9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
Size

184KB
MD5

2b8a22f2e052f61641cdbff063a882e8
SHA1

c0c8f8dfa84ab7e8afb938e7f528cd0670031b73
SHA256

9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb
SHA512

647308b09bc4628fe03964d9a4861a55fba13109ec5c1010296a7d8ac154ecec40e69f427a1d10b58e8e8a22416f54890917eac5099cff9453947a4d7264b79c
SSDEEP

3072:Gh3y8QM+XpSFdR/YexrMZXMYCYA/BAzXMxaO5zeMwD6lnVOF+nr:GhOMnjR/ZsXMYncFW6lnVOF+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47513.exeUnicorn-6429.exeUnicorn-65038.exeUnicorn-30860.exeUnicorn-58825.exeUnicorn-548.exeUnicorn-14973.exeUnicorn-42855.exeUnicorn-12461.exeUnicorn-46468.exeUnicorn-54743.exeUnicorn-55283.exeUnicorn-53015.exeUnicorn-64380.exeUnicorn-14364.exeUnicorn-34230.exeUnicorn-55164.exeUnicorn-57103.exeUnicorn-60175.exeUnicorn-20107.exeUnicorn-21608.exeUnicorn-26673.exeUnicorn-48494.exeUnicorn-9303.exeUnicorn-45998.exeUnicorn-57627.exeUnicorn-2199.exeUnicorn-21489.exeUnicorn-47099.exeUnicorn-44587.exeUnicorn-57086.exeUnicorn-30915.exeUnicorn-2841.exeUnicorn-52545.exeUnicorn-6873.exeUnicorn-23620.exeUnicorn-51009.exeUnicorn-29152.exeUnicorn-62566.exeUnicorn-60874.exeUnicorn-44201.exeUnicorn-41356.exeUnicorn-36521.exeUnicorn-750.exeUnicorn-31948.exeUnicorn-16428.exeUnicorn-57066.exeUnicorn-57066.exeUnicorn-29328.exeUnicorn-42230.exeUnicorn-53631.exeUnicorn-11682.exeUnicorn-49633.exeUnicorn-16254.exeUnicorn-36120.exeUnicorn-53665.exeUnicorn-35108.exeUnicorn-64381.exeUnicorn-8870.exeUnicorn-54433.exeUnicorn-5066.exeUnicorn-29540.exeUnicorn-29540.exeUnicorn-11833.exe

pid	process
2272	Unicorn-47513.exe
2824	Unicorn-6429.exe
1560	Unicorn-65038.exe
2572	Unicorn-30860.exe
2524	Unicorn-58825.exe
2584	Unicorn-548.exe
2548	Unicorn-14973.exe
1676	Unicorn-42855.exe
2848	Unicorn-12461.exe
2860	Unicorn-46468.exe
2140	Unicorn-54743.exe
936	Unicorn-55283.exe
2440	Unicorn-53015.exe
2828	Unicorn-64380.exe
1824	Unicorn-14364.exe
2216	Unicorn-34230.exe
1504	Unicorn-55164.exe
1304	Unicorn-57103.exe
1952	Unicorn-60175.exe
1752	Unicorn-20107.exe
1772	Unicorn-21608.exe
864	Unicorn-26673.exe
2156	Unicorn-48494.exe
2108	Unicorn-9303.exe
1712	Unicorn-45998.exe
928	Unicorn-57627.exe
2116	Unicorn-2199.exe
1664	Unicorn-21489.exe
2240	Unicorn-47099.exe
2348	Unicorn-44587.exe
2924	Unicorn-57086.exe
2960	Unicorn-30915.exe
2916	Unicorn-2841.exe
2388	Unicorn-52545.exe
3016	Unicorn-6873.exe
2712	Unicorn-23620.exe
2496	Unicorn-51009.exe
2840	Unicorn-29152.exe
1848	Unicorn-62566.exe
1884	Unicorn-60874.exe
2032	Unicorn-44201.exe
2144	Unicorn-41356.exe
528	Unicorn-36521.exe
1716	Unicorn-750.exe
1788	Unicorn-31948.exe
1332	Unicorn-16428.exe
2720	Unicorn-57066.exe
440	Unicorn-57066.exe
552	Unicorn-29328.exe
1372	Unicorn-42230.exe
1840	Unicorn-53631.exe
2276	Unicorn-11682.exe
2124	Unicorn-49633.exe
1608	Unicorn-16254.exe
1836	Unicorn-36120.exe
2820	Unicorn-53665.exe
2912	Unicorn-35108.exe
2096	Unicorn-64381.exe
1800	Unicorn-8870.exe
2632	Unicorn-54433.exe
2520	Unicorn-5066.exe
2380	Unicorn-29540.exe
2460	Unicorn-29540.exe
2244	Unicorn-11833.exe

Loads dropped DLL 64 IoCs

Processes:

9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exeUnicorn-47513.exeUnicorn-6429.exeUnicorn-65038.exeWerFault.exeUnicorn-30860.exeUnicorn-58825.exeWerFault.exeWerFault.exeUnicorn-548.exeUnicorn-14973.exeUnicorn-46468.exeUnicorn-42855.exeUnicorn-12461.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
2272	Unicorn-47513.exe
2272	Unicorn-47513.exe
2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
2824	Unicorn-6429.exe
2824	Unicorn-6429.exe
2272	Unicorn-47513.exe
2272	Unicorn-47513.exe
1560	Unicorn-65038.exe
1560	Unicorn-65038.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2568	WerFault.exe
2572	Unicorn-30860.exe
2824	Unicorn-6429.exe
2824	Unicorn-6429.exe
2572	Unicorn-30860.exe
1560	Unicorn-65038.exe
1560	Unicorn-65038.exe
2524	Unicorn-58825.exe
2524	Unicorn-58825.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1720	WerFault.exe
1156	WerFault.exe
1720	WerFault.exe
2584	Unicorn-548.exe
2584	Unicorn-548.exe
2548	Unicorn-14973.exe
2548	Unicorn-14973.exe
2572	Unicorn-30860.exe
2572	Unicorn-30860.exe
2860	Unicorn-46468.exe
2860	Unicorn-46468.exe
2524	Unicorn-58825.exe
1676	Unicorn-42855.exe
1676	Unicorn-42855.exe
2524	Unicorn-58825.exe
2848	Unicorn-12461.exe
2848	Unicorn-12461.exe
868	WerFault.exe
868	WerFault.exe
868	WerFault.exe
868	WerFault.exe
868	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1132	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1132	WerFault.exe
1320	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2940	2292	WerFault.exe	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
2568	2272	WerFault.exe	Unicorn-47513.exe
1156	2824	WerFault.exe	Unicorn-6429.exe
1720	1560	WerFault.exe	Unicorn-65038.exe
868	2572	WerFault.exe	Unicorn-30860.exe
1320	2584	WerFault.exe	Unicorn-548.exe
1132	2524	WerFault.exe	Unicorn-58825.exe
1524	2548	WerFault.exe	Unicorn-14973.exe
2204	2860	WerFault.exe	Unicorn-46468.exe
2656	1676	WerFault.exe	Unicorn-42855.exe
2776	2848	WerFault.exe	Unicorn-12461.exe
2060	2140	WerFault.exe	Unicorn-54743.exe
2700	2440	WerFault.exe	Unicorn-53015.exe
2232	936	WerFault.exe	Unicorn-55283.exe
972	1824	WerFault.exe	Unicorn-14364.exe
1904	2216	WerFault.exe	Unicorn-34230.exe
1744	2828	WerFault.exe	Unicorn-64380.exe
1160	1504	WerFault.exe	Unicorn-55164.exe
940	2144	WerFault.exe	Unicorn-41356.exe
2992	1304	WerFault.exe	Unicorn-57103.exe
560	1952	WerFault.exe	Unicorn-60175.exe
2104	1752	WerFault.exe	Unicorn-20107.exe
2416	1772	WerFault.exe	Unicorn-21608.exe
2112	2156	WerFault.exe	Unicorn-48494.exe
1032	2240	WerFault.exe	Unicorn-47099.exe
1668	1664	WerFault.exe	Unicorn-21489.exe
2488	2108	WerFault.exe	Unicorn-9303.exe
2956	2916	WerFault.exe	Unicorn-2841.exe
2028	928	WerFault.exe	Unicorn-57627.exe
1588	2388	WerFault.exe	Unicorn-52545.exe
932	2496	WerFault.exe	Unicorn-51009.exe
2420	2840	WerFault.exe	Unicorn-29152.exe
1684	1848	WerFault.exe	Unicorn-62566.exe
768	3016	WerFault.exe	Unicorn-6873.exe
2472	1716	WerFault.exe	Unicorn-750.exe
2716	2712	WerFault.exe	Unicorn-23620.exe
2252	2032	WerFault.exe	Unicorn-44201.exe
3212	1332	WerFault.exe	Unicorn-16428.exe
3220	2348	WerFault.exe	Unicorn-44587.exe
3304	2276	WerFault.exe	Unicorn-11682.exe
3324	2720	WerFault.exe	Unicorn-57066.exe
3364	528	WerFault.exe	Unicorn-36521.exe
3356	2960	WerFault.exe	Unicorn-30915.exe
3376	1608	WerFault.exe	Unicorn-16254.exe
3460	440	WerFault.exe	Unicorn-57066.exe
3468	2456	WerFault.exe	Unicorn-65207.exe
3516	1712	WerFault.exe	Unicorn-45998.exe
3536	1788	WerFault.exe	Unicorn-31948.exe
3548	2116	WerFault.exe	Unicorn-2199.exe
3560	1884	WerFault.exe	Unicorn-60874.exe
3772	1372	WerFault.exe	Unicorn-42230.exe
3844	2924	WerFault.exe	Unicorn-57086.exe
3924	1840	WerFault.exe	Unicorn-53631.exe
3084	552	WerFault.exe	Unicorn-29328.exe
3132	2124	WerFault.exe	Unicorn-49633.exe
3124	2632	WerFault.exe	Unicorn-54433.exe
3340	2912	WerFault.exe	Unicorn-35108.exe
3448	1888	WerFault.exe	Unicorn-39907.exe
3496	2380	WerFault.exe	Unicorn-29540.exe
3592	2724	WerFault.exe	Unicorn-2041.exe
3604	1780	WerFault.exe	Unicorn-55393.exe
3620	1800	WerFault.exe	Unicorn-8870.exe
3628	2264	WerFault.exe	Unicorn-62835.exe
3796	2704	WerFault.exe	Unicorn-15155.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exeUnicorn-47513.exeUnicorn-6429.exeUnicorn-65038.exeUnicorn-30860.exeUnicorn-58825.exeUnicorn-548.exeUnicorn-14973.exeUnicorn-42855.exeUnicorn-46468.exeUnicorn-12461.exeUnicorn-54743.exeUnicorn-55283.exeUnicorn-53015.exeUnicorn-64380.exeUnicorn-14364.exeUnicorn-34230.exeUnicorn-55164.exeUnicorn-57103.exeUnicorn-60175.exeUnicorn-20107.exeUnicorn-21608.exeUnicorn-26673.exeUnicorn-9303.exeUnicorn-48494.exeUnicorn-45998.exeUnicorn-21489.exeUnicorn-2199.exeUnicorn-57627.exeUnicorn-47099.exeUnicorn-44587.exeUnicorn-57086.exeUnicorn-30915.exeUnicorn-2841.exeUnicorn-52545.exeUnicorn-6873.exeUnicorn-23620.exeUnicorn-51009.exeUnicorn-29152.exeUnicorn-62566.exeUnicorn-44201.exeUnicorn-60874.exeUnicorn-750.exeUnicorn-36521.exeUnicorn-41356.exeUnicorn-16428.exeUnicorn-31948.exeUnicorn-57066.exeUnicorn-29328.exeUnicorn-57066.exeUnicorn-42230.exeUnicorn-53631.exeUnicorn-11682.exeUnicorn-49633.exeUnicorn-36120.exeUnicorn-16254.exeUnicorn-53665.exeUnicorn-8870.exeUnicorn-35108.exeUnicorn-64381.exeUnicorn-54433.exeUnicorn-5066.exeUnicorn-29540.exeUnicorn-11833.exe

pid	process
2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
2272	Unicorn-47513.exe
2824	Unicorn-6429.exe
1560	Unicorn-65038.exe
2572	Unicorn-30860.exe
2524	Unicorn-58825.exe
2584	Unicorn-548.exe
2548	Unicorn-14973.exe
1676	Unicorn-42855.exe
2860	Unicorn-46468.exe
2848	Unicorn-12461.exe
2140	Unicorn-54743.exe
936	Unicorn-55283.exe
2440	Unicorn-53015.exe
2828	Unicorn-64380.exe
1824	Unicorn-14364.exe
2216	Unicorn-34230.exe
1504	Unicorn-55164.exe
1304	Unicorn-57103.exe
1952	Unicorn-60175.exe
1752	Unicorn-20107.exe
1772	Unicorn-21608.exe
864	Unicorn-26673.exe
2108	Unicorn-9303.exe
2156	Unicorn-48494.exe
1712	Unicorn-45998.exe
1664	Unicorn-21489.exe
2116	Unicorn-2199.exe
928	Unicorn-57627.exe
2240	Unicorn-47099.exe
2348	Unicorn-44587.exe
2924	Unicorn-57086.exe
2960	Unicorn-30915.exe
2916	Unicorn-2841.exe
2388	Unicorn-52545.exe
3016	Unicorn-6873.exe
2712	Unicorn-23620.exe
2496	Unicorn-51009.exe
2840	Unicorn-29152.exe
1848	Unicorn-62566.exe
2032	Unicorn-44201.exe
1884	Unicorn-60874.exe
1716	Unicorn-750.exe
528	Unicorn-36521.exe
2144	Unicorn-41356.exe
1332	Unicorn-16428.exe
1788	Unicorn-31948.exe
2720	Unicorn-57066.exe
552	Unicorn-29328.exe
440	Unicorn-57066.exe
1372	Unicorn-42230.exe
1840	Unicorn-53631.exe
2276	Unicorn-11682.exe
2124	Unicorn-49633.exe
1836	Unicorn-36120.exe
1608	Unicorn-16254.exe
2820	Unicorn-53665.exe
1800	Unicorn-8870.exe
2912	Unicorn-35108.exe
2096	Unicorn-64381.exe
2632	Unicorn-54433.exe
2520	Unicorn-5066.exe
2380	Unicorn-29540.exe
2244	Unicorn-11833.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exeUnicorn-47513.exeUnicorn-6429.exeUnicorn-65038.exeUnicorn-30860.exeUnicorn-58825.exeUnicorn-548.exeUnicorn-14973.exe

description	pid	process	target process
PID 2292 wrote to memory of 2272	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-47513.exe
PID 2292 wrote to memory of 2272	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-47513.exe
PID 2292 wrote to memory of 2272	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-47513.exe
PID 2292 wrote to memory of 2272	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-47513.exe
PID 2272 wrote to memory of 2824	2272	Unicorn-47513.exe	Unicorn-6429.exe
PID 2272 wrote to memory of 2824	2272	Unicorn-47513.exe	Unicorn-6429.exe
PID 2272 wrote to memory of 2824	2272	Unicorn-47513.exe	Unicorn-6429.exe
PID 2272 wrote to memory of 2824	2272	Unicorn-47513.exe	Unicorn-6429.exe
PID 2292 wrote to memory of 1560	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-65038.exe
PID 2292 wrote to memory of 1560	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-65038.exe
PID 2292 wrote to memory of 1560	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-65038.exe
PID 2292 wrote to memory of 1560	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	Unicorn-65038.exe
PID 2292 wrote to memory of 2940	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	WerFault.exe
PID 2292 wrote to memory of 2940	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	WerFault.exe
PID 2292 wrote to memory of 2940	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	WerFault.exe
PID 2292 wrote to memory of 2940	2292	9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe	WerFault.exe
PID 2824 wrote to memory of 2572	2824	Unicorn-6429.exe	Unicorn-30860.exe
PID 2824 wrote to memory of 2572	2824	Unicorn-6429.exe	Unicorn-30860.exe
PID 2824 wrote to memory of 2572	2824	Unicorn-6429.exe	Unicorn-30860.exe
PID 2824 wrote to memory of 2572	2824	Unicorn-6429.exe	Unicorn-30860.exe
PID 2272 wrote to memory of 2524	2272	Unicorn-47513.exe	Unicorn-58825.exe
PID 2272 wrote to memory of 2524	2272	Unicorn-47513.exe	Unicorn-58825.exe
PID 2272 wrote to memory of 2524	2272	Unicorn-47513.exe	Unicorn-58825.exe
PID 2272 wrote to memory of 2524	2272	Unicorn-47513.exe	Unicorn-58825.exe
PID 1560 wrote to memory of 2584	1560	Unicorn-65038.exe	Unicorn-548.exe
PID 1560 wrote to memory of 2584	1560	Unicorn-65038.exe	Unicorn-548.exe
PID 1560 wrote to memory of 2584	1560	Unicorn-65038.exe	Unicorn-548.exe
PID 1560 wrote to memory of 2584	1560	Unicorn-65038.exe	Unicorn-548.exe
PID 2272 wrote to memory of 2568	2272	Unicorn-47513.exe	WerFault.exe
PID 2272 wrote to memory of 2568	2272	Unicorn-47513.exe	WerFault.exe
PID 2272 wrote to memory of 2568	2272	Unicorn-47513.exe	WerFault.exe
PID 2272 wrote to memory of 2568	2272	Unicorn-47513.exe	WerFault.exe
PID 2824 wrote to memory of 1676	2824	Unicorn-6429.exe	Unicorn-42855.exe
PID 2824 wrote to memory of 1676	2824	Unicorn-6429.exe	Unicorn-42855.exe
PID 2824 wrote to memory of 1676	2824	Unicorn-6429.exe	Unicorn-42855.exe
PID 2824 wrote to memory of 1676	2824	Unicorn-6429.exe	Unicorn-42855.exe
PID 2572 wrote to memory of 2548	2572	Unicorn-30860.exe	Unicorn-14973.exe
PID 2572 wrote to memory of 2548	2572	Unicorn-30860.exe	Unicorn-14973.exe
PID 2572 wrote to memory of 2548	2572	Unicorn-30860.exe	Unicorn-14973.exe
PID 2572 wrote to memory of 2548	2572	Unicorn-30860.exe	Unicorn-14973.exe
PID 1560 wrote to memory of 2848	1560	Unicorn-65038.exe	Unicorn-12461.exe
PID 1560 wrote to memory of 2848	1560	Unicorn-65038.exe	Unicorn-12461.exe
PID 1560 wrote to memory of 2848	1560	Unicorn-65038.exe	Unicorn-12461.exe
PID 1560 wrote to memory of 2848	1560	Unicorn-65038.exe	Unicorn-12461.exe
PID 2524 wrote to memory of 2860	2524	Unicorn-58825.exe	Unicorn-46468.exe
PID 2524 wrote to memory of 2860	2524	Unicorn-58825.exe	Unicorn-46468.exe
PID 2524 wrote to memory of 2860	2524	Unicorn-58825.exe	Unicorn-46468.exe
PID 2524 wrote to memory of 2860	2524	Unicorn-58825.exe	Unicorn-46468.exe
PID 2824 wrote to memory of 1156	2824	Unicorn-6429.exe	WerFault.exe
PID 2824 wrote to memory of 1156	2824	Unicorn-6429.exe	WerFault.exe
PID 2824 wrote to memory of 1156	2824	Unicorn-6429.exe	WerFault.exe
PID 2824 wrote to memory of 1156	2824	Unicorn-6429.exe	WerFault.exe
PID 1560 wrote to memory of 1720	1560	Unicorn-65038.exe	WerFault.exe
PID 1560 wrote to memory of 1720	1560	Unicorn-65038.exe	WerFault.exe
PID 1560 wrote to memory of 1720	1560	Unicorn-65038.exe	WerFault.exe
PID 1560 wrote to memory of 1720	1560	Unicorn-65038.exe	WerFault.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-548.exe	Unicorn-54743.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-548.exe	Unicorn-54743.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-548.exe	Unicorn-54743.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-548.exe	Unicorn-54743.exe
PID 2548 wrote to memory of 936	2548	Unicorn-14973.exe	Unicorn-55283.exe
PID 2548 wrote to memory of 936	2548	Unicorn-14973.exe	Unicorn-55283.exe
PID 2548 wrote to memory of 936	2548	Unicorn-14973.exe	Unicorn-55283.exe
PID 2548 wrote to memory of 936	2548	Unicorn-14973.exe	Unicorn-55283.exe

C:\Users\Admin\AppData\Local\Temp\9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe
"C:\Users\Admin\AppData\Local\Temp\9ea04f5dce26b234fbd54341aa1b93a90c3c662ceea76d68f19131464a45b6fb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-30860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30860.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21608.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2841.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49633.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15155.exe
10⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46545.exe
11⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41277.exe
12⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40899.exe
13⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
14⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
15⤵
PID:7884

C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50745.exe
16⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7884 -s 216
16⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
15⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
14⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
13⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
12⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
11⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46965.exe
10⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38570.exe
11⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57904.exe
12⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63744.exe
13⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39663.exe
14⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6043.exe
15⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
15⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 236
14⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
13⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
12⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
11⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
10⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe
9⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33608.exe
10⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
11⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
12⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
13⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
14⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
15⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 236
15⤵
PID:2964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
14⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 236
13⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
12⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
11⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
10⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
9⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
9⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28355.exe
10⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3989.exe
11⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
12⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56064.exe
13⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21698.exe
14⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
15⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
14⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
13⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
12⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
11⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
10⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
9⤵
- Program crash
PID:3376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
8⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52545.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36120.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-769.exe
9⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3196.exe
11⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-64454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64454.exe
12⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50254.exe
13⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8154.exe
14⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4086.exe
15⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
14⤵
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
13⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
12⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
11⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
10⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
9⤵
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
8⤵
- Program crash
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 240
7⤵
- Program crash
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20107.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6873.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30572.exe
9⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43556.exe
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
12⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54273.exe
13⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58109.exe
14⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
13⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
12⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
11⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
10⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
9⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
8⤵
- Program crash
PID:768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
7⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
6⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60175.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53631.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65207.exe
9⤵
PID:2456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 200
10⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
9⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18455.exe
8⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36317.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
11⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
12⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15435.exe
13⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
13⤵
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 236
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 216
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11682.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49805.exe
8⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46754.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28571.exe
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
11⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 220
12⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
10⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
9⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
8⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
- Program crash
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
8⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-41187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41187.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-761.exe
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
11⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-430.exe
12⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28811.exe
13⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 236
13⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
11⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
9⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 236
8⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49374.exe
7⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35722.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56027.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52284.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
11⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe
12⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10477.exe
13⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe
14⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
13⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
12⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 236
11⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
9⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 216
8⤵
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
7⤵
- Program crash
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
6⤵
- Program crash
PID:2700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34230.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48494.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36521.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
8⤵
- Executes dropped EXE
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34892.exe
10⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12082.exe
11⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28081.exe
12⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
13⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
13⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
12⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
11⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
10⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
9⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 236
8⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55393.exe
7⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24654.exe
8⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8332.exe
11⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
12⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 240
13⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 216
9⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
8⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
7⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31948.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
7⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27263.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-54223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54223.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33350.exe
11⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
12⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
13⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
12⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
11⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
8⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
7⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
6⤵
- Program crash
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9303.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35108.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
8⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28342.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22326.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
11⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
12⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20814.exe
13⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 236
13⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 236
12⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
11⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
9⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
8⤵
- Program crash
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
7⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54433.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-443.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64240.exe
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51331.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
11⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55831.exe
12⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
11⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
7⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
6⤵
- Program crash
PID:2488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
5⤵
- Program crash
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1156

C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64381.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34026.exe
9⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4110.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9739.exe
11⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39473.exe
12⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1897.exe
13⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36440.exe
14⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
14⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 236
13⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
12⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
11⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
10⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
9⤵
PID:3200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
8⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5066.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-54492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54492.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9614.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44065.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-777.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24900.exe
12⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
12⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 216
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
7⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
7⤵
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29106.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65299.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65411.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28130.exe
11⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5968.exe
12⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8778.exe
13⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
13⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
12⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 216
8⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 236
7⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
6⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57627.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-750.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58309.exe
8⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4198.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58392.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31255.exe
11⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
12⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33724.exe
13⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 236
13⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 236
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
11⤵
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
9⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
8⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
7⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-39907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39907.exe
6⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5240.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19733.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51843.exe
11⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
12⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
12⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 236
11⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
8⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
7⤵
- Program crash
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 220
6⤵
- Program crash
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
5⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14364.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26673.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23620.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11833.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40663.exe
8⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64634.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26454.exe
11⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55494.exe
12⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53461.exe
13⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 236
13⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 216
12⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 236
11⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 216
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
8⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
7⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37411.exe
6⤵
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25791.exe
7⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13378.exe
8⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33445.exe
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 188
10⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 236
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
8⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 236
7⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51009.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30728.exe
7⤵
PID:400

C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55994.exe
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4482.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21110.exe
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 200
11⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 216
8⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
7⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
6⤵
- Program crash
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
5⤵
- Program crash
PID:972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-548.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57103.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47099.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:440

C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61922.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
9⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 200
10⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
9⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 440 -s 236
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55570.exe
7⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21421.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12287.exe
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42005.exe
11⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13714.exe
12⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39073.exe
13⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 236
13⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
12⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 236
11⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
10⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
9⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
8⤵
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
7⤵
- Program crash
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29328.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21598.exe
7⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31118.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51635.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
10⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
11⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55346.exe
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
12⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
11⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
10⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
8⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
7⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
6⤵
- Program crash
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44587.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57066.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10858.exe
7⤵
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4366.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60658.exe
11⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41833.exe
12⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
12⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
8⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
7⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62835.exe
6⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13640.exe
7⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45092.exe
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51804.exe
10⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51656.exe
11⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
12⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
11⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
8⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
7⤵
- Program crash
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
6⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
5⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55164.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44201.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe
8⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64451.exe
10⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 188
11⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
9⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
- Program crash
PID:3592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
7⤵
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48289.exe
6⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62448.exe
7⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58096.exe
9⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40055.exe
10⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15790.exe
12⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 236
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
10⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
8⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
7⤵
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
6⤵
- Program crash
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 220
6⤵
- Program crash
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
5⤵
- Program crash
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16428.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41216.exe
6⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10599.exe
7⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1684.exe
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31301.exe
9⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45102.exe
10⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57406.exe
11⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
11⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 236
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
9⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
8⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
7⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
6⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
5⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61560.exe
6⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11842.exe
7⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49212.exe
8⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54004.exe
9⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22920.exe
11⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 236
11⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
10⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
9⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
7⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
6⤵
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
5⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
4⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
2⤵
- Program crash
PID:2940

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe

Filesize
184KB

MD5
0ba72349298e05372386908820f985a8

SHA1
0843482324c4cd6a3b49afa88a16df9be6fcec5c

SHA256
115cb0e42433114f9153588e9c40dd6a56923303592151c04a6e2f440a65b5ef

SHA512
fed4823715c85d49a676bdd0872726055d0956679bbc3e6b9e0a7f020e76771680769538569603e1a473c8a2585f59d11874e28db5bd9a086d4f9bc4e3766d1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30736.exe

Filesize
184KB

MD5
4cba0c179e09171c6f7f5e2b976cf10f

SHA1
5db48d28e5364f2484a291e68d67a4745d4143ed

SHA256
48c1631d3c0fbeddb88ffb103be23ab883836d4a28218accd0878df506746987

SHA512
f5f8b6e34ede2c3d432788cbb78d897c5211fce89869897e21ae5e68200e5a3c56bb2e71da1ebf9f9047e813d4cddebeeeac013efe31bbb1e0760c0554c7f105

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39907.exe

Filesize
184KB

MD5
34e961933bdd7a5d2de0accebe20e33b

SHA1
22c4b965a680a86b2a75f3649cc0e7e3dc3bd089

SHA256
1c041d86e980f8c594fe74d0beb16a30eadeb30ce7eec1a143df43ec41960c3b

SHA512
da85753a76b875739c0c3059e467da9fb7b8ed6f3234171808b008b7cb134d7f1e70fb0c6ec527c52ba77691fe1507c6224693ee09e06f41410745ce0c9dfb86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe

Filesize
184KB

MD5
63a3af3ea718971024964b8d4b6e2146

SHA1
58a30117f8190741a6d8b916386c3b86f78ab4f4

SHA256
308ddfa8177ab054a9c7942f97bcc200bbd8ce807eb4fbdd5cdc6c8637e591fe

SHA512
ca81011c66edd0b816c4729ce51a819638e16c7fadc7fc613c4618172b90e7a9b5671840561cd5d2b0a424a2af1b6b0b376b11dbbdfe46c0880bcd7b335ff810

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41859.exe

Filesize
184KB

MD5
7e50d1471d5b0b013d35353a6c480ddb

SHA1
424e02640eb59a9d6e5e894758a3899c3a79cea8

SHA256
442d167ad2ea643faa97bbd2c256c805e545b93ae85309ea26d3b8567c3153e9

SHA512
351a75a3cd5db3f6cbed7c957d9c0bd80c38b48f349a9b779b68922f889c0171e60350c722083e5ea61bd7d8d0d602c14f21299d08547173c5340ae5847b39d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53268.exe

Filesize
184KB

MD5
9789feb999e9ecc3e4d4816be261b2bc

SHA1
8b71e73dc03b151d1340c73efc8307342fef45e7

SHA256
c4a7e0a3c940ba84b77b79d58476fff5878a3d6fe48c0f9591adb56277e4da86

SHA512
b039478bdabbe7033d6fa7ec35eeac2fa9050563c525e42202172bf7fd549014225cc388ed1dd69381410fa4a36d44a0902da1bf626e861750864f030387611d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe

Filesize
184KB

MD5
21181ab909631e390dbdfecd3d4f5395

SHA1
cd472a20dd8bdc383076b7cf5ad1a7038053e473

SHA256
ef73ab3e3a8840649b31136d707c3adfdc6f30194a886ae97a6f7fc3edde54e5

SHA512
475aecf7a002d78c61281c96336d5fc5665ad43fb19072ba6e944ef318e61117ce00946e009cec8bae4bb520f023bc561a996f28b8bda624a29a94e5ac65309e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5814.exe

Filesize
184KB

MD5
2fa9a928679d524e6c054744a5cdb4e1

SHA1
ad4d1f6814e830904dfcce6b3111dc0749ab35e6

SHA256
76672f55c152688d32fd8283591f2f687d550a3c1713ac88f14f164b7396465e

SHA512
69c4d6651b2df46cf2038cc7a180ed1d417c47f9292c3324c4fe85c4d143cf8dfb4341079c4b9ebde08f79a7294d3312b0a220533573ba784f032badda1fed53

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe

Filesize
184KB

MD5
926cc48d72f24ab15c52fa6c105205af

SHA1
72fd5833610794476777ac114594a953a49de3d2

SHA256
14733b081fe923a1179c5726092fc4d44cc55f05cfb94aeb58e53732ad44d3af

SHA512
124d7b7ca478dd75c945f062b9363dfe9d221954a723ef48a73e32256890efe99974ddca864d35b6aadbaa5eaf9dfebdf6e376c23ade2e65c4a8f52f69230f9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6561.exe

Filesize
184KB

MD5
758b004b21e21d7a9f7bf74ca8a13aa3

SHA1
af07d45e71cccaacfa92f499b8414d0c0ce17b04

SHA256
aa995cd11f29d9e77f0ae3e5666542cc070818cda74c1a68d3bde6e461caecc7

SHA512
726b3ac78a5d08406698470bd8fa5a989c9c8381323a382d026c0b524796977ffea6082468ab02dd6f56109e8ce0eba313a607eeab26dab6704d0e9118f8f14d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe

Filesize
184KB

MD5
7e7f6f3fcb0bdffade0f1c099b3c65a8

SHA1
c8028eff9628c8e8736fcf4c8fa918e7edea7719

SHA256
ba29ef6dcc40ad54af6e86a3d4186ecaaa01e5452acd04a0a626ee2572e9c41a

SHA512
1338f531b3559e67fefafeedc55517e08c8ede15184d708606ee5f3c051d35753c5c30204a59966581f225d482d41e5f77041cc9eafafd2f8223d11b9e8871f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14973.exe

Filesize
184KB

MD5
2a20a3ac27eb21984bf6bb694141bbe0

SHA1
b0f7548cb592c31b632b0ac9c5376d1dc013508e

SHA256
3d015e8a7c6620e26494fabe2b8d0a02e0f6244fc4dc9ad75184cf35d3f1a1bd

SHA512
37495276174298ffd8328b5a88f943bb8d0c6aeca6018b35483673692a8a1702c876878e180e004bd3fa0b7b225fd099b38f3b218429a0fadd376a0dd629e5a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30860.exe

Filesize
184KB

MD5
2b206251207ae01f5e63ff7e52224448

SHA1
ba2c0d81efc963c4f7f383d28988e993ad4183db

SHA256
7206119986b684ed28e427896c26ed2ce3b853632608e9c62b2bb663079b5538

SHA512
3da37e4404fa313838a9b7dc3e4eb5eac484e68566561b6c1dd8f3803a4c6b038c29d1b07a5a6d246ac4ecce465604fc5c2dbe34819ebc92d61d1cb3e26e2689

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42855.exe

Filesize
184KB

MD5
6d065f2f43143816749db4758d1f55a7

SHA1
a2f12d2d94a56b0a7e94a1bcd6fc072898df55b8

SHA256
aa76a39e7aa82c3a83b3ba452900c3ee783f64c29ac9625d1f16360856715f24

SHA512
ddef38bb3f86dafd95f69bae3f201aac9c377aff1047177947160e8a5e738989b8f78be22a3a51d663affb35e7fe02c000eb98693ace8e6d662b845f6b16d88b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46468.exe

Filesize
184KB

MD5
b9c35bb8f42ec05f0180a76c609999a0

SHA1
58b2e42dd62b814b60e356121c0aa502cc31ceb6

SHA256
0953f653defbd73581654b5b0c34b44842cd850f4f5027ec78555b752cecb259

SHA512
1bcae7c78c90f626b1a2e9038a187073e405a9e574baa920ac0e3722b9801687941bfcb671d2fc6a3b165c767e217162cbefbc70357f8cae8b11aa37461a0087

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47513.exe

Filesize
184KB

MD5
4ac6e792cc629808ef1d4dace79dcd04

SHA1
724a5dfe78d0a94163674d8a74e7c11311b70fca

SHA256
d5fb6973251e366b0a65b715650cab0491eadfcf2e7d2163d118cf31616c8166

SHA512
794cac1e161bd1042b279bfe4338ec2a4a87b564c968a4ddbd34ad5bd397b28221c8fb6ad088c310331b46555b2fe9a58490dd0a006b8b472c5000f8c2c7d32d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53015.exe

Filesize
184KB

MD5
08ec007a86d07315ee643de6b96666fd

SHA1
5c03757553474b46d257cc76f53fee581f8d405a

SHA256
479d1cfd09504d72c74ee5e22bfebd79ea09b633bb3f5eb7981854f21ac1f221

SHA512
1b419801c51bf7cb29192a3b32066e5bd3e38b94ac7c8a84637ee957b11b27672916cdbdd8702cb4c0a240c0fd0fb97eec4fcdc12b7a27f0d1f4d063a71e3c1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54743.exe

Filesize
184KB

MD5
5cc1e2eeaf01cd71ec8d7a993422f54d

SHA1
f5eab9bed6bf61f8661291edfcbf7ef389da980b

SHA256
6a8fd7a41b7ec5dcccc110caf0bbc2d2ff5739a87c126aa7e40a36da3ec459ae

SHA512
1cec64a41fe5b0dbcf58f0433f1f22e9636d3eb926774421bd55377cd7b03dafdd2fbb614748fdafd6d0b2f1b82a19165365633ebe9cf46f6486f3cd8dfabeec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-548.exe

Filesize
184KB

MD5
ed0911ebcace1e84bcd67602ca74ea41

SHA1
e5ede1d0106523c2d282e93e1607e391c217c5ae

SHA256
ab2c1233a363e440cb6707d1c28b58e79d285e8f3c947fea093c8645cda974eb

SHA512
314e88f9a08e898b46bf8318e3e5d7865de12145886e68cb11dcaf3b21d50a4157f402d92b15362e4e8b340b1ea7fc221bb90e33568b5e27b09084a7721b021b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58825.exe

Filesize
184KB

MD5
b65a99461e5689f5a93e756d77bbd0c7

SHA1
101c37b5994579fc5c619ed6f2abbbd3a4894eb2

SHA256
cfac70873b45d8bf916b2ecc36a230a58976939e3465dca56138f505aeba19be

SHA512
cf8bb3f9eb2975acbffb6c44ad39ba74a0cdccd259f29e82b477de73a96f391cda5844992f07fc10baf330408ebcfb1698fcdc84b09723d3f7c18eeafa530807

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe

Filesize
184KB

MD5
493902faa6344d79ebde083b0dfc5351

SHA1
7646c9647283f209c9709918b547094d5f36517c

SHA256
fdb2c4f3d11d9ea05b43750b773e90abb26c60f6d5b65a2d4cf74c6d24bc4425

SHA512
0398ede1b9edd6dc236e7ca6b2e1f6176f7b83862f0486f09a290cb8b9b685276b85c8a7e581fa8b88452898c64602698c7c81e6a89d9cb101e9b1ae95215d4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64380.exe

Filesize
184KB

MD5
1407a74bbc9028d7d78a0edd93c250a6

SHA1
4492efefdfb17e6623ca568bac22487fadea6c7e

SHA256
5c7a007ac32538eecbdc13b7906e3dac90542588db25e0095cbcdfd1878d5567

SHA512
82c1369d787379aea8cea7fec5a28065c234f2c53a6a0258001ef1f63ecb0cc609df50794ecc71077faf32d52bcb854f17577b8a68e8cd8f88d79353000fa61e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65038.exe

Filesize
184KB

MD5
6461ed53fc15acec7179fa45195465f7

SHA1
c86dab1da2db4f75a5dd471058ac82a07d33ae72

SHA256
61df73562f037b990d33bb6f236423565e1a9174eacbdbcf33df51f37e73e8c7

SHA512
b8e30f622c4e0f5126fc3d9d12fc5a826664b4e7d014da44d2d2d7c837a57e3b6ec8901593b3431521d1af1e91c82790ec1c563caf14ae9fdef12cf3f450741f

Download Submit