicorn-58147.exe
PID 2480 wrote to memory of 2592	2480	Unicorn-21670.exe	Unicorn-58147.exe
PID 2480 wrote to memory of 2592	2480	Unicorn-21670.exe	Unicorn-58147.exe
PID 2580 wrote to memory of 2628	2580	Unicorn-29284.exe	Unicorn-54063.exe
PID 2580 wrote to memory of 2628	2580	Unicorn-29284.exe	Unicorn-54063.exe
PID 2580 wrote to memory of 2628	2580	Unicorn-29284.exe	Unicorn-54063.exe
PID 2580 wrote to memory of 2628	2580	Unicorn-29284.exe	Unicorn-54063.exe
PID 3040 wrote to memory of 2420	3040	Unicorn-43783.exe	Unicorn-46450.exe
PID 3040 wrote to memory of 2420	3040	Unicorn-43783.exe	Unicorn-46450.exe
PID 3040 wrote to memory of 2420	3040	Unicorn-43783.exe	Unicorn-46450.exe
PID 3040 wrote to memory of 2420	3040	Unicorn-43783.exe	Unicorn-46450.exe
PID 3040 wrote to memory of 2568	3040	Unicorn-43783.exe	WerFault.exe
PID 3040 wrote to memory of 2568	3040	Unicorn-43783.exe	WerFault.exe
PID 3040 wrote to memory of 2568	3040	Unicorn-43783.exe	WerFault.exe
PID 3040 wrote to memory of 2568	3040	Unicorn-43783.exe	WerFault.exe
PID 2628 wrote to memory of 572	2628	Unicorn-54063.exe	Unicorn-53653.exe
PID 2628 wrote to memory of 572	2628	Unicorn-54063.exe	Unicorn-53653.exe
PID 2628 wrote to memory of 572	2628	Unicorn-54063.exe	Unicorn-53653.exe
PID 2628 wrote to memory of 572	2628	Unicorn-54063.exe	Unicorn-53653.exe
PID 2580 wrote to memory of 588	2580	Unicorn-29284.exe	Unicorn-29703.exe
PID 2580 wrote to memory of 588	2580	Unicorn-29284.exe	Unicorn-29703.exe
PID 2580 wrote to memory of 588	2580	Unicorn-29284.exe	Unicorn-29703.exe
PID 2580 wrote to memory of 588	2580	Unicorn-29284.exe	Unicorn-29703.exe
PID 2592 wrote to memory of 1588	2592	Unicorn-58147.exe	Unicorn-39455.exe
PID 2592 wrote to memory of 1588	2592	Unicorn-58147.exe	Unicorn-39455.exe
PID 2592 wrote to memory of 1588	2592	Unicorn-58147.exe	Unicorn-39455.exe
PID 2592 wrote to memory of 1588	2592	Unicorn-58147.exe	Unicorn-39455.exe
PID 2420 wrote to memory of 2688	2420	Unicorn-46450.exe	Unicorn-8728.exe
PID 2420 wrote to memory of 2688	2420	Unicorn-46450.exe	Unicorn-8728.exe
PID 2420 wrote to memory of 2688	2420	Unicorn-46450.exe	Unicorn-8728.exe
PID 2420 wrote to memory of 2688	2420	Unicorn-46450.exe	Unicorn-8728.exe
PID 2480 wrote to memory of 2808	2480	Unicorn-21670.exe	Unicorn-1115.exe
PID 2480 wrote to memory of 2808	2480	Unicorn-21670.exe	Unicorn-1115.exe
PID 2480 wrote to memory of 2808	2480	Unicorn-21670.exe	Unicorn-1115.exe
PID 2480 wrote to memory of 2808	2480	Unicorn-21670.exe	Unicorn-1115.exe
PID 2480 wrote to memory of 3008	2480	Unicorn-21670.exe	WerFault.exe
PID 2480 wrote to memory of 3008	2480	Unicorn-21670.exe	WerFault.exe
PID 2480 wrote to memory of 3008	2480	Unicorn-21670.exe	WerFault.exe
PID 2480 wrote to memory of 3008	2480	Unicorn-21670.exe	WerFault.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-29284.exe	WerFault.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-29284.exe	WerFault.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-29284.exe	WerFault.exe
PID 2580 wrote to memory of 1972	2580	Unicorn-29284.exe	WerFault.exe
PID 588 wrote to memory of 2896	588	Unicorn-29703.exe	Unicorn-11886.exe
PID 588 wrote to memory of 2896	588	Unicorn-29703.exe	Unicorn-11886.exe
PID 588 wrote to memory of 2896	588	Unicorn-29703.exe	Unicorn-11886.exe
PID 588 wrote to memory of 2896	588	Unicorn-29703.exe	Unicorn-11886.exe

C:\Users\Admin\AppData\Local\Temp\7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe
"C:\Users\Admin\AppData\Local\Temp\7ad1b4b4244697567f4f4a6a767f661cb097c00de5fdd54c9344ccc1c7ec0c50.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15779.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51056.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45685.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
9⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
10⤵
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
11⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
12⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57699.exe
13⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
14⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
15⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
14⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
13⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
12⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 216
11⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 216
10⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
9⤵
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
8⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42006.exe
9⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
11⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
12⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60548.exe
13⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27072.exe
14⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
13⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
12⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 236
11⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
10⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
9⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
- Program crash
PID:608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
7⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27106.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
8⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3796.exe
9⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35862.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
11⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11295.exe
12⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
13⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42915.exe
14⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 236
13⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
11⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 236
10⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
9⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53552.exe
8⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60174.exe
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30787.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36568.exe
11⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
12⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47959.exe
13⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
11⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 216
9⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
8⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54683.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57076.exe
11⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
12⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
13⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
13⤵
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35072.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35904.exe
11⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
12⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
12⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
11⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 240
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
9⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
8⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
7⤵
- Program crash
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
6⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38891.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55140.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4460.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48098.exe
8⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61165.exe
9⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47683.exe
10⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47507.exe
11⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
12⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
13⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29620.exe
14⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
14⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
13⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
12⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
11⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
10⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
9⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49468.exe
8⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37569.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
11⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59609.exe
12⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21125.exe
13⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 236
12⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 236
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
9⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9950.exe
7⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51679.exe
9⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46687.exe
10⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-481.exe
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
12⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 236
11⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 236
10⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
9⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9011.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29920.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38187.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39417.exe
11⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20092.exe
12⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
13⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
12⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:1912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
7⤵
- Program crash
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
6⤵
- Program crash
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31404.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29925.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
9⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51399.exe
11⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56604.exe
12⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
13⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15346.exe
14⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 236
13⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
12⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
11⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
10⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
9⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
8⤵
- Program crash
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36701.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
9⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57434.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24648.exe
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64196.exe
12⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46205.exe
13⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56127.exe
14⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 188
15⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 236
13⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
12⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
10⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
9⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
8⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7844.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
11⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56703.exe
12⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36151.exe
13⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
12⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
11⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
10⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 216
9⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
8⤵
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
7⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
8⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53760.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36625.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7595.exe
11⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46397.exe
12⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56379.exe
13⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
12⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
11⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
9⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
8⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
7⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
6⤵
- Program crash
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35488.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32063.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-30579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30579.exe
9⤵
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 240
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
9⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
8⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4844.exe
7⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-864.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48773.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-709.exe
11⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10211.exe
12⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
12⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 236
11⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
8⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
- Program crash
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59260.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32764.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9925.exe
10⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47632.exe
11⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45629.exe
12⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 236
11⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
8⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 216
7⤵
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
6⤵
- Program crash
PID:368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
5⤵
- Program crash
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26827.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10978.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17497.exe
10⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
11⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
12⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53667.exe
13⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
14⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
14⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 236
13⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 236
12⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
11⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
9⤵
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
8⤵
- Program crash
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51476.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16573.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55099.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
11⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63117.exe
12⤵
PID:8428

C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57881.exe
13⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
12⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
8⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
7⤵
- Program crash
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54232.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8508.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3516.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65343.exe
11⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1140.exe
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
12⤵
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
8⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
7⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
6⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39550.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53469.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5228.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41129.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50060.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12950.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 216
9⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
8⤵
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
7⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36509.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
7⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56323.exe
7⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14429.exe
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
9⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41223.exe
10⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12022.exe
11⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
11⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 236
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
8⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
7⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 240
6⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
5⤵
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36858.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4076.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38669.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63796.exe
8⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8596.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7460.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1482.exe
11⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48343.exe
12⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
13⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
9⤵
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
8⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25648.exe
7⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23371.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29474.exe
10⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
11⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57549.exe
12⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
12⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 236
11⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
10⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
9⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
8⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
7⤵
- Program crash
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31055.exe
6⤵
- Executes dropped EXE
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62976.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50755.exe
8⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11959.exe
9⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15723.exe
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
10⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 236
9⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
8⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
7⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
6⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49748.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65311.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20517.exe
7⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29832.exe
8⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59453.exe
10⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
11⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59827.exe
12⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
11⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
9⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
8⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
7⤵
- Program crash
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
6⤵
- Program crash
PID:1848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
5⤵
- Program crash
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53853.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58212.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9883.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18815.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18099.exe
11⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
12⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-6895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6895.exe
13⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
13⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
12⤵
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
11⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 236
9⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
7⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
10⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26750.exe
11⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
12⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 236
12⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
11⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
10⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
8⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
7⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
7⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62068.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
12⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 236
11⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
8⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
7⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
6⤵
- Program crash
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12628.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29624.exe
7⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19915.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15010.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63843.exe
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe
11⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14388.exe
12⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32443.exe
13⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
13⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 236
12⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
11⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
9⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
8⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
7⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13842.exe
6⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22956.exe
7⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57797.exe
8⤵
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 220
9⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 236
8⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
7⤵
- Program crash
PID:3204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
6⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
5⤵
- Program crash
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65534.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59224.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60542.exe
7⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12540.exe
8⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26703.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34155.exe
11⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17570.exe
12⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37269.exe
13⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
12⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
9⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
8⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
7⤵
- Program crash
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
6⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21752.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
8⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56334.exe
9⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
10⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27705.exe
11⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
8⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
7⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
6⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41579.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
6⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27974.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32904.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22375.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40647.exe
10⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51903.exe
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
11⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
8⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 216
7⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
6⤵
- Program crash
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
5⤵
- Program crash
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7610.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8497.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
7⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52665.exe
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26786.exe
9⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
10⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
11⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
11⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 236
10⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
8⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
7⤵
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
6⤵
- Program crash
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50132.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-54128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54128.exe
6⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
7⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19417.exe
8⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26978.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
10⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
11⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
12⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
9⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
8⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 216
7⤵
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
6⤵
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
5⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55695.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20557.exe
5⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9691.exe
6⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57844.exe
7⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
8⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26070.exe
9⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20907.exe
10⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62684.exe
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
10⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
9⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
8⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
7⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
6⤵
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
5⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
4⤵
- Program crash
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
2⤵
- Program crash
PID:2600

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe

Filesize
184KB

MD5
d6dc0da58aaf520d5ce7f4e5e0849b20

SHA1
edbb1ee0f53626247841381cef0011fffd42ffe4

SHA256
83b5765aa983a7f61a9877d30a3dfcf460a05ddb8d9ff195f81fbb6ae47ce279

SHA512
0ea04cdf9c6287ca12202273dea7784d038f7fb4e90cc4f51fd68e341f26e7bd76fa60e7f4ada3433bfe9124f2d4032b8858fbd3a47cf49a316611ed04eec4c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe

Filesize
184KB

MD5
14a1bef1466a6db92bdec20875440283

SHA1
97ec34f2165af66349a8b74fd55bc7999ad3171d

SHA256
b1c45404c1f5055498a4450982f13206eeac0e333e4322f057d63914c202fcba

SHA512
50114efe1f15f8fd22248466a65f8bffe4e4361183c88396947c5b99b4fdf83aae18f684c06f866fbefc281e469734dc24d1b19cef22dbabc2cfcb5fa656566b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39455.exe

Filesize
184KB

MD5
d4a6502ec8f6521c8a43b6ae968cf5fa

SHA1
8936cd74e5a33babd7859ec6f2d6d6081eb91b21

SHA256
91833505acd6900e043e4b4c083484d0fc7fccb38efe692e78dda4b12baa0fc1

SHA512
1e27b4c76d62bc481426f553975efbbf57df67e68468e1ba3498101dc8af4bc4f1e8b3439b3d3989be994771269363619a49ab93ba5d23dbb0f95813c6795ea1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe

Filesize
184KB

MD5
48134e2847a2acec1f9863b6f8bce186

SHA1
05cbaffe5a93332c96d0cc5a02274e63c2244286

SHA256
7e84a6af6d6d28e823ede4fea3a7576391f200953a0f795c9fe52600cd6de07a

SHA512
1a5223b5640b68233c994b2acbfd7f5abb8eb40dab5211f650bbaae1a89dde00539a2dd05496d8abaed306fb1add06922df055c8daf49afea9aed0c6aa890631

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5804.exe

Filesize
184KB

MD5
6623b6219cb664cba8c85bae00ee8078

SHA1
7909a1f9ccde7742063388c20922ee7b3e5a0945

SHA256
59965f82491cab411164ae6e3aa489eb276ccaf92068308b4642577bb4ae8f92

SHA512
5ec4831f152e8a896351f54a4d3ca48ddbf6940afd1ee3f3ac78e8db48596f0bafeb979d0a5fc37b99b69cece1ef88a7ad22b83086c2af71b1da2840aabd344e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59214.exe

Filesize
184KB

MD5
b6dba39572431f01ac6ad18f894323f6

SHA1
68ebebf636b946ad1c2b1c501fb87435782d8b98

SHA256
6b69c7347822b0655a4eb421ff22da04959adb1989c5f6fe69d43d696d0eed1d

SHA512
018a77eee8dbcaadec5c53ea3821d24e0b95589ca96cc3eab39328c6e05ba90487b2f199eed072c62c9efe7e6c725c33df127dfe500ac9e61a84762473a7d296

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe

Filesize
184KB

MD5
3538bc1eebd313c4b2d4bd392e066033

SHA1
af5c1791714994280327073aaa5305a975c771b0

SHA256
dd3fc0318394308d517dbeacd56cda12f1f606643ea7b17ed3fda5a1db798c42

SHA512
8c5e06e051d02e8ea6f45b7e03a7745542938aa3faaf2289de7d92dd8fb6279a84fcff62c7f8b8c8a33b78e2740b87d2d3ffbd3cb76a943fd87529b25f2bcb01

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10303.exe

Filesize
184KB

MD5
b48f8dadbd80427a7a3650caae0aba68

SHA1
eb4b777d98e950339556150668c6c599063ed8c6

SHA256
52f2732b7840f8a7811ec0fc52a54605be97251f1b0c5f3595f7228fdbe14364

SHA512
b3ef16c838c8d8034ab77badfeb55de37ce11bd9288ed3b8b9188392c4a0c9fe5f4f5d813e233e0720af943896c984f6c2a004d69253df0ba4fb398ae8881326

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11886.exe

Filesize
184KB

MD5
34fc04e2b3ced641b99aa1f3b20dd00e

SHA1
99f08e01418398a8e592f37966f3b4019a0e6b77

SHA256
1c1b16c5112850551328b1c81483229a3c083c84c5db04dfc58bc34b3d8e0fc6

SHA512
dd8d04c43478b7a016b95ee36801aa7bf42121a6684d2cd1f794b8f53ff8a2e1165add6d828cd05ea54bdf5900fb4eb0c54cfe7e7c78b92fc436c030947655fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21670.exe

Filesize
184KB

MD5
f0833596fcbb6fddbf6bbcb1f81f7238

SHA1
41ca9addb2806604df5cd607c313277606f30cb5

SHA256
cc98c9723f6e569c49e08b27404f036090653a64643c99f8d2bac1547715f31c

SHA512
b8f93b7a29dec7f84d35906fad23cea155be73f79be44f2f50d7377798c33c5bb1ec5cb21552e11bfb9e8d92ba002919054cb62c4f2c901bbc9be49b09dd63b2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29284.exe

Filesize
184KB

MD5
353b9fa68bdc034ef46e698d89d892b9

SHA1
9d55cc30eb239b9bd5373f084f760d159672c308

SHA256
d97f4b15247a4be9e3d44d4d2eb551a532ea01b77932412fdb2f804964856c0f

SHA512
7f22139100343f300820cd351262cba618845b67a90286b36a9b296258a8b0ba245d56216de75925cc626b70b6835f1ce586daca0a295cd0a18385d2c5bf0884

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29703.exe

Filesize
184KB

MD5
885e16cdd5e9d24455dce0fa4ba0ed35

SHA1
046da6e84f48227adc3209db874fd90582cbc04c

SHA256
13ad3a323cb0d5a389a883bca7498155708cb277308e1f794b59223d756de199

SHA512
a8cdac9e06c9505faa98496a391486d8a22a1fc775c36c1b3effa5ddf97ce517e96381d004f173407475a5b4df0c70de7daacf242c821663a0c6db9582d4392e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43783.exe

Filesize
184KB

MD5
646ee6b49dda3a9f16ccc1310ee4318e

SHA1
a5b59489fd8524c39c02e7a1c99420501b85ce4b

SHA256
937b6031e3027f76bda880fb0d31c2c195a9ced02eca0bfe4832c1f7314c0e80

SHA512
45e5c97afee9578902a216299f22aeb0187fe4300b801e1a3515fa82e49d2f2ac028f8afa376f9e9fc1356fcee2a110819a7569c8c1ad3718e30599f110800ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46450.exe

Filesize
184KB

MD5
c88fefe65c59adbd965e994585a3f94b

SHA1
42e484a081bdad2a4bbdc04bc4e9ae07af29dbc2

SHA256
6eb2529762fa2ec2842bc88b8f8565ab5ab6b5d9797cef604ae244e406c22d5f

SHA512
387f63b5ab4a2594766c3680569fc9b058441c3576f6239f2046e529f6b2f9d1becb78159e2528151b816c63ebcd6831045cd089d06b23151d2e37684f323828

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53653.exe

Filesize
184KB

MD5
055aa1af1c44f3e39569452ed0858280

SHA1
2bf69c63c2b84e741f809854a8d08799c0a473a8

SHA256
a9c94202a7ce064b45bfe280242d609a32fb3914a6558ce2e8915b3ad6620b85

SHA512
f88829f3343b2f5ba5f29e3b4c099c5b4363fe43944226f49d4accacc9deb32083179f2aeda4cf7f6508ac3c812cd9cc32adedb401ab19664c589dee67d52e03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe

Filesize
184KB

MD5
890cf5fa1d43129ce0899135c4093f1c

SHA1
9ba22b833dedaa802261383abc1fd8c7a0a8d9c7

SHA256
d7d12ba40fa1e55ce7fffef3f99539bb6402896dbdfc5344627a49a6f1e58103

SHA512
ebe35c1f5d865659b1b121c3a4b98ead3b2e787bf7b37eb7103b2ea75365ed46882792f415ab7489894a7fbf3b6dc8ac70a960b2cecda4d4848a8edf8e0dc32e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58147.exe

Filesize
184KB

MD5
7a105685e1b959a2032598ed2fb5e5a7

SHA1
11c9f2743ccb6e6a6b423fbf33b936ff7be679fa

SHA256
c294c85e687021b5f83d5bf74413c9a5f97df8433541df9471d4ba21e830e535

SHA512
b51fe2cdcc867c9945b4bb7bb00b5aca5fca05831b472768354ff13904c3ffa4ddad9ab0eb086973065abb4b9e4d6ec2232c25a2ccc6f06df601597252c03468

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64979.exe

Filesize
184KB

MD5
523d07e4d0451637148bf3f83b9d32b3

SHA1
d3a0b712518216db761d3250ba89308f8c773804

SHA256
8f4aa1f72f8c7dba698d4edc1ef42d963f7b4da77e52f638f5c2225fc7e80bf1

SHA512
627c5e37b94fd99f74a087774a0bd441b08f3e19d7bbd4804b4972e2c618ce14424447fff2a95e45960b9fdcd4038e2ab0133c7917bae72dae2d44e952861548

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8728.exe

Filesize
184KB

MD5
e3cf3aa666d559a10a1aa6dbfe1e9e7c

SHA1
e7114e3c51e905b93fb1a10f994ac748836f4040

SHA256
0f21f500b44bab7a6d91b076069740af67e77a2d61896bb89fe1df9e04e2ec0b

SHA512
c60ebb30dc8982cf257d18b3c55620e2490479b52963de45790ff9228fa252ef68a8f68ce2630319761f9f18cc477cfc5283fd86bbe9eb01e92980a8c6fdeff4

Download Submit