ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
Size

184KB
MD5

6a1ee0abed65b7e2d1f64b90aa32acc7
SHA1

336ee33e08c94ecbdd36477adb3c6467f51a29da
SHA256

ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f
SHA512

879b50f091a4bcda32ecbb9932558135421d026ea964f06f7278c996621cb05d47104d60a4ca781cc92de3d7860ff2bc553fb0eca630f4bdee366d4cbad81de3
SSDEEP

3072:643ni3ol6aEx6LQYe5ILGrpgIKYwzO/KHVMen5Ke4Oe1lWVOFln:642omMLQiLopgIk1211lWVOFl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-22628.exeUnicorn-22966.exeUnicorn-3292.exeUnicorn-53664.exeUnicorn-38781.exeUnicorn-52164.exeUnicorn-10950.exeUnicorn-38666.exeUnicorn-8838.exeUnicorn-6570.exeUnicorn-10976.exeUnicorn-11114.exeUnicorn-33838.exeUnicorn-36517.exeUnicorn-18920.exeUnicorn-3470.exeUnicorn-23336.exeUnicorn-3662.exeUnicorn-23336.exeUnicorn-10876.exeUnicorn-39334.exeUnicorn-27130.exeUnicorn-24556.exeUnicorn-13839.exeUnicorn-32143.exeUnicorn-14571.exeUnicorn-32361.exeUnicorn-45360.exeUnicorn-15339.exeUnicorn-49200.exeUnicorn-34124.exeUnicorn-33010.exeUnicorn-7114.exeUnicorn-42631.exeUnicorn-45345.exeUnicorn-44203.exeUnicorn-41627.exeUnicorn-21953.exeUnicorn-42587.exeUnicorn-40283.exeUnicorn-27900.exeUnicorn-8186.exeUnicorn-28476.exeUnicorn-1720.exeUnicorn-32508.exeUnicorn-53142.exeUnicorn-32857.exeUnicorn-45856.exeUnicorn-48892.exeUnicorn-48700.exeUnicorn-56915.exeUnicorn-4377.exeUnicorn-24435.exeUnicorn-31918.exeUnicorn-35513.exeUnicorn-36241.exeUnicorn-19028.exeUnicorn-32026.exeUnicorn-40849.exeUnicorn-38711.exeUnicorn-19613.exeUnicorn-4502.exeUnicorn-8456.exeUnicorn-53506.exe

pid	process
2960	Unicorn-22628.exe
3052	Unicorn-22966.exe
3020	Unicorn-3292.exe
2708	Unicorn-53664.exe
2436	Unicorn-38781.exe
2576	Unicorn-52164.exe
1016	Unicorn-10950.exe
992	Unicorn-38666.exe
1372	Unicorn-8838.exe
2476	Unicorn-6570.exe
2644	Unicorn-10976.exe
2368	Unicorn-11114.exe
1964	Unicorn-33838.exe
1020	Unicorn-36517.exe
752	Unicorn-18920.exe
768	Unicorn-3470.exe
2992	Unicorn-23336.exe
2988	Unicorn-3662.exe
532	Unicorn-23336.exe
1764	Unicorn-10876.exe
1336	Unicorn-39334.exe
964	Unicorn-27130.exe
2128	Unicorn-24556.exe
1640	Unicorn-13839.exe
1516	Unicorn-32143.exe
1668	Unicorn-14571.exe
1476	Unicorn-32361.exe
1744	Unicorn-45360.exe
2300	Unicorn-15339.exe
2832	Unicorn-49200.exe
1588	Unicorn-34124.exe
2556	Unicorn-33010.exe
2548	Unicorn-7114.exe
2072	Unicorn-42631.exe
2696	Unicorn-45345.exe
2420	Unicorn-44203.exe
1800	Unicorn-41627.exe
1644	Unicorn-21953.exe
1788	Unicorn-42587.exe
1028	Unicorn-40283.exe
2732	Unicorn-27900.exe
1300	Unicorn-8186.exe
1852	Unicorn-28476.exe
604	Unicorn-1720.exe
1772	Unicorn-32508.exe
2116	Unicorn-53142.exe
3056	Unicorn-32857.exe
324	Unicorn-45856.exe
3032	Unicorn-48892.exe
2112	Unicorn-48700.exe
2016	Unicorn-56915.exe
624	Unicorn-4377.exe
2136	Unicorn-24435.exe
2888	Unicorn-31918.exe
2260	Unicorn-35513.exe
2952	Unicorn-36241.exe
2688	Unicorn-19028.exe
2444	Unicorn-32026.exe
1464	Unicorn-40849.exe
2396	Unicorn-38711.exe
1784	Unicorn-19613.exe
1804	Unicorn-4502.exe
2316	Unicorn-8456.exe
1600	Unicorn-53506.exe

Loads dropped DLL 64 IoCs

Processes:

ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exeUnicorn-22628.exeUnicorn-3292.exeUnicorn-22966.exeWerFault.exeUnicorn-53664.exeUnicorn-38781.exeUnicorn-52164.exeWerFault.exeWerFault.exeUnicorn-10950.exeUnicorn-10976.exeUnicorn-6570.exeUnicorn-38666.exeUnicorn-8838.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-11114.exeUnicorn-33838.exeUnicorn-18920.exe

pid	process
2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
2960	Unicorn-22628.exe
2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
2960	Unicorn-22628.exe
2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
3020	Unicorn-3292.exe
3020	Unicorn-3292.exe
3052	Unicorn-22966.exe
3052	Unicorn-22966.exe
2960	Unicorn-22628.exe
2960	Unicorn-22628.exe
2860	WerFault.exe
2860	WerFault.exe
2860	WerFault.exe
2708	Unicorn-53664.exe
2708	Unicorn-53664.exe
3020	Unicorn-3292.exe
3020	Unicorn-3292.exe
2436	Unicorn-38781.exe
2436	Unicorn-38781.exe
3052	Unicorn-22966.exe
3052	Unicorn-22966.exe
2576	Unicorn-52164.exe
2576	Unicorn-52164.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1680	WerFault.exe
1016	Unicorn-10950.exe
1016	Unicorn-10950.exe
2708	Unicorn-53664.exe
2708	Unicorn-53664.exe
2644	Unicorn-10976.exe
2476	Unicorn-6570.exe
2644	Unicorn-10976.exe
2476	Unicorn-6570.exe
2576	Unicorn-52164.exe
2576	Unicorn-52164.exe
992	Unicorn-38666.exe
1372	Unicorn-8838.exe
992	Unicorn-38666.exe
1372	Unicorn-8838.exe
2436	Unicorn-38781.exe
2436	Unicorn-38781.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
1936	WerFault.exe
1936	WerFault.exe
1256	WerFault.exe
1256	WerFault.exe
1936	WerFault.exe
1256	WerFault.exe
2368	Unicorn-11114.exe
2368	Unicorn-11114.exe
1016	Unicorn-10950.exe
1016	Unicorn-10950.exe
1964	Unicorn-33838.exe
1964	Unicorn-33838.exe
752	Unicorn-18920.exe
752	Unicorn-18920.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2788	2772	WerFault.exe	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
2860	2960	WerFault.exe	Unicorn-22628.exe
1976	3020	WerFault.exe	Unicorn-3292.exe
1680	3052	WerFault.exe	Unicorn-22966.exe
2060	2708	WerFault.exe	Unicorn-53664.exe
1936	2436	WerFault.exe	Unicorn-38781.exe
1256	2576	WerFault.exe	Unicorn-52164.exe
2876	1016	WerFault.exe	Unicorn-10950.exe
2612	2644	WerFault.exe	Unicorn-10976.exe
2608	2476	WerFault.exe	Unicorn-6570.exe
2464	1372	WerFault.exe	Unicorn-8838.exe
2872	992	WerFault.exe	Unicorn-38666.exe
1756	2368	WerFault.exe	Unicorn-11114.exe
1760	1964	WerFault.exe	Unicorn-33838.exe
2192	752	WerFault.exe	Unicorn-18920.exe
2312	2988	WerFault.exe	Unicorn-3662.exe
2940	768	WerFault.exe	Unicorn-3470.exe
1696	532	WerFault.exe	Unicorn-23336.exe
2720	2992	WerFault.exe	Unicorn-23336.exe
2532	1020	WerFault.exe	Unicorn-36517.exe
1500	1764	WerFault.exe	Unicorn-10876.exe
1732	1336	WerFault.exe	Unicorn-39334.exe
2564	2128	WerFault.exe	Unicorn-24556.exe
2288	1476	WerFault.exe	Unicorn-32361.exe
1808	1516	WerFault.exe	Unicorn-32143.exe
1928	964	WerFault.exe	Unicorn-27130.exe
1692	2420	WerFault.exe	Unicorn-44203.exe
1672	1644	WerFault.exe	Unicorn-21953.exe
580	2832	WerFault.exe	Unicorn-49200.exe
1276	2732	WerFault.exe	Unicorn-27900.exe
2188	1800	WerFault.exe	Unicorn-41627.exe
1564	1028	WerFault.exe	Unicorn-40283.exe
2584	1788	WerFault.exe	Unicorn-42587.exe
2792	2556	WerFault.exe	Unicorn-33010.exe
2712	2116	WerFault.exe	Unicorn-53142.exe
2492	1744	WerFault.exe	Unicorn-45360.exe
3108	624	WerFault.exe	Unicorn-4377.exe
3208	2016	WerFault.exe	Unicorn-56915.exe
3220	2888	WerFault.exe	Unicorn-31918.exe
3240	1668	WerFault.exe	Unicorn-14571.exe
3288	3056	WerFault.exe	Unicorn-32857.exe
3348	604	WerFault.exe	Unicorn-1720.exe
3388	1588	WerFault.exe	Unicorn-34124.exe
3480	1852	WerFault.exe	Unicorn-28476.exe
3492	1772	WerFault.exe	Unicorn-32508.exe
3508	2072	WerFault.exe	Unicorn-42631.exe
3624	3032	WerFault.exe	Unicorn-48892.exe
3632	1640	WerFault.exe	Unicorn-13839.exe
3652	2136	WerFault.exe	Unicorn-24435.exe
3672	2696	WerFault.exe	Unicorn-45345.exe
3888	1300	WerFault.exe	Unicorn-8186.exe
3976	2112	WerFault.exe	Unicorn-48700.exe
3988	2300	WerFault.exe	Unicorn-15339.exe
3176	2548	WerFault.exe	Unicorn-7114.exe
3680	2140	WerFault.exe	Unicorn-31855.exe
3736	1464	WerFault.exe	Unicorn-40849.exe
3732	2560	WerFault.exe	Unicorn-2250.exe
3816	876	WerFault.exe	Unicorn-54440.exe
3808	324	WerFault.exe	Unicorn-45856.exe
3812	2316	WerFault.exe	Unicorn-8456.exe
3880	1804	WerFault.exe	Unicorn-4502.exe
3952	2020	WerFault.exe	Unicorn-51596.exe
3964	1784	WerFault.exe	Unicorn-19613.exe
3984	2952	WerFault.exe	Unicorn-36241.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exeUnicorn-22628.exeUnicorn-3292.exeUnicorn-22966.exeUnicorn-53664.exeUnicorn-38781.exeUnicorn-52164.exeUnicorn-10950.exeUnicorn-38666.exeUnicorn-6570.exeUnicorn-10976.exeUnicorn-8838.exeUnicorn-11114.exeUnicorn-33838.exeUnicorn-18920.exeUnicorn-36517.exeUnicorn-3662.exeUnicorn-23336.exeUnicorn-3470.exeUnicorn-23336.exeUnicorn-10876.exeUnicorn-39334.exeUnicorn-27130.exeUnicorn-24556.exeUnicorn-13839.exeUnicorn-32143.exeUnicorn-14571.exeUnicorn-32361.exeUnicorn-45360.exeUnicorn-15339.exeUnicorn-34124.exeUnicorn-49200.exeUnicorn-33010.exeUnicorn-7114.exeUnicorn-42631.exeUnicorn-45345.exeUnicorn-44203.exeUnicorn-21953.exeUnicorn-41627.exeUnicorn-42587.exeUnicorn-40283.exeUnicorn-27900.exeUnicorn-8186.exeUnicorn-28476.exeUnicorn-1720.exeUnicorn-32508.exeUnicorn-53142.exeUnicorn-32857.exeUnicorn-45856.exeUnicorn-48892.exeUnicorn-48700.exeUnicorn-56915.exeUnicorn-4377.exeUnicorn-24435.exeUnicorn-31918.exeUnicorn-19028.exeUnicorn-36241.exeUnicorn-32026.exeUnicorn-40849.exeUnicorn-38711.exeUnicorn-19613.exeUnicorn-4502.exeUnicorn-8456.exeUnicorn-53506.exe

pid	process
2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
2960	Unicorn-22628.exe
3020	Unicorn-3292.exe
3052	Unicorn-22966.exe
2708	Unicorn-53664.exe
2436	Unicorn-38781.exe
2576	Unicorn-52164.exe
1016	Unicorn-10950.exe
992	Unicorn-38666.exe
2476	Unicorn-6570.exe
2644	Unicorn-10976.exe
1372	Unicorn-8838.exe
2368	Unicorn-11114.exe
1964	Unicorn-33838.exe
752	Unicorn-18920.exe
1020	Unicorn-36517.exe
2988	Unicorn-3662.exe
2992	Unicorn-23336.exe
768	Unicorn-3470.exe
532	Unicorn-23336.exe
1764	Unicorn-10876.exe
1336	Unicorn-39334.exe
964	Unicorn-27130.exe
2128	Unicorn-24556.exe
1640	Unicorn-13839.exe
1516	Unicorn-32143.exe
1668	Unicorn-14571.exe
1476	Unicorn-32361.exe
1744	Unicorn-45360.exe
2300	Unicorn-15339.exe
1588	Unicorn-34124.exe
2832	Unicorn-49200.exe
2556	Unicorn-33010.exe
2548	Unicorn-7114.exe
2072	Unicorn-42631.exe
2696	Unicorn-45345.exe
2420	Unicorn-44203.exe
1644	Unicorn-21953.exe
1800	Unicorn-41627.exe
1788	Unicorn-42587.exe
1028	Unicorn-40283.exe
2732	Unicorn-27900.exe
1300	Unicorn-8186.exe
1852	Unicorn-28476.exe
604	Unicorn-1720.exe
1772	Unicorn-32508.exe
2116	Unicorn-53142.exe
3056	Unicorn-32857.exe
324	Unicorn-45856.exe
3032	Unicorn-48892.exe
2112	Unicorn-48700.exe
2016	Unicorn-56915.exe
624	Unicorn-4377.exe
2136	Unicorn-24435.exe
2888	Unicorn-31918.exe
2688	Unicorn-19028.exe
2952	Unicorn-36241.exe
2444	Unicorn-32026.exe
1464	Unicorn-40849.exe
2396	Unicorn-38711.exe
1784	Unicorn-19613.exe
1804	Unicorn-4502.exe
2316	Unicorn-8456.exe
1600	Unicorn-53506.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exeUnicorn-22628.exeUnicorn-3292.exeUnicorn-22966.exeUnicorn-53664.exeUnicorn-38781.exeUnicorn-52164.exeUnicorn-10950.exe

description	pid	process	target process
PID 2772 wrote to memory of 2960	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-22628.exe
PID 2772 wrote to memory of 2960	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-22628.exe
PID 2772 wrote to memory of 2960	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-22628.exe
PID 2772 wrote to memory of 2960	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-22628.exe
PID 2960 wrote to memory of 3052	2960	Unicorn-22628.exe	Unicorn-22966.exe
PID 2960 wrote to memory of 3052	2960	Unicorn-22628.exe	Unicorn-22966.exe
PID 2960 wrote to memory of 3052	2960	Unicorn-22628.exe	Unicorn-22966.exe
PID 2960 wrote to memory of 3052	2960	Unicorn-22628.exe	Unicorn-22966.exe
PID 2772 wrote to memory of 3020	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-3292.exe
PID 2772 wrote to memory of 3020	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-3292.exe
PID 2772 wrote to memory of 3020	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-3292.exe
PID 2772 wrote to memory of 3020	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	Unicorn-3292.exe
PID 2772 wrote to memory of 2788	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	WerFault.exe
PID 2772 wrote to memory of 2788	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	WerFault.exe
PID 2772 wrote to memory of 2788	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	WerFault.exe
PID 2772 wrote to memory of 2788	2772	ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe	WerFault.exe
PID 3020 wrote to memory of 2708	3020	Unicorn-3292.exe	Unicorn-53664.exe
PID 3020 wrote to memory of 2708	3020	Unicorn-3292.exe	Unicorn-53664.exe
PID 3020 wrote to memory of 2708	3020	Unicorn-3292.exe	Unicorn-53664.exe
PID 3020 wrote to memory of 2708	3020	Unicorn-3292.exe	Unicorn-53664.exe
PID 3052 wrote to memory of 2436	3052	Unicorn-22966.exe	Unicorn-38781.exe
PID 3052 wrote to memory of 2436	3052	Unicorn-22966.exe	Unicorn-38781.exe
PID 3052 wrote to memory of 2436	3052	Unicorn-22966.exe	Unicorn-38781.exe
PID 3052 wrote to memory of 2436	3052	Unicorn-22966.exe	Unicorn-38781.exe
PID 2960 wrote to memory of 2576	2960	Unicorn-22628.exe	Unicorn-52164.exe
PID 2960 wrote to memory of 2576	2960	Unicorn-22628.exe	Unicorn-52164.exe
PID 2960 wrote to memory of 2576	2960	Unicorn-22628.exe	Unicorn-52164.exe
PID 2960 wrote to memory of 2576	2960	Unicorn-22628.exe	Unicorn-52164.exe
PID 2960 wrote to memory of 2860	2960	Unicorn-22628.exe	WerFault.exe
PID 2960 wrote to memory of 2860	2960	Unicorn-22628.exe	WerFault.exe
PID 2960 wrote to memory of 2860	2960	Unicorn-22628.exe	WerFault.exe
PID 2960 wrote to memory of 2860	2960	Unicorn-22628.exe	WerFault.exe
PID 2708 wrote to memory of 1016	2708	Unicorn-53664.exe	Unicorn-10950.exe
PID 2708 wrote to memory of 1016	2708	Unicorn-53664.exe	Unicorn-10950.exe
PID 2708 wrote to memory of 1016	2708	Unicorn-53664.exe	Unicorn-10950.exe
PID 2708 wrote to memory of 1016	2708	Unicorn-53664.exe	Unicorn-10950.exe
PID 3020 wrote to memory of 992	3020	Unicorn-3292.exe	Unicorn-38666.exe
PID 3020 wrote to memory of 992	3020	Unicorn-3292.exe	Unicorn-38666.exe
PID 3020 wrote to memory of 992	3020	Unicorn-3292.exe	Unicorn-38666.exe
PID 3020 wrote to memory of 992	3020	Unicorn-3292.exe	Unicorn-38666.exe
PID 2436 wrote to memory of 1372	2436	Unicorn-38781.exe	Unicorn-8838.exe
PID 2436 wrote to memory of 1372	2436	Unicorn-38781.exe	Unicorn-8838.exe
PID 2436 wrote to memory of 1372	2436	Unicorn-38781.exe	Unicorn-8838.exe
PID 2436 wrote to memory of 1372	2436	Unicorn-38781.exe	Unicorn-8838.exe
PID 3052 wrote to memory of 2476	3052	Unicorn-22966.exe	Unicorn-6570.exe
PID 3052 wrote to memory of 2476	3052	Unicorn-22966.exe	Unicorn-6570.exe
PID 3052 wrote to memory of 2476	3052	Unicorn-22966.exe	Unicorn-6570.exe
PID 3052 wrote to memory of 2476	3052	Unicorn-22966.exe	Unicorn-6570.exe
PID 2576 wrote to memory of 2644	2576	Unicorn-52164.exe	Unicorn-10976.exe
PID 2576 wrote to memory of 2644	2576	Unicorn-52164.exe	Unicorn-10976.exe
PID 2576 wrote to memory of 2644	2576	Unicorn-52164.exe	Unicorn-10976.exe
PID 2576 wrote to memory of 2644	2576	Unicorn-52164.exe	Unicorn-10976.exe
PID 3020 wrote to memory of 1976	3020	Unicorn-3292.exe	WerFault.exe
PID 3020 wrote to memory of 1976	3020	Unicorn-3292.exe	WerFault.exe
PID 3020 wrote to memory of 1976	3020	Unicorn-3292.exe	WerFault.exe
PID 3020 wrote to memory of 1976	3020	Unicorn-3292.exe	WerFault.exe
PID 3052 wrote to memory of 1680	3052	Unicorn-22966.exe	WerFault.exe
PID 3052 wrote to memory of 1680	3052	Unicorn-22966.exe	WerFault.exe
PID 3052 wrote to memory of 1680	3052	Unicorn-22966.exe	WerFault.exe
PID 3052 wrote to memory of 1680	3052	Unicorn-22966.exe	WerFault.exe
PID 1016 wrote to memory of 2368	1016	Unicorn-10950.exe	Unicorn-11114.exe
PID 1016 wrote to memory of 2368	1016	Unicorn-10950.exe	Unicorn-11114.exe
PID 1016 wrote to memory of 2368	1016	Unicorn-10950.exe	Unicorn-11114.exe
PID 1016 wrote to memory of 2368	1016	Unicorn-10950.exe	Unicorn-11114.exe

C:\Users\Admin\AppData\Local\Temp\ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe
"C:\Users\Admin\AppData\Local\Temp\ab847005970fe246b121331cfdc028a8b266ea34abeaccef60990c38e450970f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32857.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39365.exe
9⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39115.exe
10⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe
11⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26074.exe
12⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
13⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
14⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
14⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 216
13⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 236
12⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
11⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
10⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
9⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17553.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
10⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
11⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20362.exe
12⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
13⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
13⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
12⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
11⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5788.exe
10⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47767.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4680.exe
12⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 236
11⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
9⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2250.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe
9⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52422.exe
10⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-45300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45300.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
12⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46663.exe
13⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 236
13⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
12⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
11⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
10⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
9⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1890.exe
8⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62728.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11563.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26878.exe
12⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 236
12⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
11⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
10⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
9⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
8⤵
- Program crash
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 220
7⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49200.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48892.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
8⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37722.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47014.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51680.exe
11⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe
11⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34869.exe
12⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 240
11⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
10⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 216
9⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
7⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42080.exe
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
12⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
10⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
9⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
8⤵
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
7⤵
- Program crash
PID:580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
6⤵
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-3662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3662.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32143.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40283.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38711.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2477.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11800.exe
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
11⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
12⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16035.exe
13⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 236
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
11⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
10⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
9⤵
PID:3488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 236
8⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19613.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
8⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55375.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61190.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58939.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20216.exe
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
12⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 236
11⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
9⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
8⤵
- Program crash
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
7⤵
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-27900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27900.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40849.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25695.exe
8⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52357.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30396.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23913.exe
11⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42324.exe
12⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
12⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
11⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
9⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 216
8⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
7⤵
- Program crash
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
6⤵
- Program crash
PID:2312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41627.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4502.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
9⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24815.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9415.exe
11⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22064.exe
12⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19085.exe
13⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
13⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
12⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
11⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
10⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
9⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
8⤵
- Program crash
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8456.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39353.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59049.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15083.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64643.exe
11⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55081.exe
12⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
12⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 236
11⤵
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 236
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
9⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
8⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
7⤵
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19028.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58751.exe
8⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44140.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46048.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43499.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
12⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
12⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 236
11⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 216
9⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
8⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
7⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
6⤵
- Program crash
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13839.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42587.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53506.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35949.exe
8⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48071.exe
12⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
12⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
8⤵
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
7⤵
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
6⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
7⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
9⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57821.exe
10⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
9⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 216
8⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 216
7⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
6⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
5⤵
- Program crash
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
6⤵
- Program crash
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34124.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48700.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6884.exe
7⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
9⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14202.exe
11⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-51838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51838.exe
12⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 236
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 236
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
10⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59902.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60422.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
10⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
11⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 236
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 220
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
7⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
6⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38342.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20350.exe
10⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52455.exe
11⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 236
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
10⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
8⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
7⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
6⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
5⤵
- Program crash
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3470.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14571.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8186.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
7⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35938.exe
9⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64383.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55353.exe
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 236
12⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
11⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16840.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-391.exe
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62323.exe
10⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1627.exe
11⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
10⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
9⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 220
8⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
7⤵
- Program crash
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51788.exe
6⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25850.exe
9⤵
PID:6492

C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46124.exe
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6492 -s 216
10⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 236
9⤵
PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
8⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 216
7⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
6⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28476.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
6⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe
9⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1121.exe
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 236
10⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
9⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
8⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 216
7⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
6⤵
- Program crash
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
5⤵
- Program crash
PID:2940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10876.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33010.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31918.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1643.exe
9⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15495.exe
10⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20823.exe
11⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8284.exe
12⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42391.exe
13⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55717.exe
14⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
14⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
13⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
12⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
11⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 216
10⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
9⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31855.exe
8⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17361.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54225.exe
10⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42280.exe
11⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27227.exe
12⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
13⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
13⤵
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
12⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
11⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
10⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
9⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35513.exe
7⤵
- Executes dropped EXE
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7114.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24435.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
8⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51453.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12587.exe
10⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1597.exe
11⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26052.exe
12⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 236
12⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
11⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
10⤵
PID:740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
9⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
8⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31663.exe
7⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41656.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51397.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4755.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47901.exe
11⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
12⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
12⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7054.exe
9⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50922.exe
10⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8493.exe
11⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
11⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
9⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 220
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
7⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39334.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42631.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56915.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41611.exe
9⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
11⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27597.exe
12⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21522.exe
13⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
13⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
12⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 236
11⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34104.exe
11⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
12⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 236
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 220
10⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 216
9⤵
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
8⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2763.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe
10⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41957.exe
11⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 236
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
8⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4377.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18857.exe
7⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24180.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43871.exe
9⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-497.exe
11⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
12⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
10⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
8⤵
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
7⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
6⤵
- Program crash
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
5⤵
- Program crash
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-27130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27130.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45345.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44513.exe
7⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5000.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
10⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
11⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
11⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 236
10⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
8⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
7⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32026.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49696.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24911.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
11⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
11⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
10⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
8⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
7⤵
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
6⤵
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44203.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36241.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58559.exe
7⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43398.exe
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36541.exe
9⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44466.exe
10⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38773.exe
11⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
10⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 236
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
8⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
7⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 216
6⤵
- Program crash
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
5⤵
- Program crash
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23336.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1720.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17736.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6634.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10045.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
11⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 236
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
7⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51596.exe
6⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12539.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe
8⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49888.exe
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54736.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2831.exe
11⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
11⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
10⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 216
8⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
7⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
6⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32508.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53672.exe
6⤵
PID:744

C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52457.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44908.exe
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29603.exe
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-621.exe
10⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21509.exe
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 236
11⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
10⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
8⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 216
7⤵
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
6⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
5⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45360.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53142.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
6⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32685.exe
7⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44005.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16396.exe
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
10⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 236
11⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 236
10⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 236
8⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
7⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
6⤵
- Program crash
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
5⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
6⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12158.exe
7⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40369.exe
8⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
9⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20015.exe
10⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 236
9⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 236
8⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
7⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
6⤵
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
5⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
4⤵
- Program crash
PID:2872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
2⤵
- Program crash
PID:2788

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18920.exe

Filesize
184KB

MD5
2dd8fe3f74e4e9ed03c12574d92199ae

SHA1
77c0f0fb8aec0ef2afacebe5c62b15f722e6b47a

SHA256
f8dae07728785509219ed187bbc2535cf4d9be106c59a82a9ff93af40b05dbee

SHA512
fd31ff06ef9f969b29e30bdc0cfd959c066d9336e4424b4a8d8eb4589a2bd1b976e775d4be69f0d7372adcd9e8627326804b42abcaf7a0fd4f7828f57c36d158

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22966.exe

Filesize
184KB

MD5
c00fc0dbfad05faf19398daf0d175e3c

SHA1
86d8f7896ae260cfc62cee504adfb88010595576

SHA256
b7f0c078659b21d7d8f3e916953df4ba546fea3eca90de11a0112044e5e6410e

SHA512
d9e029c10e1fed42f6ec92c8e7a442f7df453c7fb2eed4849812c9fdc8f91fefda5440ac341c2e634e9e69973b95ee8398dde67fc89c70ef71e2126b76b9d728

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25276.exe

Filesize
184KB

MD5
a6444eb0f1a1c9f1e673615665df800d

SHA1
07033ccc22ea12e879435621361042a769a8c23d

SHA256
e5182e7d828380e911c9b4ac12c4d571974d3a9f936c708b5eb6b0dab7b388f2

SHA512
a867465d46fe3c2c5253c46c101c56af16d803f531c386ffa4b65e18ac8e8a0231f652739d693c38e12136089013ff32ec63e7cfad443e548cc81e8a56007e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28486.exe

Filesize
184KB

MD5
62552c9a3849a84884fd727031acf282

SHA1
0193c10b24a95e1f9116920fbad256ec0ac0f777

SHA256
acad136f471850bf05e175caef9fa32b2a35a038f1a48a9064ab0bd00c92453d

SHA512
a46968c7d125b43ae699f30550a113c6a50b42af9596348af75e6c68c48b06765e991e41f392f10982e31b3a666de10bae18f512fc031ebf1f8f92e81bb8cfa5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45455.exe

Filesize
184KB

MD5
b25374aa05d2c4097b24cd2ca3830d92

SHA1
895a9906ea945237ba0e3403ab5c621e74689a35

SHA256
5293f615e515d4310b8bf59ab25bc975a7cbda565e73d9055c62444b71cf8da4

SHA512
b18cb2693a167b2b7588e8cdd431226be2382fe2c7d6bb6cd13369fc2ba1137a98702764d021859baef94bf3cf062cc4b1d54fee3c6ef17f8ecad43fc547163b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56806.exe

Filesize
184KB

MD5
68de7eaa2bc4b3027f211ef88f5d9b60

SHA1
88695f5b6d9ddba63064b5ecb5b1fef087ef7619

SHA256
4febd15dba5ed879c18b4c3341b86b3ec9709f4f1c8960507071e770c22206f8

SHA512
9b2c52a6cb35908f7419410d07425529b0814576b5ac7e1d6bfc80be50cb8009c604c6cc938450322daf20199eeb085e0ced0e418c26d2068aa769c627c55a42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5912.exe

Filesize
184KB

MD5
aa2c6539ea702ad58779dfcb4ef63c34

SHA1
e7424c2ccdd9c0f35b4c0698917ec3595e15f8e0

SHA256
cac9e70b5c81fbe82394436aad92a6e86944b85d740a3664e0b4babae473dd55

SHA512
bdf5e0d7e17b0844cf378c539897844433d2eea024327437fb41444692a7e0181a789a7370181461219d3dab339929b25b5b88b813d7f641aba6c1a750a235b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6283.exe

Filesize
184KB

MD5
199b2ac356e30eb6a90e37da1974f3ff

SHA1
82d639075afc94d65ea283079819e9ca5e704e7d

SHA256
7455970616cc3e7294a074cbd82b662d3bc59bee29b67e496f8ad5fda6d076c6

SHA512
37e48978f02cc13c71112bc3c28524547066a42c922a2cece9bc3df4ba1ffa9534328b3cf0ac18cf4fe65036c528bce693604a54f52adaeee0bc914cdf75a70d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6570.exe

Filesize
184KB

MD5
64b0773faccca4bdd6c52e4f7c158a04

SHA1
6d31fe3357f0f0f97d01c1235f8b8047d430c2ee

SHA256
56a0d3e5c03dd0096781e8d52479fa320754fff910ace253c18fccf2ca2ba584

SHA512
2064a9ce30ce532aa1497260172cc5a593e36231ae4858d93be925450c25a109d1d450d2f9502c6cd5a7788f7cd019fa03e8db3e3e0aba0541b218ca2b88c7a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8838.exe

Filesize
184KB

MD5
a25db640ba688bb96ff3a93808f8c1cd

SHA1
216705e40154099733cb220f5b3836284d92594c

SHA256
ffb8209b0cb26cf982fbfef7906918b00ecebc28f899133f1aaee48b417b69f8

SHA512
9954709412cf7850f87d61ba7a93906dd754f4b55b9547663e363f2b46601e04bba19ec5c894ce16e0eead3ea34d682a6dd32138af0a7f2a990031d78e0c5f7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9049.exe

Filesize
184KB

MD5
4d949ba0f001d6bc929668e2f1be5c64

SHA1
c098bd45d68509ba1e163dccf91945d767392e52

SHA256
442813918ca8e5b7e678f9b8cc57c547de0047bf2ff54353aabb52461f792f1f

SHA512
31b656ed429033354ae3d7e0b044514d13055ca9d313f8c02ae615efa73fc670bae3eb967cb5a619f14ca54d7a55b045617200898ba4d4c02d41673957bbf964

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10950.exe

Filesize
184KB

MD5
2ac2be2f50042ee5c188cfe006a6c723

SHA1
205f0ec6bf54b4cfd335b72b38257927fe98de20

SHA256
b8f3cb318505ef6b24b0a26d9610bef0af5fdca01cb0366b0a6bf435115644d2

SHA512
bf2b1600a8324f11e8c5f5801660538c0b81b1e39e1643efa1c258cb4c0f7d9a3b32de26fe7323b50985ed0b3cc9bdff03c019044c9e19f31fc150a2bb73a03e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10976.exe

Filesize
184KB

MD5
6d9c111df165a2ad7477509218f59ae7

SHA1
439557210ef451535d9da504fdd95e7eed68ba7a

SHA256
cb770d9809aa465ee05a07670ef42e86b804ce12b988ff20aada0788dd53aa9a

SHA512
95fb8d7cb4dd2496f2ee9b27f2bfc4922304d99f389b76b543f21da63bf99f37a53ae4dca4f6ece81f801fcf348a8415ed65877cf76f65b552df39b272ae5f67

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11114.exe

Filesize
184KB

MD5
ba1354e2ce6cdec4192af33707984082

SHA1
6add336306cc17670d95bf3ec838f7465aea3d86

SHA256
92326902d7daae8ac59aa6bd76d43bc73bef0ba285222081c5c8c1fa87c8ab42

SHA512
be0629e637fd929f994eeb499ae018115b7817db6912b2807ad8166801f1768b58cc8e7093b79c8a2f76a0229f9b5656fb10845fedbbf11e091f3a56634f207f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22628.exe

Filesize
184KB

MD5
8e4b75f42575aa4686d11f2c2a59c056

SHA1
5c05125f0eaeb89350e37f4e07d204bd8c2b05fa

SHA256
ff62a43536917f124a240d59e227ba681c7208115e8f613199ba79893a6bf252

SHA512
a702caa646d4477909c78221fc33d5e508e8e16a1f9eb18777ad3275dbe41866426b6a4c26c7a1ed5a5205f4fdc25ddb9f696792c49628897f9ded57d2580028

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3292.exe

Filesize
184KB

MD5
dcc46c6af022557042563384b5213654

SHA1
a8f46591bafe625ebb90aabfda0d131754a8d1b3

SHA256
d49367ede944414ead3e2445f8f2bcfb4585e6794dc9c0653fa1c35c90316db6

SHA512
6dd22889fa107a046e28ae93bcd8ba5174a50e57c8b61fd65aad4e7d77b3c1c4633615fdc56ef66f99582addc8b4fe3c08d5c808af83f3d8ae62e2546b5bea3e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe

Filesize
184KB

MD5
3d31e24f902491c42be3a044d9d088b4

SHA1
380aee678270e69628f8abb1cfaccf0386c0c35a

SHA256
8058096d018046a0965a5b1aec7e9fc54331039e894c385c5ed264fb294056f0

SHA512
63d952db4ca24a08c7dcc99307bdca4221d03543906fe76450733012aed42c9c68eeef0081ef9fbedc9789daa830ba41fb6256ec08631d8fb921f42be93db7b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36517.exe

Filesize
184KB

MD5
46731b15ed2a91bed037cabf8ca4db24

SHA1
ef097b2a4475955f9c16f4e07480a5aa28e0cfed

SHA256
fa6b08429a2db4731ec74a5cf85e2239577a75f5157f0b0b513bdf3d602fa6b2

SHA512
3773490d5e6a9aba43a8c1b9b72352fc68a19a5a52a94fbbfea7a06401fb44a86bf3121e65d3b91a4c8f151ce79efc4fc931929fa3cf7f2c06bf768c13ff16ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38666.exe

Filesize
184KB

MD5
4902e633fdc33f8bcc3ed8a6a06c7cd2

SHA1
b4bc7abe7f38b87ff5fd2a7407eeb565d5041ff0

SHA256
007455b6ec8498800c1813d43731bdb30d0fa159644089a09bdbcf06227cbaf1

SHA512
85967aa140ce28c7e2f187e0dc41efb49db495701db69649d68d391408df5c7d073f6c8007b70d10ac4bcd89ae75f0b4af3734d4c9b6ade8ab724b830911d796

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe

Filesize
184KB

MD5
293859a7ac895127dd6af23d92e4d58d

SHA1
3fd9322b1a3afa2d0a6ff111cbb97bb1c790761d

SHA256
187deea4a69b83deb45d39dc3f9f45bfab9a95edf845d64fdbcd3ec2db587133

SHA512
26db2042e1f08a6e02715e40fad7e2a69a08901ba7864b9c1b2a81591083d778d40d209893b36ecf5aa70d078b10f6df4c72479ef0f2339d55f1205a47a76d42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52164.exe

Filesize
184KB

MD5
595b5ea12cba4b8241f0a5f629947747

SHA1
ae6955bcd915d971f7136c73cee77a57037ea172

SHA256
cbdbb46880f9790cb9457846530971da41d33f81e388530be88dd3b22ee3bcea

SHA512
092cdeef3292ec72b95f5dc2f098d9d9b2cbc030e96e090237616fee0b7515802d161c690a744ffb5f59ced8bf388bd5075be14604a8d9bda57f064d6dec0e25

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53664.exe

Filesize
184KB

MD5
9406b6d28a1f647ce166611815153288

SHA1
ff8c076b105f5fa0a488de755d808b42624ba935

SHA256
c25c0784a7750d386aa4ad9832e02bef06eb55122855e9e25c3105f3e6fac578

SHA512
e125fb176ba55b47a91935a496002bdae77868081aa898db02e862a6585d88d64f5497b8b2d4ffca8ecbcee162c9802cff23bc7af6c4903bc00fcdfcbf85226e

Download Submit