b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
Size

184KB
MD5

b80bc98ed359ca288c895d22fa297d80
SHA1

e95ca61befc2c7b3c8b728b47570aed54291836a
SHA256

b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0
SHA512

009dabfe917a438708e165ceb554fcd57c45952e5451c47ab14970d4dec8251c503d40b0fbf8be592d3f312b47749bc47833c4936c41a2544a730a99468beb5d
SSDEEP

3072:tKZ3dxoZvEwUdnEWe6cLRFeTclnTiF7n3:tKJodQnEdLzeTclnTiF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-46157.exeUnicorn-18667.exeUnicorn-119.exeUnicorn-24879.exeUnicorn-24556.exeUnicorn-25455.exeUnicorn-12201.exeUnicorn-4041.exeUnicorn-52749.exeUnicorn-32883.exeUnicorn-41800.exeUnicorn-19438.exeUnicorn-41390.exeUnicorn-8909.exeUnicorn-4503.exeUnicorn-24238.exeUnicorn-57617.exeUnicorn-57711.exeUnicorn-13035.exeUnicorn-8629.exeUnicorn-24629.exeUnicorn-57171.exeUnicorn-27151.exeUnicorn-58645.exeUnicorn-62812.exeUnicorn-2449.exeUnicorn-17909.exeUnicorn-50451.exeUnicorn-15696.exeUnicorn-61559.exeUnicorn-64211.exeUnicorn-44538.exeUnicorn-62675.exeUnicorn-38384.exeUnicorn-20656.exeUnicorn-56557.exeUnicorn-55187.exeUnicorn-19120.exeUnicorn-39946.exeUnicorn-38995.exeUnicorn-26573.exeUnicorn-59053.exeUnicorn-59629.exeUnicorn-51139.exeUnicorn-18658.exeUnicorn-18431.exeUnicorn-49204.exeUnicorn-2888.exeUnicorn-46786.exeUnicorn-54139.exeUnicorn-8467.exeUnicorn-8467.exeUnicorn-14061.exeUnicorn-44814.exeUnicorn-11430.exeUnicorn-63288.exeUnicorn-62240.exeUnicorn-62816.exeUnicorn-543.exeUnicorn-61482.exeUnicorn-49059.exeUnicorn-34368.exeUnicorn-36698.exeUnicorn-64544.exe

pid	process
2276	Unicorn-46157.exe
1132	Unicorn-18667.exe
2896	Unicorn-119.exe
2148	Unicorn-24879.exe
2456	Unicorn-24556.exe
2244	Unicorn-25455.exe
1160	Unicorn-12201.exe
1248	Unicorn-4041.exe
1840	Unicorn-52749.exe
2564	Unicorn-32883.exe
1784	Unicorn-41800.exe
636	Unicorn-19438.exe
2716	Unicorn-41390.exe
1644	Unicorn-8909.exe
3036	Unicorn-4503.exe
2712	Unicorn-24238.exe
572	Unicorn-57617.exe
1632	Unicorn-57711.exe
1564	Unicorn-13035.exe
784	Unicorn-8629.exe
1624	Unicorn-24629.exe
1844	Unicorn-57171.exe
1956	Unicorn-27151.exe
2960	Unicorn-58645.exe
2888	Unicorn-62812.exe
2824	Unicorn-2449.exe
3060	Unicorn-17909.exe
2100	Unicorn-50451.exe
2252	Unicorn-15696.exe
2700	Unicorn-61559.exe
2672	Unicorn-64211.exe
2632	Unicorn-44538.exe
2472	Unicorn-62675.exe
2532	Unicorn-38384.exe
2624	Unicorn-20656.exe
2368	Unicorn-56557.exe
2080	Unicorn-55187.exe
1672	Unicorn-19120.exe
1216	Unicorn-39946.exe
1480	Unicorn-38995.exe
2580	Unicorn-26573.exe
2576	Unicorn-59053.exe
2188	Unicorn-59629.exe
1128	Unicorn-51139.exe
1980	Unicorn-18658.exe
1984	Unicorn-18431.exe
592	Unicorn-49204.exe
2768	Unicorn-2888.exe
1732	Unicorn-46786.exe
1268	Unicorn-54139.exe
960	Unicorn-8467.exe
1964	Unicorn-8467.exe
2868	Unicorn-14061.exe
2248	Unicorn-44814.exe
2448	Unicorn-11430.exe
2676	Unicorn-63288.exe
2884	Unicorn-62240.exe
1760	Unicorn-62816.exe
2680	Unicorn-543.exe
2524	Unicorn-61482.exe
2696	Unicorn-49059.exe
1008	Unicorn-34368.exe
2340	Unicorn-36698.exe
2688	Unicorn-64544.exe

Loads dropped DLL 64 IoCs

Processes:

b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exeUnicorn-46157.exeUnicorn-18667.exeUnicorn-119.exeWerFault.exeUnicorn-24556.exeUnicorn-25455.exeUnicorn-24879.exeWerFault.exeWerFault.exeUnicorn-12201.exeUnicorn-52749.exeUnicorn-4041.exeUnicorn-32883.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
2276	Unicorn-46157.exe
2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
2276	Unicorn-46157.exe
2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
1132	Unicorn-18667.exe
1132	Unicorn-18667.exe
2276	Unicorn-46157.exe
2276	Unicorn-46157.exe
2896	Unicorn-119.exe
2896	Unicorn-119.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2456	Unicorn-24556.exe
2456	Unicorn-24556.exe
2244	Unicorn-25455.exe
2244	Unicorn-25455.exe
2148	Unicorn-24879.exe
2148	Unicorn-24879.exe
1132	Unicorn-18667.exe
1132	Unicorn-18667.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
2704	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
1976	WerFault.exe
2704	WerFault.exe
1976	WerFault.exe
1160	Unicorn-12201.exe
1160	Unicorn-12201.exe
2456	Unicorn-24556.exe
2456	Unicorn-24556.exe
1840	Unicorn-52749.exe
1840	Unicorn-52749.exe
1248	Unicorn-4041.exe
1248	Unicorn-4041.exe
2148	Unicorn-24879.exe
2148	Unicorn-24879.exe
2244	Unicorn-25455.exe
2244	Unicorn-25455.exe
2564	Unicorn-32883.exe
2564	Unicorn-32883.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2296	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2936	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe
2044	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2460	2312	WerFault.exe	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
2856	2276	WerFault.exe	Unicorn-46157.exe
2704	1132	WerFault.exe	Unicorn-18667.exe
1976	2896	WerFault.exe	Unicorn-119.exe
2296	2456	WerFault.exe	Unicorn-24556.exe
2936	2244	WerFault.exe	Unicorn-25455.exe
2044	2148	WerFault.exe	Unicorn-24879.exe
2124	1160	WerFault.exe	Unicorn-12201.exe
1604	1840	WerFault.exe	Unicorn-52749.exe
2436	1248	WerFault.exe	Unicorn-4041.exe
1536	2564	WerFault.exe	Unicorn-32883.exe
1688	636	WerFault.exe	Unicorn-19438.exe
2552	1784	WerFault.exe	Unicorn-41800.exe
936	1644	WerFault.exe	Unicorn-8909.exe
2728	3036	WerFault.exe	Unicorn-4503.exe
2956	2716	WerFault.exe	Unicorn-41390.exe
1544	2712	WerFault.exe	Unicorn-24238.exe
2816	572	WerFault.exe	Unicorn-57617.exe
2764	1632	WerFault.exe	Unicorn-57711.exe
2216	1564	WerFault.exe	Unicorn-13035.exe
2828	752	WerFault.exe	Unicorn-47777.exe
1408	784	WerFault.exe	Unicorn-8629.exe
2732	1624	WerFault.exe	Unicorn-24629.exe
2420	2960	WerFault.exe	Unicorn-58645.exe
1372	1956	WerFault.exe	Unicorn-27151.exe
2584	2100	WerFault.exe	Unicorn-50451.exe
1768	3060	WerFault.exe	Unicorn-17909.exe
1744	1844	WerFault.exe	Unicorn-57171.exe
1580	2700	WerFault.exe	Unicorn-61559.exe
2832	2532	WerFault.exe	Unicorn-38384.exe
564	2252	WerFault.exe	Unicorn-15696.exe
2608	2888	WerFault.exe	Unicorn-62812.exe
2180	1128	WerFault.exe	Unicorn-51139.exe
2484	2080	WerFault.exe	Unicorn-55187.exe
1500	2368	WerFault.exe	Unicorn-56557.exe
2232	1216	WerFault.exe	Unicorn-39946.exe
1640	2472	WerFault.exe	Unicorn-62675.exe
2664	1980	WerFault.exe	Unicorn-18658.exe
3236	2580	WerFault.exe	Unicorn-26573.exe
3536	2672	WerFault.exe	Unicorn-64211.exe
3552	2768	WerFault.exe	Unicorn-2888.exe
3576	2868	WerFault.exe	Unicorn-14061.exe
3600	2448	WerFault.exe	Unicorn-11430.exe
3700	2632	WerFault.exe	Unicorn-44538.exe
3724	2576	WerFault.exe	Unicorn-59053.exe
3780	1984	WerFault.exe	Unicorn-18431.exe
3796	1672	WerFault.exe	Unicorn-19120.exe
3824	592	WerFault.exe	Unicorn-49204.exe
3868	2824	WerFault.exe	Unicorn-2449.exe
3952	2624	WerFault.exe	Unicorn-20656.exe
3088	2248	WerFault.exe	Unicorn-44814.exe
3184	1760	WerFault.exe	Unicorn-62816.exe
3260	2188	WerFault.exe	Unicorn-59629.exe
3292	2524	WerFault.exe	Unicorn-61482.exe
3344	1732	WerFault.exe	Unicorn-46786.exe
3420	1268	WerFault.exe	Unicorn-54139.exe
3504	2884	WerFault.exe	Unicorn-62240.exe
3632	2676	WerFault.exe	Unicorn-63288.exe
3672	1964	WerFault.exe	Unicorn-8467.exe
3908	1480	WerFault.exe	Unicorn-38995.exe
3976	980	WerFault.exe	Unicorn-59194.exe
3424	1368	WerFault.exe	Unicorn-16832.exe
3856	2696	WerFault.exe	Unicorn-49059.exe
3520	2424	WerFault.exe	Unicorn-44679.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exeUnicorn-46157.exeUnicorn-18667.exeUnicorn-119.exeUnicorn-24879.exeUnicorn-24556.exeUnicorn-25455.exeUnicorn-12201.exeUnicorn-4041.exeUnicorn-32883.exeUnicorn-52749.exeUnicorn-41800.exeUnicorn-19438.exeUnicorn-8909.exeUnicorn-4503.exeUnicorn-41390.exeUnicorn-24238.exeUnicorn-57617.exeUnicorn-57711.exeUnicorn-13035.exeUnicorn-8629.exeUnicorn-24629.exeUnicorn-57171.exeUnicorn-27151.exeUnicorn-58645.exeUnicorn-62812.exeUnicorn-17909.exeUnicorn-2449.exeUnicorn-50451.exeUnicorn-15696.exeUnicorn-61559.exeUnicorn-44538.exeUnicorn-64211.exeUnicorn-20656.exeUnicorn-38384.exeUnicorn-62675.exeUnicorn-56557.exeUnicorn-55187.exeUnicorn-19120.exeUnicorn-39946.exeUnicorn-59053.exeUnicorn-26573.exeUnicorn-59629.exeUnicorn-38995.exeUnicorn-51139.exeUnicorn-18658.exeUnicorn-18431.exeUnicorn-49204.exeUnicorn-2888.exeUnicorn-46786.exeUnicorn-54139.exeUnicorn-8467.exeUnicorn-8467.exeUnicorn-14061.exeUnicorn-44814.exeUnicorn-11430.exeUnicorn-63288.exeUnicorn-62240.exeUnicorn-62816.exeUnicorn-543.exeUnicorn-49059.exeUnicorn-36698.exeUnicorn-34368.exeUnicorn-61482.exe

pid	process
2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
2276	Unicorn-46157.exe
1132	Unicorn-18667.exe
2896	Unicorn-119.exe
2148	Unicorn-24879.exe
2456	Unicorn-24556.exe
2244	Unicorn-25455.exe
1160	Unicorn-12201.exe
1248	Unicorn-4041.exe
2564	Unicorn-32883.exe
1840	Unicorn-52749.exe
1784	Unicorn-41800.exe
636	Unicorn-19438.exe
1644	Unicorn-8909.exe
3036	Unicorn-4503.exe
2716	Unicorn-41390.exe
2712	Unicorn-24238.exe
572	Unicorn-57617.exe
1632	Unicorn-57711.exe
1564	Unicorn-13035.exe
784	Unicorn-8629.exe
1624	Unicorn-24629.exe
1844	Unicorn-57171.exe
1956	Unicorn-27151.exe
2960	Unicorn-58645.exe
2888	Unicorn-62812.exe
3060	Unicorn-17909.exe
2824	Unicorn-2449.exe
2100	Unicorn-50451.exe
2252	Unicorn-15696.exe
2700	Unicorn-61559.exe
2632	Unicorn-44538.exe
2672	Unicorn-64211.exe
2624	Unicorn-20656.exe
2532	Unicorn-38384.exe
2472	Unicorn-62675.exe
2368	Unicorn-56557.exe
2080	Unicorn-55187.exe
1672	Unicorn-19120.exe
1216	Unicorn-39946.exe
2576	Unicorn-59053.exe
2580	Unicorn-26573.exe
2188	Unicorn-59629.exe
1480	Unicorn-38995.exe
1128	Unicorn-51139.exe
1980	Unicorn-18658.exe
1984	Unicorn-18431.exe
592	Unicorn-49204.exe
2768	Unicorn-2888.exe
1732	Unicorn-46786.exe
1268	Unicorn-54139.exe
1964	Unicorn-8467.exe
960	Unicorn-8467.exe
2868	Unicorn-14061.exe
2248	Unicorn-44814.exe
2448	Unicorn-11430.exe
2676	Unicorn-63288.exe
2884	Unicorn-62240.exe
1760	Unicorn-62816.exe
2680	Unicorn-543.exe
2696	Unicorn-49059.exe
2340	Unicorn-36698.exe
1008	Unicorn-34368.exe
2524	Unicorn-61482.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exeUnicorn-46157.exeUnicorn-18667.exeUnicorn-119.exeUnicorn-24556.exeUnicorn-25455.exeUnicorn-24879.exeUnicorn-12201.exe

description	pid	process	target process
PID 2312 wrote to memory of 2276	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-46157.exe
PID 2312 wrote to memory of 2276	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-46157.exe
PID 2312 wrote to memory of 2276	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-46157.exe
PID 2312 wrote to memory of 2276	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-46157.exe
PID 2276 wrote to memory of 1132	2276	Unicorn-46157.exe	Unicorn-18667.exe
PID 2276 wrote to memory of 1132	2276	Unicorn-46157.exe	Unicorn-18667.exe
PID 2276 wrote to memory of 1132	2276	Unicorn-46157.exe	Unicorn-18667.exe
PID 2276 wrote to memory of 1132	2276	Unicorn-46157.exe	Unicorn-18667.exe
PID 2312 wrote to memory of 2896	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-119.exe
PID 2312 wrote to memory of 2896	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-119.exe
PID 2312 wrote to memory of 2896	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-119.exe
PID 2312 wrote to memory of 2896	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	Unicorn-119.exe
PID 2312 wrote to memory of 2460	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	WerFault.exe
PID 2312 wrote to memory of 2460	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	WerFault.exe
PID 2312 wrote to memory of 2460	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	WerFault.exe
PID 2312 wrote to memory of 2460	2312	b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe	WerFault.exe
PID 1132 wrote to memory of 2148	1132	Unicorn-18667.exe	Unicorn-24879.exe
PID 1132 wrote to memory of 2148	1132	Unicorn-18667.exe	Unicorn-24879.exe
PID 1132 wrote to memory of 2148	1132	Unicorn-18667.exe	Unicorn-24879.exe
PID 1132 wrote to memory of 2148	1132	Unicorn-18667.exe	Unicorn-24879.exe
PID 2276 wrote to memory of 2456	2276	Unicorn-46157.exe	Unicorn-24556.exe
PID 2276 wrote to memory of 2456	2276	Unicorn-46157.exe	Unicorn-24556.exe
PID 2276 wrote to memory of 2456	2276	Unicorn-46157.exe	Unicorn-24556.exe
PID 2276 wrote to memory of 2456	2276	Unicorn-46157.exe	Unicorn-24556.exe
PID 2896 wrote to memory of 2244	2896	Unicorn-119.exe	Unicorn-25455.exe
PID 2896 wrote to memory of 2244	2896	Unicorn-119.exe	Unicorn-25455.exe
PID 2896 wrote to memory of 2244	2896	Unicorn-119.exe	Unicorn-25455.exe
PID 2896 wrote to memory of 2244	2896	Unicorn-119.exe	Unicorn-25455.exe
PID 2276 wrote to memory of 2856	2276	Unicorn-46157.exe	WerFault.exe
PID 2276 wrote to memory of 2856	2276	Unicorn-46157.exe	WerFault.exe
PID 2276 wrote to memory of 2856	2276	Unicorn-46157.exe	WerFault.exe
PID 2276 wrote to memory of 2856	2276	Unicorn-46157.exe	WerFault.exe
PID 2456 wrote to memory of 1160	2456	Unicorn-24556.exe	Unicorn-12201.exe
PID 2456 wrote to memory of 1160	2456	Unicorn-24556.exe	Unicorn-12201.exe
PID 2456 wrote to memory of 1160	2456	Unicorn-24556.exe	Unicorn-12201.exe
PID 2456 wrote to memory of 1160	2456	Unicorn-24556.exe	Unicorn-12201.exe
PID 2244 wrote to memory of 1248	2244	Unicorn-25455.exe	Unicorn-4041.exe
PID 2244 wrote to memory of 1248	2244	Unicorn-25455.exe	Unicorn-4041.exe
PID 2244 wrote to memory of 1248	2244	Unicorn-25455.exe	Unicorn-4041.exe
PID 2244 wrote to memory of 1248	2244	Unicorn-25455.exe	Unicorn-4041.exe
PID 2148 wrote to memory of 1840	2148	Unicorn-24879.exe	Unicorn-52749.exe
PID 2148 wrote to memory of 1840	2148	Unicorn-24879.exe	Unicorn-52749.exe
PID 2148 wrote to memory of 1840	2148	Unicorn-24879.exe	Unicorn-52749.exe
PID 2148 wrote to memory of 1840	2148	Unicorn-24879.exe	Unicorn-52749.exe
PID 1132 wrote to memory of 2564	1132	Unicorn-18667.exe	Unicorn-32883.exe
PID 1132 wrote to memory of 2564	1132	Unicorn-18667.exe	Unicorn-32883.exe
PID 1132 wrote to memory of 2564	1132	Unicorn-18667.exe	Unicorn-32883.exe
PID 1132 wrote to memory of 2564	1132	Unicorn-18667.exe	Unicorn-32883.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-18667.exe	WerFault.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-18667.exe	WerFault.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-18667.exe	WerFault.exe
PID 1132 wrote to memory of 2704	1132	Unicorn-18667.exe	WerFault.exe
PID 2896 wrote to memory of 1976	2896	Unicorn-119.exe	WerFault.exe
PID 2896 wrote to memory of 1976	2896	Unicorn-119.exe	WerFault.exe
PID 2896 wrote to memory of 1976	2896	Unicorn-119.exe	WerFault.exe
PID 2896 wrote to memory of 1976	2896	Unicorn-119.exe	WerFault.exe
PID 1160 wrote to memory of 1784	1160	Unicorn-12201.exe	Unicorn-41800.exe
PID 1160 wrote to memory of 1784	1160	Unicorn-12201.exe	Unicorn-41800.exe
PID 1160 wrote to memory of 1784	1160	Unicorn-12201.exe	Unicorn-41800.exe
PID 1160 wrote to memory of 1784	1160	Unicorn-12201.exe	Unicorn-41800.exe
PID 2456 wrote to memory of 636	2456	Unicorn-24556.exe	Unicorn-19438.exe
PID 2456 wrote to memory of 636	2456	Unicorn-24556.exe	Unicorn-19438.exe
PID 2456 wrote to memory of 636	2456	Unicorn-24556.exe	Unicorn-19438.exe
PID 2456 wrote to memory of 636	2456	Unicorn-24556.exe	Unicorn-19438.exe

C:\Users\Admin\AppData\Local\Temp\b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe
"C:\Users\Admin\AppData\Local\Temp\b4adbfb55be38e734d743c55631a13df44f7b4ba12f2bca6b56852de84c695b0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58645.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39946.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35162.exe
9⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58082.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
11⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9647.exe
12⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25799.exe
13⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18854.exe
14⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
14⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
13⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
12⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
11⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
10⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
9⤵
- Program crash
PID:2232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
8⤵
- Program crash
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38995.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59194.exe
8⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-178.exe
9⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34760.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11766.exe
11⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59660.exe
12⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24466.exe
13⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
13⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
12⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
10⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
9⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
8⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37142.exe
9⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31628.exe
10⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21499.exe
11⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60507.exe
12⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
12⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
11⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
10⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
9⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
8⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
7⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32256.exe
8⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59645.exe
10⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
11⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 236
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
11⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
9⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
8⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14720.exe
7⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35739.exe
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23739.exe
11⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
12⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
12⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
11⤵
PID:2496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
10⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
8⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
7⤵
- Program crash
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
6⤵
- Program crash
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4503.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27151.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55187.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34368.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28853.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
11⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25685.exe
12⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21402.exe
13⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 236
13⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
12⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
9⤵
PID:3164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
8⤵
- Program crash
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16832.exe
7⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31123.exe
8⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42298.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55890.exe
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
11⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
12⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
12⤵
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
11⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
9⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 216
8⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
7⤵
- Program crash
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19120.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
7⤵
- Executes dropped EXE
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
9⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-42096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42096.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16144.exe
11⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 236
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
9⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
8⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
6⤵
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57617.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17909.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59629.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62816.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
9⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6316.exe
10⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35208.exe
11⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30940.exe
12⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47195.exe
13⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42720.exe
14⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
14⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 236
13⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
12⤵
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
11⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
10⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
9⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32886.exe
8⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40141.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56566.exe
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8124.exe
11⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
12⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
12⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
9⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16313.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43068.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54573.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14483.exe
11⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13113.exe
12⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
12⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
11⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
8⤵
- Program crash
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
7⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-543.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56497.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38579.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29322.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
11⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51326.exe
12⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 236
12⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 236
11⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
10⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55243.exe
9⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37886.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40600.exe
11⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
11⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
10⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
8⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
7⤵
- Program crash
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
6⤵
- Program crash
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50451.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18431.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34586.exe
7⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23701.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36859.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9957.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58805.exe
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
11⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 236
10⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 236
8⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
7⤵
- Program crash
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47777.exe
6⤵
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 188
7⤵
- Program crash
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
6⤵
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
5⤵
- Program crash
PID:1536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13035.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64211.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59835.exe
9⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63432.exe
10⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11587.exe
11⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23478.exe
12⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37805.exe
13⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16135.exe
14⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 236
14⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 236
13⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 236
12⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
11⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 216
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50962.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2013.exe
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-35595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35595.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30675.exe
12⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62642.exe
13⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
13⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 236
12⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
11⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57951.exe
8⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-462.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29667.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
11⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2459.exe
12⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
13⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
13⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
12⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
10⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
9⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
8⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19867.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32461.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34005.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe
11⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56477.exe
12⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2231.exe
13⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
12⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
9⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 236
8⤵
- Program crash
PID:3420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
7⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57521.exe
8⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61989.exe
10⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7112.exe
11⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59006.exe
12⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
12⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 236
11⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
9⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32289.exe
7⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63835.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37435.exe
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26678.exe
11⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 236
11⤵
PID:852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
8⤵
PID:4628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
6⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8629.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62675.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34776.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1448.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13433.exe
10⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21380.exe
11⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43673.exe
12⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
12⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
9⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
8⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
7⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31409.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10441.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59509.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64541.exe
12⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
12⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1096 -s 216
8⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11430.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
7⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52486.exe
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43200.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2419.exe
10⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
11⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
12⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 236
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
9⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
8⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
7⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
6⤵
- Program crash
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
5⤵
- Program crash
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15696.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
10⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33980.exe
11⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13476.exe
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 236
12⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
11⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
9⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
8⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14671.exe
7⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3946.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22008.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12989.exe
10⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12067.exe
11⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65039.exe
12⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
12⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
11⤵
PID:2064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
8⤵
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
7⤵
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2888.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4817.exe
7⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9102.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8475.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6150.exe
11⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34080.exe
12⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11668.exe
13⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
12⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
10⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59685.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56225.exe
10⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64746.exe
11⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
11⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 236
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
7⤵
- Program crash
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
6⤵
- Program crash
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61559.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46786.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45336.exe
7⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62637.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57381.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49411.exe
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
8⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
7⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
6⤵
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 636 -s 240
5⤵
- Program crash
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-119.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8909.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44814.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17755.exe
9⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34931.exe
10⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
11⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28901.exe
12⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45719.exe
13⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2523.exe
14⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 236
13⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
12⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
11⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
10⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
9⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30945.exe
8⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37771.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13876.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62010.exe
12⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
13⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 236
13⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
12⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
9⤵
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
8⤵
- Program crash
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63288.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24693.exe
8⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54521.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28165.exe
10⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20673.exe
11⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30460.exe
12⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
12⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 216
9⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
8⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
7⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49059.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17392.exe
8⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11545.exe
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57423.exe
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43600.exe
11⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12020.exe
12⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
12⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 216
9⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
8⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8019.exe
7⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49601.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5586.exe
10⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
11⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
8⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
7⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
6⤵
- Program crash
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57171.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56557.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36698.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17063.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61334.exe
10⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28589.exe
11⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
12⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
11⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
8⤵
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
7⤵
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44679.exe
6⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54169.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32215.exe
8⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55264.exe
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
10⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
11⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
10⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
8⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
7⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
6⤵
- Program crash
PID:1744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
5⤵
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2449.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2297.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52963.exe
8⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31276.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45744.exe
11⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29875.exe
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
12⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 236
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
8⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
7⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54596.exe
6⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
7⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46772.exe
9⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59517.exe
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 236
10⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
8⤵
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
7⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
6⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51139.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62240.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6276.exe
7⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14214.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20777.exe
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
10⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56138.exe
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 236
11⤵
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 236
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
8⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
7⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
6⤵
- Program crash
PID:2180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
5⤵
- Program crash
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
2⤵
- Program crash
PID:2460

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-38403.exe

Filesize
184KB

MD5
4c3572cd52a1fb8d390f5a5ef81e5653

SHA1
b76706f363e8203153272b9289b03bf0d71c7dca

SHA256
4e58ec213deca4de77ca914fb770ba1fa5fa5d3363ab52637bdee01f0729de86

SHA512
d1decfcd2ba2220c1137b922e1c3e73684a5d9dc1108b8476ffd28f33e148fc603171c1db56d1eb108defde50dc861121f6e08cbcb43ad60a00d93983fd437e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4041.exe

Filesize
184KB

MD5
9c091678dd710c9220f3cab05872206b

SHA1
d74460d7ce4d45988467cbccf574fea41344bbe9

SHA256
34228556f9f6899a6aa36d4d0f767b30a7e926a46f77af7a965490840406c141

SHA512
3ed70366e584b103617be50d9b74f15af9eacddf5876fded13705f245abbb747a391df70089fc178c6764d7cc0b5f6906f113a1841778235cefc660f7252d840

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52749.exe

Filesize
184KB

MD5
a8461fe2367878b0773c835979493e0d

SHA1
b52160b755c0ce023932e5cee5eccc6c28ee6277

SHA256
c31d35caa3677bc093ebc4e1ff2292428bac2de3655f3b9cd9eb93e6ee17124f

SHA512
c88a349f66585f01f23c956022c0a6f0054453fd3f43fb870a51ead13da247a74dc31848ed3c7e4be0477d6d79aeed070e60e4b246d501b19f417db202e1176a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-119.exe

Filesize
184KB

MD5
3e436700a45e4884964482a3bb928beb

SHA1
71bca572a0e965cf81abaa30e33a17cdff4656ed

SHA256
c10d138dc50e9b8e8f3ebea3cf9e610f85e6d5223a425866a1b43a7aaaf21628

SHA512
c7afd2e43969b16749b6226c1d9d909a22d88ec439eb80fd6b757a1e1790e45ce15ec306d2723dc5bf047a073e1dd6b5a5aa2c5ea97a063d10ee4ec658bf34ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12201.exe

Filesize
184KB

MD5
8dc444691d3e040d074c12e4e725a154

SHA1
92636ef9c6bd5dd893b8601512977870c27e6136

SHA256
04d2ce6d8ab968aac3be950068de58ed6f03c16388f4938cb0271a5b32c96808

SHA512
9cd4f3412c32cefdf662333f1d7fb67a33bdf9ee7a4fb3d63510a5a8cfd5e497c03feee9777b6f29a46d302be42fa8b0ea930ebe878a5e8155813bd8f3591665

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18667.exe

Filesize
184KB

MD5
39fad03bfa42703c4f78df8fd80e262a

SHA1
aaddf49fdf6f5c7a0e3241dd892fda3b27abd0f0

SHA256
c358416db428a139a736b4279b0067005672bfb52fcd34cac722a8b8d65d1413

SHA512
0d8197b8348df4c9e27441d7902f96824c331035cfc0e2283bfff2587f17e87395195c16c848405c4e2a5fda18c981d89d0b312bba4cc050935a1e3663358998

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19438.exe

Filesize
184KB

MD5
27e6c1d5a7ad47dc2a6c27fb1e5cffc9

SHA1
924090d6ca6c0b67b1b79d6031dd4089f81122ae

SHA256
44805ee592f01cd34ea0b44c35afb5a5119ad38625774c23a7b8b5b9134a9ebd

SHA512
caf95b01f3bc2e26c0caaf6dfffdc2d34b97ce30e408ddbed04584408f60bf05c9ba16c6332ee5834a6023149319279fdcaea91247d5a46c3922789fcb05f7e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe

Filesize
184KB

MD5
2adb285f18561f3f1168980f14213804

SHA1
61da6efd999ae7b628f32a92ab48a4d64a94f4ed

SHA256
1d597a7a3fb97f22bd03ea3c2ac8f85882daaeb0f401aecf0bb8280964e4713c

SHA512
c7c21408ce80b49c791bd5f6d83fedf9186428b1a894fc1f1403d9b1366f172fbbbc45634411769b7bac315e1a3da1951449f3fe1379790ff0a229987ae02002

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24879.exe

Filesize
184KB

MD5
359a6cdf415138630bb6ca2f54c7ab23

SHA1
780c62da50b34d3228d65be5c47169d93de2a743

SHA256
487f722df41d6f3c31f2337bdf39771ad6ec48b3fbe5ce69b71abb323b587135

SHA512
a6f067ccd3cd6115e8d8160d19ba4db8fa053c0861d37cc313bd2dfa6fb91ebc7131d173d74b74994305cb5efb0cb5d4496e6bae1e933c149845f367816eb604

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe

Filesize
184KB

MD5
63bf189c853d24dd5541b486a2675a90

SHA1
1349714e57af9bd6e12359d16bee50c645443c73

SHA256
01953103194eb3b321ba57d9283a6389269d81898f83d7629944250d802f44fc

SHA512
fff6902a6b0d1993e02039c66c17ff00c43b3f3d574693fcb90c8e48bd3e24782b85b167b75cf7a750db0fa15dc8c6453a129afab138c720948a5c18a3fd5f7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32883.exe

Filesize
184KB

MD5
446e4d27924c2afba1e480cd94909fc2

SHA1
f4213be61742f31e753c3dd63f0a65ffd260a5f5

SHA256
ea870e1ad52b5f5ce45d12c8cf4d82ff84444cd130ab0998e09435544d217f61

SHA512
43631cdbf16f5e281da155023cab0dcdb5a8173e8209c232355f76a7d1223de59ecba97e70934b49d5f46f4917dba947f037c26e27b1e19699d34a5298d3eeb3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41390.exe

Filesize
184KB

MD5
bec03f3e314da35243021776fdaec6f4

SHA1
5691567c445baf32f309f3e0622c6a86ef8b0ddc

SHA256
aa069d8abd74c892f56c7450c182d088492e63b4b907a2a791d494a94443fdb3

SHA512
e0a16d94f4977e6d5d4e9cdb4bad23c26ecec7503e4cf1143acd2fd16829107363126fdc39f0a25f2195d71993d75258d9c089729abed6cdb1bfe6f8f9ddc146

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe

Filesize
184KB

MD5
e69cae94696970dc85fa80a276519578

SHA1
128a7963fe911c9701fe85e60b43eb32b93bc66b

SHA256
95169d13fe0c52a8f4d9d70a5ce01a893efdb9627343d53c8c8473fe9d270e26

SHA512
441b0b95660db8a5316a1a1ba213646f8bc4a8f80d8fbb982daebeec44f058c69010a2f6b046514a40ec257a8b360c4f4b963e66aa52f5a379208772b718217a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe

Filesize
184KB

MD5
c16c0b58fc7d3957e8c689dcb5cc9177

SHA1
f3e9a0b3adea71561f578dd790a8a4c5981bb913

SHA256
a7b00a36dc2bdb6d1df85a0c8c432c1432cb88e0294ff86840dce8d2b6a98163

SHA512
89fc158c1cc9d39260f0fb9e111a232570547915bad06bbaaaaec0b5cb972b3ab87f263e8f78126af6894966face1c94dbb7f48f02708c2658913444bbe8e0f6

Download Submit