7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
Size

184KB
MD5

9e0d501460e0ab995f2184339c3272a6
SHA1

11d5b0e8431cfe8ce152a04e62562914cbbd2ed9
SHA256

7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f
SHA512

4952b594663d8383a981ddfc100218e506f70dba6d44d85271e45d3f16ce6e11768f925ff4347d77b1ce11c4f24a1c507aa40a7badab433c4c3ced5b5cdba807
SSDEEP

3072:Zl16pxoI32VOKmDEWeDoLXTC8hlnniF3n3:Zl4oIl9DEuLjC8hlnniF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-17362.exeUnicorn-62239.exeUnicorn-39126.exeUnicorn-47377.exeUnicorn-58238.exeUnicorn-41731.exeUnicorn-20481.exeUnicorn-58306.exeUnicorn-34356.exeUnicorn-14066.exeUnicorn-7522.exeUnicorn-55182.exeUnicorn-20372.exeUnicorn-13334.exeUnicorn-17418.exeUnicorn-49536.exeUnicorn-49536.exeUnicorn-25586.exeUnicorn-2556.exeUnicorn-21585.exeUnicorn-51565.exeUnicorn-5057.exeUnicorn-45535.exeUnicorn-61871.exeUnicorn-39313.exeUnicorn-54258.exeUnicorn-32275.exeUnicorn-4502.exeUnicorn-13246.exeUnicorn-2831.exeUnicorn-4455.exeUnicorn-19168.exeUnicorn-59816.exeUnicorn-2639.exeUnicorn-44227.exeUnicorn-14891.exeUnicorn-42088.exeUnicorn-15467.exeUnicorn-4969.exeUnicorn-35696.exeUnicorn-43864.exeUnicorn-43864.exeUnicorn-46557.exeUnicorn-28082.exeUnicorn-28082.exeUnicorn-40334.exeUnicorn-60200.exeUnicorn-24404.exeUnicorn-55493.exeUnicorn-40548.exeUnicorn-30242.exeUnicorn-37018.exeUnicorn-54938.exeUnicorn-30988.exeUnicorn-32920.exeUnicorn-35058.exeUnicorn-35058.exeUnicorn-35058.exeUnicorn-23360.exeUnicorn-19276.exeUnicorn-36812.exeUnicorn-16946.exeUnicorn-53340.exeUnicorn-23168.exe

pid	process
2952	Unicorn-17362.exe
3052	Unicorn-62239.exe
2924	Unicorn-39126.exe
2720	Unicorn-47377.exe
2608	Unicorn-58238.exe
2456	Unicorn-41731.exe
552	Unicorn-20481.exe
1808	Unicorn-58306.exe
1960	Unicorn-34356.exe
2476	Unicorn-14066.exe
2732	Unicorn-7522.exe
1600	Unicorn-55182.exe
1648	Unicorn-20372.exe
2620	Unicorn-13334.exe
2084	Unicorn-17418.exe
2496	Unicorn-49536.exe
2064	Unicorn-49536.exe
532	Unicorn-25586.exe
1196	Unicorn-2556.exe
1336	Unicorn-21585.exe
1952	Unicorn-51565.exe
1608	Unicorn-5057.exe
2024	Unicorn-45535.exe
2232	Unicorn-61871.exe
1392	Unicorn-39313.exe
2136	Unicorn-54258.exe
2236	Unicorn-32275.exe
2824	Unicorn-4502.exe
2996	Unicorn-13246.exe
2144	Unicorn-2831.exe
1548	Unicorn-4455.exe
2900	Unicorn-19168.exe
2572	Unicorn-59816.exe
2408	Unicorn-2639.exe
2700	Unicorn-44227.exe
580	Unicorn-14891.exe
992	Unicorn-42088.exe
2648	Unicorn-15467.exe
2508	Unicorn-4969.exe
1784	Unicorn-35696.exe
1116	Unicorn-43864.exe
2376	Unicorn-43864.exe
1980	Unicorn-46557.exe
1988	Unicorn-28082.exe
2180	Unicorn-28082.exe
1976	Unicorn-40334.exe
1740	Unicorn-60200.exe
2324	Unicorn-24404.exe
2088	Unicorn-55493.exe
440	Unicorn-40548.exe
1192	Unicorn-30242.exe
1760	Unicorn-37018.exe
2036	Unicorn-54938.exe
1524	Unicorn-30988.exe
2916	Unicorn-32920.exe
1248	Unicorn-35058.exe
1316	Unicorn-35058.exe
2664	Unicorn-35058.exe
2800	Unicorn-23360.exe
2612	Unicorn-19276.exe
2520	Unicorn-36812.exe
2872	Unicorn-16946.exe
1464	Unicorn-53340.exe
2616	Unicorn-23168.exe

Loads dropped DLL 64 IoCs

Processes:

7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exeUnicorn-17362.exeUnicorn-39126.exeUnicorn-62239.exeWerFault.exeUnicorn-58238.exeUnicorn-47377.exeUnicorn-41731.exeWerFault.exeWerFault.exeUnicorn-14066.exeUnicorn-20481.exeUnicorn-58306.exeUnicorn-7522.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
2952	Unicorn-17362.exe
2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
2952	Unicorn-17362.exe
2924	Unicorn-39126.exe
2952	Unicorn-17362.exe
2924	Unicorn-39126.exe
2952	Unicorn-17362.exe
3052	Unicorn-62239.exe
3052	Unicorn-62239.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2608	Unicorn-58238.exe
2608	Unicorn-58238.exe
2720	Unicorn-47377.exe
2924	Unicorn-39126.exe
2720	Unicorn-47377.exe
2924	Unicorn-39126.exe
2456	Unicorn-41731.exe
2456	Unicorn-41731.exe
3052	Unicorn-62239.exe
3052	Unicorn-62239.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
856	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2316	WerFault.exe
2476	Unicorn-14066.exe
552	Unicorn-20481.exe
2476	Unicorn-14066.exe
552	Unicorn-20481.exe
2456	Unicorn-41731.exe
2456	Unicorn-41731.exe
2608	Unicorn-58238.exe
2608	Unicorn-58238.exe
1808	Unicorn-58306.exe
2732	Unicorn-7522.exe
1808	Unicorn-58306.exe
2732	Unicorn-7522.exe
2720	Unicorn-47377.exe
2720	Unicorn-47377.exe
676	WerFault.exe
676	WerFault.exe
676	WerFault.exe
676	WerFault.exe
676	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
3040	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2564	2724	WerFault.exe	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
2864	2952	WerFault.exe	Unicorn-17362.exe
856	2924	WerFault.exe	Unicorn-39126.exe
2316	3052	WerFault.exe	Unicorn-62239.exe
676	1960	WerFault.exe	Unicorn-34356.exe
3040	2608	WerFault.exe	Unicorn-58238.exe
2256	2720	WerFault.exe	Unicorn-47377.exe
1256	2456	WerFault.exe	Unicorn-41731.exe
1860	552	WerFault.exe	Unicorn-20481.exe
2340	2476	WerFault.exe	Unicorn-14066.exe
2920	1808	WerFault.exe	Unicorn-58306.exe
2548	2732	WerFault.exe	Unicorn-7522.exe
3048	1600	WerFault.exe	Unicorn-55182.exe
2844	1648	WerFault.exe	Unicorn-20372.exe
1604	2620	WerFault.exe	Unicorn-13334.exe
2584	2496	WerFault.exe	Unicorn-49536.exe
2880	2064	WerFault.exe	Unicorn-49536.exe
1484	2084	WerFault.exe	Unicorn-17418.exe
884	532	WerFault.exe	Unicorn-25586.exe
1520	1196	WerFault.exe	Unicorn-2556.exe
2556	1608	WerFault.exe	Unicorn-5057.exe
1620	1336	WerFault.exe	Unicorn-21585.exe
2668	2136	WerFault.exe	Unicorn-54258.exe
1796	2236	WerFault.exe	Unicorn-32275.exe
2760	1392	WerFault.exe	Unicorn-39313.exe
1912	2232	WerFault.exe	Unicorn-61871.exe
2328	2900	WerFault.exe	Unicorn-19168.exe
1224	2572	WerFault.exe	Unicorn-59816.exe
2708	2144	WerFault.exe	Unicorn-2831.exe
2744	1548	WerFault.exe	Unicorn-4455.exe
2460	2700	WerFault.exe	Unicorn-44227.exe
2092	580	WerFault.exe	Unicorn-14891.exe
1996	2408	WerFault.exe	Unicorn-2639.exe
1692	2824	WerFault.exe	Unicorn-4502.exe
1800	2508	WerFault.exe	Unicorn-4969.exe
1296	1740	WerFault.exe	Unicorn-60200.exe
572	2180	WerFault.exe	Unicorn-28082.exe
1696	2376	WerFault.exe	Unicorn-43864.exe
3316	1628	WerFault.exe	Unicorn-41341.exe
3468	1952	WerFault.exe	Unicorn-51565.exe
3528	1116	WerFault.exe	Unicorn-43864.exe
3556	2996	WerFault.exe	Unicorn-13246.exe
3564	992	WerFault.exe	Unicorn-42088.exe
3584	1988	WerFault.exe	Unicorn-28082.exe
3628	2024	WerFault.exe	Unicorn-45535.exe
3664	1784	WerFault.exe	Unicorn-35696.exe
3688	1976	WerFault.exe	Unicorn-40334.exe
3908	1760	WerFault.exe	Unicorn-37018.exe
3972	2616	WerFault.exe	Unicorn-23168.exe
3980	1524	WerFault.exe	Unicorn-30988.exe
4064	2016	WerFault.exe	Unicorn-6147.exe
4080	372	WerFault.exe	Unicorn-1316.exe
4088	2748	WerFault.exe	Unicorn-18229.exe
3084	1856	WerFault.exe	Unicorn-17845.exe
3108	2036	WerFault.exe	Unicorn-54938.exe
3132	440	WerFault.exe	Unicorn-40548.exe
3276	2520	WerFault.exe	Unicorn-36812.exe
3304	2648	WerFault.exe	Unicorn-15467.exe
3336	1464	WerFault.exe	Unicorn-53340.exe
3344	1316	WerFault.exe	Unicorn-35058.exe
3448	1980	WerFault.exe	Unicorn-46557.exe
3756	2856	WerFault.exe	Unicorn-57123.exe
3804	2872	WerFault.exe	Unicorn-16946.exe
3904	1192	WerFault.exe	Unicorn-30242.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exeUnicorn-17362.exeUnicorn-39126.exeUnicorn-62239.exeUnicorn-47377.exeUnicorn-58238.exeUnicorn-41731.exeUnicorn-20481.exeUnicorn-58306.exeUnicorn-14066.exeUnicorn-34356.exeUnicorn-7522.exeUnicorn-55182.exeUnicorn-20372.exeUnicorn-13334.exeUnicorn-17418.exeUnicorn-49536.exeUnicorn-49536.exeUnicorn-25586.exeUnicorn-2556.exeUnicorn-21585.exeUnicorn-51565.exeUnicorn-5057.exeUnicorn-45535.exeUnicorn-54258.exeUnicorn-39313.exeUnicorn-32275.exeUnicorn-61871.exeUnicorn-4502.exeUnicorn-13246.exeUnicorn-2831.exeUnicorn-4455.exeUnicorn-19168.exeUnicorn-59816.exeUnicorn-2639.exeUnicorn-44227.exeUnicorn-14891.exeUnicorn-42088.exeUnicorn-15467.exeUnicorn-4969.exeUnicorn-35696.exeUnicorn-43864.exeUnicorn-43864.exeUnicorn-46557.exeUnicorn-28082.exeUnicorn-40334.exeUnicorn-28082.exeUnicorn-60200.exeUnicorn-24404.exeUnicorn-55493.exeUnicorn-40548.exeUnicorn-37018.exeUnicorn-30242.exeUnicorn-54938.exeUnicorn-30988.exeUnicorn-32920.exeUnicorn-35058.exeUnicorn-23360.exeUnicorn-35058.exeUnicorn-35058.exeUnicorn-19276.exeUnicorn-36812.exeUnicorn-16946.exeUnicorn-53340.exe

pid	process
2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
2952	Unicorn-17362.exe
2924	Unicorn-39126.exe
3052	Unicorn-62239.exe
2720	Unicorn-47377.exe
2608	Unicorn-58238.exe
2456	Unicorn-41731.exe
552	Unicorn-20481.exe
1808	Unicorn-58306.exe
2476	Unicorn-14066.exe
1960	Unicorn-34356.exe
2732	Unicorn-7522.exe
1600	Unicorn-55182.exe
1648	Unicorn-20372.exe
2620	Unicorn-13334.exe
2084	Unicorn-17418.exe
2064	Unicorn-49536.exe
2496	Unicorn-49536.exe
532	Unicorn-25586.exe
1196	Unicorn-2556.exe
1336	Unicorn-21585.exe
1952	Unicorn-51565.exe
1608	Unicorn-5057.exe
2024	Unicorn-45535.exe
2136	Unicorn-54258.exe
1392	Unicorn-39313.exe
2236	Unicorn-32275.exe
2232	Unicorn-61871.exe
2824	Unicorn-4502.exe
2996	Unicorn-13246.exe
2144	Unicorn-2831.exe
1548	Unicorn-4455.exe
2900	Unicorn-19168.exe
2572	Unicorn-59816.exe
2408	Unicorn-2639.exe
2700	Unicorn-44227.exe
580	Unicorn-14891.exe
992	Unicorn-42088.exe
2648	Unicorn-15467.exe
2508	Unicorn-4969.exe
1784	Unicorn-35696.exe
1116	Unicorn-43864.exe
2376	Unicorn-43864.exe
1980	Unicorn-46557.exe
2180	Unicorn-28082.exe
1976	Unicorn-40334.exe
1988	Unicorn-28082.exe
1740	Unicorn-60200.exe
2324	Unicorn-24404.exe
2088	Unicorn-55493.exe
440	Unicorn-40548.exe
1760	Unicorn-37018.exe
1192	Unicorn-30242.exe
2036	Unicorn-54938.exe
1524	Unicorn-30988.exe
2916	Unicorn-32920.exe
1248	Unicorn-35058.exe
2800	Unicorn-23360.exe
1316	Unicorn-35058.exe
2664	Unicorn-35058.exe
2612	Unicorn-19276.exe
2520	Unicorn-36812.exe
2872	Unicorn-16946.exe
1464	Unicorn-53340.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exeUnicorn-17362.exeUnicorn-39126.exeUnicorn-62239.exeUnicorn-58238.exeUnicorn-47377.exeUnicorn-41731.exeUnicorn-14066.exe

description	pid	process	target process
PID 2724 wrote to memory of 2952	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-17362.exe
PID 2724 wrote to memory of 2952	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-17362.exe
PID 2724 wrote to memory of 2952	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-17362.exe
PID 2724 wrote to memory of 2952	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-17362.exe
PID 2724 wrote to memory of 3052	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-62239.exe
PID 2724 wrote to memory of 3052	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-62239.exe
PID 2724 wrote to memory of 3052	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-62239.exe
PID 2724 wrote to memory of 3052	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	Unicorn-62239.exe
PID 2952 wrote to memory of 2924	2952	Unicorn-17362.exe	Unicorn-39126.exe
PID 2952 wrote to memory of 2924	2952	Unicorn-17362.exe	Unicorn-39126.exe
PID 2952 wrote to memory of 2924	2952	Unicorn-17362.exe	Unicorn-39126.exe
PID 2952 wrote to memory of 2924	2952	Unicorn-17362.exe	Unicorn-39126.exe
PID 2724 wrote to memory of 2564	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	WerFault.exe
PID 2724 wrote to memory of 2564	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	WerFault.exe
PID 2724 wrote to memory of 2564	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	WerFault.exe
PID 2724 wrote to memory of 2564	2724	7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe	WerFault.exe
PID 2924 wrote to memory of 2720	2924	Unicorn-39126.exe	Unicorn-47377.exe
PID 2924 wrote to memory of 2720	2924	Unicorn-39126.exe	Unicorn-47377.exe
PID 2924 wrote to memory of 2720	2924	Unicorn-39126.exe	Unicorn-47377.exe
PID 2924 wrote to memory of 2720	2924	Unicorn-39126.exe	Unicorn-47377.exe
PID 2952 wrote to memory of 2608	2952	Unicorn-17362.exe	Unicorn-58238.exe
PID 2952 wrote to memory of 2608	2952	Unicorn-17362.exe	Unicorn-58238.exe
PID 2952 wrote to memory of 2608	2952	Unicorn-17362.exe	Unicorn-58238.exe
PID 2952 wrote to memory of 2608	2952	Unicorn-17362.exe	Unicorn-58238.exe
PID 3052 wrote to memory of 2456	3052	Unicorn-62239.exe	Unicorn-41731.exe
PID 3052 wrote to memory of 2456	3052	Unicorn-62239.exe	Unicorn-41731.exe
PID 3052 wrote to memory of 2456	3052	Unicorn-62239.exe	Unicorn-41731.exe
PID 3052 wrote to memory of 2456	3052	Unicorn-62239.exe	Unicorn-41731.exe
PID 2952 wrote to memory of 2864	2952	Unicorn-17362.exe	WerFault.exe
PID 2952 wrote to memory of 2864	2952	Unicorn-17362.exe	WerFault.exe
PID 2952 wrote to memory of 2864	2952	Unicorn-17362.exe	WerFault.exe
PID 2952 wrote to memory of 2864	2952	Unicorn-17362.exe	WerFault.exe
PID 2608 wrote to memory of 552	2608	Unicorn-58238.exe	Unicorn-20481.exe
PID 2608 wrote to memory of 552	2608	Unicorn-58238.exe	Unicorn-20481.exe
PID 2608 wrote to memory of 552	2608	Unicorn-58238.exe	Unicorn-20481.exe
PID 2608 wrote to memory of 552	2608	Unicorn-58238.exe	Unicorn-20481.exe
PID 2720 wrote to memory of 1808	2720	Unicorn-47377.exe	Unicorn-58306.exe
PID 2720 wrote to memory of 1808	2720	Unicorn-47377.exe	Unicorn-58306.exe
PID 2720 wrote to memory of 1808	2720	Unicorn-47377.exe	Unicorn-58306.exe
PID 2720 wrote to memory of 1808	2720	Unicorn-47377.exe	Unicorn-58306.exe
PID 2924 wrote to memory of 1960	2924	Unicorn-39126.exe	Unicorn-34356.exe
PID 2924 wrote to memory of 1960	2924	Unicorn-39126.exe	Unicorn-34356.exe
PID 2924 wrote to memory of 1960	2924	Unicorn-39126.exe	Unicorn-34356.exe
PID 2924 wrote to memory of 1960	2924	Unicorn-39126.exe	Unicorn-34356.exe
PID 2456 wrote to memory of 2476	2456	Unicorn-41731.exe	Unicorn-14066.exe
PID 2456 wrote to memory of 2476	2456	Unicorn-41731.exe	Unicorn-14066.exe
PID 2456 wrote to memory of 2476	2456	Unicorn-41731.exe	Unicorn-14066.exe
PID 2456 wrote to memory of 2476	2456	Unicorn-41731.exe	Unicorn-14066.exe
PID 3052 wrote to memory of 2732	3052	Unicorn-62239.exe	Unicorn-7522.exe
PID 3052 wrote to memory of 2732	3052	Unicorn-62239.exe	Unicorn-7522.exe
PID 3052 wrote to memory of 2732	3052	Unicorn-62239.exe	Unicorn-7522.exe
PID 3052 wrote to memory of 2732	3052	Unicorn-62239.exe	Unicorn-7522.exe
PID 2924 wrote to memory of 856	2924	Unicorn-39126.exe	WerFault.exe
PID 2924 wrote to memory of 856	2924	Unicorn-39126.exe	WerFault.exe
PID 2924 wrote to memory of 856	2924	Unicorn-39126.exe	WerFault.exe
PID 2924 wrote to memory of 856	2924	Unicorn-39126.exe	WerFault.exe
PID 3052 wrote to memory of 2316	3052	Unicorn-62239.exe	WerFault.exe
PID 3052 wrote to memory of 2316	3052	Unicorn-62239.exe	WerFault.exe
PID 3052 wrote to memory of 2316	3052	Unicorn-62239.exe	WerFault.exe
PID 3052 wrote to memory of 2316	3052	Unicorn-62239.exe	WerFault.exe
PID 2476 wrote to memory of 1600	2476	Unicorn-14066.exe	Unicorn-55182.exe
PID 2476 wrote to memory of 1600	2476	Unicorn-14066.exe	Unicorn-55182.exe
PID 2476 wrote to memory of 1600	2476	Unicorn-14066.exe	Unicorn-55182.exe
PID 2476 wrote to memory of 1600	2476	Unicorn-14066.exe	Unicorn-55182.exe

C:\Users\Admin\AppData\Local\Temp\7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe
"C:\Users\Admin\AppData\Local\Temp\7f41982bff4806a81392de1e202448a33ac155f34fac599cae67460bebe3349f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40403.exe
9⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52987.exe
10⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64108.exe
11⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
12⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40777.exe
13⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13234.exe
14⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57630.exe
15⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
14⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
13⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
12⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
11⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9240.exe
10⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
11⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54241.exe
12⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
13⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 220
13⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
11⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 220
10⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 236
9⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16453.exe
8⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25878.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11098.exe
10⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49661.exe
11⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
12⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
13⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12238.exe
14⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 220
13⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
12⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
9⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
8⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9245.exe
8⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59401.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38307.exe
11⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
12⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25155.exe
13⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
13⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
11⤵
PID:2980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
9⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
8⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15467.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
9⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
10⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30803.exe
11⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe
12⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
13⤵
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 220
13⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
12⤵
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
11⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 216
10⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
9⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22073.exe
8⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4061.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14570.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54703.exe
12⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44252.exe
13⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
11⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
9⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16946.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4305.exe
8⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54077.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29542.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
12⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 236
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
11⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 216
9⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
8⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
7⤵
- Program crash
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
6⤵
- Program crash
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25586.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13246.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60200.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18037.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60304.exe
9⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47253.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
11⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-39934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39934.exe
12⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50842.exe
13⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31097.exe
14⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
13⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
12⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
10⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
8⤵
- Program crash
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24813.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65426.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17648.exe
10⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24449.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 236
12⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
11⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
8⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
7⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40334.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23875.exe
7⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25977.exe
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64430.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13535.exe
11⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
12⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 236
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 236
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 236
7⤵
- Program crash
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
6⤵
- Program crash
PID:884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-58238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58238.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51565.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24918.exe
9⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4352.exe
11⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30806.exe
12⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56789.exe
13⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 220
13⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
12⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
11⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
10⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
9⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
8⤵
- Program crash
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23360.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3210.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12193.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43356.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4404.exe
11⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe
12⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
12⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
10⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47751.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39272.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55167.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
11⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
11⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44227.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32920.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23356.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20995.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54788.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
11⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
12⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
13⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
12⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 216
9⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
8⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
7⤵
- Program crash
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5057.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59816.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58166.exe
8⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17430.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37134.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12349.exe
11⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9539.exe
12⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19364.exe
13⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 236
11⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
10⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
9⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
8⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
7⤵
- Program crash
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30988.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29687.exe
7⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53802.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21374.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21452.exe
10⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
11⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
12⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
11⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
10⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
8⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
7⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
6⤵
- Program crash
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
5⤵
- Program crash
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
7⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48052.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35712.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11451.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27298.exe
11⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35430.exe
12⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 236
12⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 236
11⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
9⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
8⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
7⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
6⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56988.exe
7⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20938.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9072.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43738.exe
12⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
12⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 236
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 236
10⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 220
9⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
8⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
7⤵
- Program crash
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
6⤵
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28082.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
6⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5265.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8244.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
10⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63063.exe
11⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59410.exe
12⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
11⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 236
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
8⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
7⤵
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
6⤵
- Program crash
PID:572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
5⤵
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2556.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24404.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57123.exe
9⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29386.exe
10⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31820.exe
11⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47331.exe
12⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28525.exe
13⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-790.exe
14⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 220
14⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
13⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
12⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
11⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
10⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36162.exe
9⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36833.exe
11⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4355.exe
12⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
13⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
13⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
12⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
10⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41341.exe
8⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
9⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
8⤵
- Program crash
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55493.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11020.exe
8⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62442.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-382.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42344.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2658.exe
12⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
13⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
13⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 236
12⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32270.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29163.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38644.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40393.exe
11⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2928.exe
12⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
12⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
10⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 220
8⤵
PID:4144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
7⤵
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4455.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40548.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:440

C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18229.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
9⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
10⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
11⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38639.exe
12⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51553.exe
13⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4345.exe
14⤵
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 236
13⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 236
12⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
11⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
10⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
9⤵
- Program crash
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1160.exe
8⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33766.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23128.exe
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30855.exe
11⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48429.exe
12⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 220
12⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
9⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 240
8⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29089.exe
7⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35800.exe
8⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54762.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4269.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6109.exe
11⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60956.exe
12⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
12⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
9⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
8⤵
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
6⤵
- Program crash
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21585.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19168.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30242.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39692.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42126.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31296.exe
10⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13942.exe
11⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 220
12⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
11⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
9⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 236
8⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
7⤵
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2551.exe
7⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47388.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
10⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
11⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
7⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
6⤵
- Program crash
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
5⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45535.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14891.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11944.exe
10⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
11⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39877.exe
12⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 220
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
8⤵
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
7⤵
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
7⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13703.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49770.exe
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31431.exe
10⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13810.exe
11⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 216
11⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
10⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
8⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
7⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
6⤵
- Program crash
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42088.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35058.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
7⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-465.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14186.exe
9⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
10⤵
PID:7576

C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22654.exe
11⤵
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
10⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 236
9⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
7⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 216
6⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
5⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
4⤵
- Program crash
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49536.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39313.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4969.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53340.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14611.exe
8⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19760.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25074.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2458.exe
11⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19841.exe
12⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
12⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
10⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
9⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
8⤵
- Program crash
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 236
7⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-23168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23168.exe
6⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33470.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4601.exe
8⤵
PID:3672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 220
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
7⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 240
6⤵
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46557.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
6⤵
PID:372

C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15296.exe
7⤵
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55800.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe
10⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
11⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
11⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 216
8⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 372 -s 236
7⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50169.exe
6⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
7⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
8⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54708.exe
9⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 236
10⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
9⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
8⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 216
7⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
6⤵
- Program crash
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
5⤵
- Program crash
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32275.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35696.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42349.exe
6⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51617.exe
7⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23647.exe
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16577.exe
10⤵
PID:8228

C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3302.exe
11⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 236
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
9⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
8⤵
PID:2804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
7⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
6⤵
- Program crash
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18399.exe
5⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
6⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60107.exe
7⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12629.exe
8⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59443.exe
9⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27625.exe
10⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
10⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
9⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
8⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 216
7⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
6⤵
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
5⤵
- Program crash
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
4⤵
- Program crash
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
2⤵
- Program crash
PID:2564

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14066.exe

Filesize
184KB

MD5
82660892857f7722ddf5e216faa6d5d1

SHA1
5e834d33eb9de12b10ae7f2d34b9ffb4adea6184

SHA256
427bcbfbc106bf93f2a6836d04ca5022d598d4199b56b5af5b852ba4d99c3963

SHA512
8dbd3aca20d42110fca4025c5ee1ca9c86415446e0753745c1e8c16472bb9e7f67f2d04cad425d0e1027d470d5e8f79d7d3fcfa3f117292a492e007776d9b058

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20609.exe

Filesize
184KB

MD5
28ff99c8bb7e8548247008196850b574

SHA1
a31a3fcfb75c3ab62924f06064e40c8b85f829b4

SHA256
ec0c637937fdcd9b924166281091f2387296907deb9f23e765280d7ac6a5a22a

SHA512
d7a6dcdb4b7f853810b6f49ce8d54a49ba86c1096183c37f6636ac62367305e20bb0f5a04636ab55b1a136b19255a269b15931132149e136b4cb5039f9246813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23927.exe

Filesize
184KB

MD5
bd7972db3fd3e812c448f6a5bff1105b

SHA1
992cd059ca4fc697f0b253bb022e47cf4b53b191

SHA256
ade2fc01bd4e4e573acb47957be52c5e4d480d5f1b179ea00ba513e8089eba00

SHA512
3edb7daa732d21b664ede83a1fd18e8eb0961bef0822a936f972678e9056614a48ef8ba09aacbc31f2ca41f64577862c025c9d3bbddbf26a7c40797e300062df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44874.exe

Filesize
184KB

MD5
b9c8cdb8e0e6ebf2e3b093a47bbf63e9

SHA1
1010286e3a8351b6a3b95b9f7d6defcf4ab9a3dd

SHA256
f140159270acf07842b2c0acae50f1ba13ac365f68e4eeb0ce62fce5a6101a00

SHA512
aa930afbc40501ed20c798df4ae970b789647a6d7d27c0818b128e57b2120a0ec5ec70ce6a5e0a7c49ad7cb856758cc6f42c7815b566528cec977d4717380968

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55182.exe

Filesize
184KB

MD5
88145dfba9c2cc117fac9029fbbc1f1d

SHA1
38d342a517cde054661d58078b3a8b6598acef68

SHA256
d727e97ce92666fb5ad3910158e91d8cdb1cafd9ede6554c48ccf435f156a7e5

SHA512
d4f3d1ac224daf36973f88b8c04ce548b81e7f481a37f6d2493bb86b668af9eb9b62b376809b67959e0c0913e8c320d4291e5406bacfb44ba347cf6c71d3e48d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63335.exe

Filesize
184KB

MD5
862f6a1278dca06904e638417e84d0bf

SHA1
7bf84ca822d7936c61ed4d2d847708ab402e6d1a

SHA256
e9488dc4ef6f7e7ad8326297359c97e3c33dcb59e15e914a2e023cfe70b54a91

SHA512
35b964d0cef1020f25073a0b7177d64e8ce00470821db42a40975dc7bf798b065d4fdc06a59133f4127792534a576b1c77e48e98bd53014ff6f1cfcc59c36329

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13334.exe

Filesize
184KB

MD5
a8b776da2a12bd1b3d95c9d1fcd64b8a

SHA1
c035d86c285462159aebb751334886cebc4e5c7c

SHA256
e73e655ddb54413fe6178dff1697e59dc5990da4cc2589a0eb588b527eef4800

SHA512
041954240436dea1f2934c9a0c31e9132d356b285bb3af83da2ee44d780e8e4a5ad3cd369ee5a1ddbb6b934bffb9a6b51c8a8f400f7b7e55cabe3a73faa9e12d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe

Filesize
184KB

MD5
0a8dd5f4d6dace47e6b41740c0c92d27

SHA1
ec3a0429754e32b4dc9f6bb10d29a87c086b7e73

SHA256
d1552e95233d5fa77b7e53d8a2b5307e90f5d984281fc3c54416bb7a414c80f2

SHA512
062de2fe871af2d8199100c008f280cf3e5b5cf7eb592bc1015acca2ba817e54fed27b27c64de499da0c4ae12dcd3c460e5d7831d81c56451aee2b06be6a7b72

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20372.exe

Filesize
184KB

MD5
bf5614bce1369673e7e00ec72258e4fc

SHA1
6423130c2d6f64cb68623c0658c6d5d5baee6689

SHA256
13b9026c9f08a8f5152a5bc13cb1b05fad883a8ddd7b50638d40bd26848ff307

SHA512
1c638b3d98ce7323cf99ce6464d6a147562060a48be6ea110674048eb924ed51f28ce96bd84ffc52d41aeaf5af35d258164392c562bd7f5b67d65c90607684be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20481.exe

Filesize
184KB

MD5
e3bafa9ca303ae6d7c0b9ae59eb082fb

SHA1
a156b60d57745ce4d24826320a818103c2c0fc93

SHA256
a39d551c2de4adbc18293223d9f84b9af4a1c13849297ef63c626c15c4282e04

SHA512
97695d5c05685369b974be4422fe1a108e4285d6e0b0bd56b0332a0741ad746223215d1e7c49d6c017069f5a5c5e80106f448b9928983ee3b561b3f181c7e25f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe

Filesize
184KB

MD5
b993866609089b8305cbf5999360e176

SHA1
fed295b46a2e3bf2ecc7664d6c020e99a3150d10

SHA256
63c316ec5b6b3fd61a9304e705cd5b14616a9f2b750969fce6743d49a0732239

SHA512
9653a390e585233d2594b36d84cf057aeb004d5f6aedc29ec379d7d17b0b56fe4470b52132ca379607a0bf368cccfe2152c52cda2c39050ebb0e8897129b49d8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe

Filesize
184KB

MD5
6cf6fc42aebdde8743c8df64abb46809

SHA1
a900c1d4a4a1aa107fb49bf001138193af602416

SHA256
f13472fde62e2d6bd1e377339bb081f82b7fce3117b6a9fd9c01f95a970c1051

SHA512
215b303a93c9ae7e45bedfb6f9af4e22968d83b4ee3778f120dc88fa889339fd17a57b3b1b1ba310285f51e920ca3293382bafc7aeca0082bb7cbc638385bb2b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe

Filesize
184KB

MD5
10a63d6a6b1caf8b3b1c47f78c7ab648

SHA1
c9d54b0eb4f4f7017934123aff95631d4c27119f

SHA256
f145ca4dde112c2a52844fae75c75175ed7b0bd6c41dc65f3508f59f45b36894

SHA512
a949cf048cdc021ee228cade6e278ad96e66e36cf650671d9b560448d54ca27bab876669a0886684d2f6f73a6e6625dd071d3ea1598826223ee92d0895a2f55e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe

Filesize
184KB

MD5
3c2e557f63a80a3cf747c38e8b3630b6

SHA1
3124c93af1343a8024a8831a2b748c912f952e64

SHA256
16761e8f7a168c0bc980d6a5a7389f08ebba51ee4c3a979fb8df1866f76def7f

SHA512
91bc317aed32fa9fc00190359b4ed658ad81a73257f642399eb2a5909f685a55344e8adf0e16698cee9af5d7275be3fcdbf60466582c436e6873c3a22069f382

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58238.exe

Filesize
184KB

MD5
7f648e4be535c5ffc74183df9dd30b98

SHA1
122e8c14808d0bccb74d8cd439c1efe3349227f7

SHA256
827c18c024510e4437b02f416a82bf1e3dacf310a9e3da7b9816980072bbc64b

SHA512
f506a69eb26f4957957bfed1db7e843afc818c47adef0c9cf053098bd7c33ab3987a918363acb26c0061ea69837af8d7c33509265dae47e1c270de44d2efbad1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58306.exe

Filesize
184KB

MD5
0da59be30d0c1d2e2382b52e71a6640c

SHA1
f0632665a1249de8bc0ca3fc3c477968d158d14b

SHA256
0f7627617460471f86b913d1acbbc4081b915466af75cb4039e98d0ddf85faa8

SHA512
e7d4128d20b0209119683987c2c75211ad7b9a27e390311ba1b1a65ec73b2b79f7ab677115d84b89dedef56486f18a210c18e1d3e8432a6d6b2ccd078b7f48aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe

Filesize
184KB

MD5
5a5fe08c57380038dd1d1974c28344bf

SHA1
8da6d4542e2775b83fb2b80bb5fdcbf02c14c483

SHA256
1cca9df22a8b1d49ad2db18d6c78403bb52ccfff87e6b6e820373388e55a24b1

SHA512
59633ba968b74ac400e8f0d92175d5e64e3bc12e36a710e810b9dfc968b265dbda18f32b0daae26c933814e5f57117ea24a140faf404c5cef77c03d4e8305ed4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe

Filesize
184KB

MD5
f91aadabdf0c73f38150636058ad8794

SHA1
d865522a36e82e61037979965b8aac2f2e0dcd90

SHA256
87430d20cc67188c4e64135d6cc305c28bea7d12f3d7d1164faa523f2727e133

SHA512
42c9e09c64629f76773c214ff0df97ebefd81165f1bf4a6cbc47db911cd84f157c9f6b5261549f744bd49f218cbaa103d29c9827ebc5c430a4725f777c04e475

Download Submit