6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
Size

184KB
MD5

eb422268aee403378b6e8646b2b2a49a
SHA1

25f0b054c05e42effdf67ddc24071c96814c5a71
SHA256

6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78
SHA512

81e2075911afa07473ca5d1f7054492015ba6dde41e490af23463a833ea2fd024f94f3183eff618aca1b64ca59ba391d0af9b3cc061298ca741303b93d4acdb2
SSDEEP

1536:DBdE6ZZ5un1NoDx1ULcAl2wMjMhyvZc8YidxjwLJGLQetFhl5hj5nizpvg:VJYn1NoNSLcPdj+We2wLJTsFhlnViFI

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-40183.exeUnicorn-56794.exeUnicorn-41012.exeUnicorn-25046.exeUnicorn-22585.exeUnicorn-15809.exeUnicorn-15398.exeUnicorn-35819.exeUnicorn-13452.exeUnicorn-32481.exeUnicorn-59124.exeUnicorn-5367.exeUnicorn-48709.exeUnicorn-46016.exeUnicorn-60961.exeUnicorn-23458.exeUnicorn-39986.exeUnicorn-24204.exeUnicorn-48154.exeUnicorn-105.exeUnicorn-63182.exeUnicorn-27817.exeUnicorn-42761.exeUnicorn-5258.exeUnicorn-44729.exeUnicorn-55590.exeUnicorn-42783.exeUnicorn-63203.exeUnicorn-36561.exeUnicorn-5834.exeUnicorn-6197.exeUnicorn-16717.exeUnicorn-62388.exeUnicorn-19239.exeUnicorn-25461.exeUnicorn-48574.exeUnicorn-45689.exeUnicorn-29907.exeUnicorn-57941.exeUnicorn-15517.exeUnicorn-21185.exeUnicorn-17655.exeUnicorn-6794.exeUnicorn-52466.exeUnicorn-3250.exeUnicorn-54397.exeUnicorn-54397.exeUnicorn-42145.exeUnicorn-57090.exeUnicorn-7889.exeUnicorn-50204.exeUnicorn-38506.exeUnicorn-27646.exeUnicorn-29400.exeUnicorn-23370.exeUnicorn-7588.exeUnicorn-54651.exeUnicorn-13639.exeUnicorn-3888.exeUnicorn-5279.exeUnicorn-9363.exeUnicorn-26276.exeUnicorn-61086.exeUnicorn-57557.exe

pid	process
2084	Unicorn-40183.exe
2148	Unicorn-56794.exe
2520	Unicorn-41012.exe
2616	Unicorn-25046.exe
1556	Unicorn-22585.exe
1344	Unicorn-15809.exe
2780	Unicorn-15398.exe
1848	Unicorn-35819.exe
112	Unicorn-13452.exe
1212	Unicorn-32481.exe
1432	Unicorn-59124.exe
1632	Unicorn-5367.exe
2164	Unicorn-48709.exe
1772	Unicorn-46016.exe
1592	Unicorn-60961.exe
2652	Unicorn-23458.exe
2748	Unicorn-39986.exe
2252	Unicorn-24204.exe
2120	Unicorn-48154.exe
1768	Unicorn-105.exe
2112	Unicorn-63182.exe
1548	Unicorn-27817.exe
3024	Unicorn-42761.exe
604	Unicorn-5258.exe
3004	Unicorn-44729.exe
3000	Unicorn-55590.exe
1120	Unicorn-42783.exe
2116	Unicorn-63203.exe
1764	Unicorn-36561.exe
2092	Unicorn-5834.exe
1716	Unicorn-6197.exe
2472	Unicorn-16717.exe
2480	Unicorn-62388.exe
2444	Unicorn-19239.exe
2336	Unicorn-25461.exe
2776	Unicorn-48574.exe
668	Unicorn-45689.exe
1952	Unicorn-29907.exe
904	Unicorn-57941.exe
828	Unicorn-15517.exe
624	Unicorn-21185.exe
1920	Unicorn-17655.exe
2168	Unicorn-6794.exe
1360	Unicorn-52466.exe
2280	Unicorn-3250.exe
1756	Unicorn-54397.exe
2140	Unicorn-54397.exe
884	Unicorn-42145.exe
1708	Unicorn-57090.exe
2384	Unicorn-7889.exe
1484	Unicorn-50204.exe
1976	Unicorn-38506.exe
2852	Unicorn-27646.exe
240	Unicorn-29400.exe
1496	Unicorn-23370.exe
2476	Unicorn-7588.exe
2604	Unicorn-54651.exe
2332	Unicorn-13639.exe
2408	Unicorn-3888.exe
2316	Unicorn-5279.exe
576	Unicorn-9363.exe
1476	Unicorn-26276.exe
964	Unicorn-61086.exe
2300	Unicorn-57557.exe

Loads dropped DLL 64 IoCs

Processes:

6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exeUnicorn-40183.exeUnicorn-56794.exeUnicorn-41012.exeWerFault.exeUnicorn-22585.exeUnicorn-15809.exeUnicorn-25046.exeWerFault.exeWerFault.exeUnicorn-15398.exeUnicorn-35819.exeUnicorn-59124.exeUnicorn-13452.exeUnicorn-32481.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
2084	Unicorn-40183.exe
2084	Unicorn-40183.exe
2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
2148	Unicorn-56794.exe
2084	Unicorn-40183.exe
2148	Unicorn-56794.exe
2084	Unicorn-40183.exe
2520	Unicorn-41012.exe
2520	Unicorn-41012.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
2404	WerFault.exe
1556	Unicorn-22585.exe
1556	Unicorn-22585.exe
1344	Unicorn-15809.exe
1344	Unicorn-15809.exe
2520	Unicorn-41012.exe
2520	Unicorn-41012.exe
2616	Unicorn-25046.exe
2148	Unicorn-56794.exe
2616	Unicorn-25046.exe
2148	Unicorn-56794.exe
2304	WerFault.exe
2304	WerFault.exe
2304	WerFault.exe
2304	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
948	WerFault.exe
2304	WerFault.exe
948	WerFault.exe
2780	Unicorn-15398.exe
2780	Unicorn-15398.exe
1556	Unicorn-22585.exe
1556	Unicorn-22585.exe
1848	Unicorn-35819.exe
1344	Unicorn-15809.exe
1344	Unicorn-15809.exe
1848	Unicorn-35819.exe
1432	Unicorn-59124.exe
1432	Unicorn-59124.exe
112	Unicorn-13452.exe
112	Unicorn-13452.exe
2616	Unicorn-25046.exe
2616	Unicorn-25046.exe
1212	Unicorn-32481.exe
1212	Unicorn-32481.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
1636	WerFault.exe
836	WerFault.exe
836	WerFault.exe
836	WerFault.exe
836	WerFault.exe
836	WerFault.exe
1136	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2544	2808	WerFault.exe	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
2404	2084	WerFault.exe	Unicorn-40183.exe
2304	2148	WerFault.exe	Unicorn-56794.exe
948	2520	WerFault.exe	Unicorn-41012.exe
1636	1556	WerFault.exe	Unicorn-22585.exe
836	1344	WerFault.exe	Unicorn-15809.exe
1136	2616	WerFault.exe	Unicorn-25046.exe
1216	2780	WerFault.exe	Unicorn-15398.exe
1748	1848	WerFault.exe	Unicorn-35819.exe
1324	1432	WerFault.exe	Unicorn-59124.exe
2628	1768	WerFault.exe	Unicorn-105.exe
2696	112	WerFault.exe	Unicorn-13452.exe
2368	1212	WerFault.exe	Unicorn-32481.exe
2156	1632	WerFault.exe	Unicorn-5367.exe
1084	1772	WerFault.exe	Unicorn-46016.exe
2788	2164	WerFault.exe	Unicorn-48709.exe
2904	2652	WerFault.exe	Unicorn-23458.exe
1700	2252	WerFault.exe	Unicorn-24204.exe
2976	2748	WerFault.exe	Unicorn-39986.exe
2728	1592	WerFault.exe	Unicorn-60961.exe
2072	2120	WerFault.exe	Unicorn-48154.exe
1488	2112	WerFault.exe	Unicorn-63182.exe
1168	1548	WerFault.exe	Unicorn-27817.exe
1944	3004	WerFault.exe	Unicorn-44729.exe
1956	3024	WerFault.exe	Unicorn-42761.exe
1052	2184	WerFault.exe	Unicorn-32943.exe
2200	2472	WerFault.exe	Unicorn-16717.exe
2172	1764	WerFault.exe	Unicorn-36561.exe
2276	2444	WerFault.exe	Unicorn-19239.exe
764	2480	WerFault.exe	Unicorn-62388.exe
2508	2092	WerFault.exe	Unicorn-5834.exe
2928	604	WerFault.exe	Unicorn-5258.exe
2436	904	WerFault.exe	Unicorn-57941.exe
1932	1756	WerFault.exe	Unicorn-54397.exe
1152	1708	WerFault.exe	Unicorn-57090.exe
2500	1360	WerFault.exe	Unicorn-52466.exe
1704	884	WerFault.exe	Unicorn-42145.exe
3644	2116	WerFault.exe	Unicorn-63203.exe
3680	1920	WerFault.exe	Unicorn-17655.exe
3720	3000	WerFault.exe	Unicorn-55590.exe
3752	1716	WerFault.exe	Unicorn-6197.exe
3852	1952	WerFault.exe	Unicorn-29907.exe
3872	1120	WerFault.exe	Unicorn-42783.exe
3888	828	WerFault.exe	Unicorn-15517.exe
3916	2140	WerFault.exe	Unicorn-54397.exe
3908	2776	WerFault.exe	Unicorn-48574.exe
3980	624	WerFault.exe	Unicorn-21185.exe
4012	668	WerFault.exe	Unicorn-45689.exe
3176	800	WerFault.exe	Unicorn-17916.exe
3276	2604	WerFault.exe	Unicorn-54651.exe
3404	2552	WerFault.exe	Unicorn-59503.exe
3424	2476	WerFault.exe	Unicorn-7588.exe
3432	2336	WerFault.exe	Unicorn-25461.exe
3476	2216	WerFault.exe	Unicorn-24138.exe
3668	3020	WerFault.exe	Unicorn-60593.exe
3716	2536	WerFault.exe	Unicorn-24692.exe
3848	2168	WerFault.exe	Unicorn-6794.exe
3864	2400	WerFault.exe	Unicorn-55611.exe
3900	1496	WerFault.exe	Unicorn-23370.exe
3992	2384	WerFault.exe	Unicorn-7889.exe
3820	2772	WerFault.exe	Unicorn-22576.exe
3228	2712	WerFault.exe	Unicorn-60894.exe
3220	2300	WerFault.exe	Unicorn-57557.exe
3328	2280	WerFault.exe	Unicorn-3250.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exeUnicorn-40183.exeUnicorn-56794.exeUnicorn-41012.exeUnicorn-22585.exeUnicorn-25046.exeUnicorn-15809.exeUnicorn-15398.exeUnicorn-35819.exeUnicorn-13452.exeUnicorn-32481.exeUnicorn-59124.exeUnicorn-5367.exeUnicorn-46016.exeUnicorn-48709.exeUnicorn-60961.exeUnicorn-23458.exeUnicorn-24204.exeUnicorn-39986.exeUnicorn-48154.exeUnicorn-105.exeUnicorn-63182.exeUnicorn-27817.exeUnicorn-42761.exeUnicorn-55590.exeUnicorn-44729.exeUnicorn-5258.exeUnicorn-42783.exeUnicorn-63203.exeUnicorn-36561.exeUnicorn-5834.exeUnicorn-6197.exeUnicorn-16717.exeUnicorn-62388.exeUnicorn-19239.exeUnicorn-25461.exeUnicorn-48574.exeUnicorn-45689.exeUnicorn-29907.exeUnicorn-57941.exeUnicorn-15517.exeUnicorn-21185.exeUnicorn-17655.exeUnicorn-52466.exeUnicorn-6794.exeUnicorn-3250.exeUnicorn-54397.exeUnicorn-54397.exeUnicorn-7889.exeUnicorn-42145.exeUnicorn-57090.exeUnicorn-50204.exeUnicorn-38506.exeUnicorn-27646.exeUnicorn-29400.exeUnicorn-23370.exeUnicorn-7588.exeUnicorn-54651.exeUnicorn-13639.exeUnicorn-3888.exeUnicorn-5279.exeUnicorn-9363.exeUnicorn-26276.exeUnicorn-61086.exe

pid	process
2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
2084	Unicorn-40183.exe
2148	Unicorn-56794.exe
2520	Unicorn-41012.exe
1556	Unicorn-22585.exe
2616	Unicorn-25046.exe
1344	Unicorn-15809.exe
2780	Unicorn-15398.exe
1848	Unicorn-35819.exe
112	Unicorn-13452.exe
1212	Unicorn-32481.exe
1432	Unicorn-59124.exe
1632	Unicorn-5367.exe
1772	Unicorn-46016.exe
2164	Unicorn-48709.exe
1592	Unicorn-60961.exe
2652	Unicorn-23458.exe
2252	Unicorn-24204.exe
2748	Unicorn-39986.exe
2120	Unicorn-48154.exe
1768	Unicorn-105.exe
2112	Unicorn-63182.exe
1548	Unicorn-27817.exe
3024	Unicorn-42761.exe
3000	Unicorn-55590.exe
3004	Unicorn-44729.exe
604	Unicorn-5258.exe
1120	Unicorn-42783.exe
2116	Unicorn-63203.exe
1764	Unicorn-36561.exe
2092	Unicorn-5834.exe
1716	Unicorn-6197.exe
2472	Unicorn-16717.exe
2480	Unicorn-62388.exe
2444	Unicorn-19239.exe
2336	Unicorn-25461.exe
2776	Unicorn-48574.exe
668	Unicorn-45689.exe
1952	Unicorn-29907.exe
904	Unicorn-57941.exe
828	Unicorn-15517.exe
624	Unicorn-21185.exe
1920	Unicorn-17655.exe
1360	Unicorn-52466.exe
2168	Unicorn-6794.exe
2280	Unicorn-3250.exe
1756	Unicorn-54397.exe
2140	Unicorn-54397.exe
2384	Unicorn-7889.exe
884	Unicorn-42145.exe
1708	Unicorn-57090.exe
1484	Unicorn-50204.exe
1976	Unicorn-38506.exe
2852	Unicorn-27646.exe
240	Unicorn-29400.exe
1496	Unicorn-23370.exe
2476	Unicorn-7588.exe
2604	Unicorn-54651.exe
2332	Unicorn-13639.exe
2408	Unicorn-3888.exe
2316	Unicorn-5279.exe
576	Unicorn-9363.exe
1476	Unicorn-26276.exe
964	Unicorn-61086.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exeUnicorn-40183.exeUnicorn-56794.exeUnicorn-41012.exeUnicorn-22585.exeUnicorn-15809.exeUnicorn-25046.exeUnicorn-15398.exe

description	pid	process	target process
PID 2808 wrote to memory of 2084	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-40183.exe
PID 2808 wrote to memory of 2084	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-40183.exe
PID 2808 wrote to memory of 2084	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-40183.exe
PID 2808 wrote to memory of 2084	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-40183.exe
PID 2084 wrote to memory of 2148	2084	Unicorn-40183.exe	Unicorn-56794.exe
PID 2084 wrote to memory of 2148	2084	Unicorn-40183.exe	Unicorn-56794.exe
PID 2084 wrote to memory of 2148	2084	Unicorn-40183.exe	Unicorn-56794.exe
PID 2084 wrote to memory of 2148	2084	Unicorn-40183.exe	Unicorn-56794.exe
PID 2808 wrote to memory of 2520	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-41012.exe
PID 2808 wrote to memory of 2520	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-41012.exe
PID 2808 wrote to memory of 2520	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-41012.exe
PID 2808 wrote to memory of 2520	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	Unicorn-41012.exe
PID 2808 wrote to memory of 2544	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	WerFault.exe
PID 2808 wrote to memory of 2544	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	WerFault.exe
PID 2808 wrote to memory of 2544	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	WerFault.exe
PID 2808 wrote to memory of 2544	2808	6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe	WerFault.exe
PID 2148 wrote to memory of 2616	2148	Unicorn-56794.exe	Unicorn-25046.exe
PID 2148 wrote to memory of 2616	2148	Unicorn-56794.exe	Unicorn-25046.exe
PID 2148 wrote to memory of 2616	2148	Unicorn-56794.exe	Unicorn-25046.exe
PID 2148 wrote to memory of 2616	2148	Unicorn-56794.exe	Unicorn-25046.exe
PID 2084 wrote to memory of 1556	2084	Unicorn-40183.exe	Unicorn-22585.exe
PID 2084 wrote to memory of 1556	2084	Unicorn-40183.exe	Unicorn-22585.exe
PID 2084 wrote to memory of 1556	2084	Unicorn-40183.exe	Unicorn-22585.exe
PID 2084 wrote to memory of 1556	2084	Unicorn-40183.exe	Unicorn-22585.exe
PID 2520 wrote to memory of 1344	2520	Unicorn-41012.exe	Unicorn-15809.exe
PID 2520 wrote to memory of 1344	2520	Unicorn-41012.exe	Unicorn-15809.exe
PID 2520 wrote to memory of 1344	2520	Unicorn-41012.exe	Unicorn-15809.exe
PID 2520 wrote to memory of 1344	2520	Unicorn-41012.exe	Unicorn-15809.exe
PID 2084 wrote to memory of 2404	2084	Unicorn-40183.exe	WerFault.exe
PID 2084 wrote to memory of 2404	2084	Unicorn-40183.exe	WerFault.exe
PID 2084 wrote to memory of 2404	2084	Unicorn-40183.exe	WerFault.exe
PID 2084 wrote to memory of 2404	2084	Unicorn-40183.exe	WerFault.exe
PID 1556 wrote to memory of 2780	1556	Unicorn-22585.exe	Unicorn-15398.exe
PID 1556 wrote to memory of 2780	1556	Unicorn-22585.exe	Unicorn-15398.exe
PID 1556 wrote to memory of 2780	1556	Unicorn-22585.exe	Unicorn-15398.exe
PID 1556 wrote to memory of 2780	1556	Unicorn-22585.exe	Unicorn-15398.exe
PID 1344 wrote to memory of 1848	1344	Unicorn-15809.exe	Unicorn-35819.exe
PID 1344 wrote to memory of 1848	1344	Unicorn-15809.exe	Unicorn-35819.exe
PID 1344 wrote to memory of 1848	1344	Unicorn-15809.exe	Unicorn-35819.exe
PID 1344 wrote to memory of 1848	1344	Unicorn-15809.exe	Unicorn-35819.exe
PID 2520 wrote to memory of 1432	2520	Unicorn-41012.exe	Unicorn-59124.exe
PID 2520 wrote to memory of 1432	2520	Unicorn-41012.exe	Unicorn-59124.exe
PID 2520 wrote to memory of 1432	2520	Unicorn-41012.exe	Unicorn-59124.exe
PID 2520 wrote to memory of 1432	2520	Unicorn-41012.exe	Unicorn-59124.exe
PID 2616 wrote to memory of 112	2616	Unicorn-25046.exe	Unicorn-13452.exe
PID 2616 wrote to memory of 112	2616	Unicorn-25046.exe	Unicorn-13452.exe
PID 2616 wrote to memory of 112	2616	Unicorn-25046.exe	Unicorn-13452.exe
PID 2616 wrote to memory of 112	2616	Unicorn-25046.exe	Unicorn-13452.exe
PID 2148 wrote to memory of 1212	2148	Unicorn-56794.exe	Unicorn-32481.exe
PID 2148 wrote to memory of 1212	2148	Unicorn-56794.exe	Unicorn-32481.exe
PID 2148 wrote to memory of 1212	2148	Unicorn-56794.exe	Unicorn-32481.exe
PID 2148 wrote to memory of 1212	2148	Unicorn-56794.exe	Unicorn-32481.exe
PID 2148 wrote to memory of 2304	2148	Unicorn-56794.exe	WerFault.exe
PID 2148 wrote to memory of 2304	2148	Unicorn-56794.exe	WerFault.exe
PID 2148 wrote to memory of 2304	2148	Unicorn-56794.exe	WerFault.exe
PID 2148 wrote to memory of 2304	2148	Unicorn-56794.exe	WerFault.exe
PID 2520 wrote to memory of 948	2520	Unicorn-41012.exe	WerFault.exe
PID 2520 wrote to memory of 948	2520	Unicorn-41012.exe	WerFault.exe
PID 2520 wrote to memory of 948	2520	Unicorn-41012.exe	WerFault.exe
PID 2520 wrote to memory of 948	2520	Unicorn-41012.exe	WerFault.exe
PID 2780 wrote to memory of 1632	2780	Unicorn-15398.exe	Unicorn-5367.exe
PID 2780 wrote to memory of 1632	2780	Unicorn-15398.exe	Unicorn-5367.exe
PID 2780 wrote to memory of 1632	2780	Unicorn-15398.exe	Unicorn-5367.exe
PID 2780 wrote to memory of 1632	2780	Unicorn-15398.exe	Unicorn-5367.exe

C:\Users\Admin\AppData\Local\Temp\6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe
"C:\Users\Admin\AppData\Local\Temp\6a97551346b94c47c453d6c2168822c7162c58f80019915783e4213ea3e77a78.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39986.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21185.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46696.exe
9⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
10⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39670.exe
11⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16754.exe
12⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe
13⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
13⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
12⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 216
11⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
10⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
9⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8548.exe
8⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23510.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46172.exe
10⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30765.exe
11⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 220
12⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
11⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
9⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
8⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17655.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26084.exe
8⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19810.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29634.exe
11⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
12⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7208.exe
13⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
13⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
11⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
9⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
8⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
7⤵
- Program crash
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
6⤵
- Program crash
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24204.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42783.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13639.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36556.exe
9⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32633.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25934.exe
11⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54548.exe
12⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5236.exe
13⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
12⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
11⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
10⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
9⤵
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
8⤵
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32493.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52005.exe
9⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1232.exe
10⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
11⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
9⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
8⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
7⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15517.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49727.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30257.exe
11⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
8⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
7⤵
- Program crash
PID:3888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
6⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48154.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42145.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
8⤵
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18466.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
10⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7583.exe
11⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60796.exe
12⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
13⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 236
13⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
12⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
11⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
10⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
9⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
8⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59503.exe
7⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45108.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36276.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11631.exe
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55669.exe
11⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40030.exe
12⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 216
12⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 236
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
9⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
8⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57090.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
7⤵
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64158.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47215.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33910.exe
10⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
11⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
12⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6380 -s 216
11⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
8⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
7⤵
- Program crash
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
6⤵
- Program crash
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17916.exe
7⤵
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55606.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-204.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33422.exe
10⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62877.exe
11⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11105.exe
12⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 236
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
11⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 236
8⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
7⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10302.exe
6⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
7⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
8⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3847.exe
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44486.exe
10⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11489.exe
11⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 236
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
8⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
7⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 220
6⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
5⤵
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-105.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62388.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27646.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23837.exe
8⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53084.exe
9⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5497.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9981.exe
11⤵
PID:6548

C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65238.exe
12⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
13⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6548 -s 216
12⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 236
11⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 216
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 236
9⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45471.exe
8⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50801.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56691.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34899.exe
12⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 220
12⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
11⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 216
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12523.exe
7⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63582.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50915.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62306.exe
10⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41035.exe
11⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38511.exe
12⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
8⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
7⤵
- Program crash
PID:764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
6⤵
- Program crash
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63182.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16717.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50204.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60593.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48123.exe
9⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16240.exe
10⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18430.exe
11⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
12⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56414.exe
13⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
13⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
12⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
11⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
10⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
9⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23104.exe
8⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59462.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14143.exe
11⤵
PID:7904

C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6227.exe
12⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 216
12⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
11⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
9⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49088.exe
7⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20220.exe
8⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
9⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36624.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3785.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37935.exe
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
12⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
8⤵
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38506.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26359.exe
7⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4459.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52477.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17121.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29302.exe
11⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14478.exe
12⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
12⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62383.exe
7⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44693.exe
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
9⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13816.exe
10⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20182.exe
11⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 236
11⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
10⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
8⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
7⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
6⤵
- Program crash
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
5⤵
- Program crash
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44729.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
7⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-56997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56997.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37989.exe
10⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11790.exe
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
11⤵
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
10⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 216
8⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
7⤵
- Program crash
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55611.exe
6⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-12928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12928.exe
7⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13006.exe
8⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49815.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58165.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39834.exe
11⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 236
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 236
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
8⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
7⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
6⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29907.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9363.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37947.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17112.exe
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19769.exe
9⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
10⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
10⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 236
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
7⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
6⤵
- Program crash
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
5⤵
- Program crash
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27817.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25461.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29400.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58647.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7967.exe
10⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12923.exe
11⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45456.exe
12⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
13⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-29772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29772.exe
14⤵
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
14⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
13⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 236
12⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
11⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61807.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23396.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60552.exe
11⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24398.exe
12⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8635.exe
13⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
12⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 220
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32943.exe
8⤵
PID:2184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 188
9⤵
- Program crash
PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
8⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7588.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36473.exe
8⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27018.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43650.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30874.exe
11⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8113.exe
12⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32294.exe
13⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
13⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
12⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
11⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27572.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22078.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
10⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26313.exe
11⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 200
12⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 236
11⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
8⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17911.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31777.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5845.exe
10⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9268.exe
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
11⤵
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 236
10⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
8⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 236
7⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
6⤵
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42761.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23370.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55907.exe
8⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53271.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57791.exe
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5373.exe
11⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49289.exe
12⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
12⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 236
11⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
9⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
8⤵
- Program crash
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
7⤵
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54651.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10598.exe
7⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18186.exe
8⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23500.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9976.exe
10⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
11⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
11⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 216
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 236
8⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
7⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
6⤵
- Program crash
PID:1956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
5⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36561.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24138.exe
7⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57853.exe
8⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20516.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26214.exe
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18721.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43778.exe
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
11⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
9⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
8⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42071.exe
7⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
8⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37278.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38708.exe
11⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 236
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 236
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
9⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 216
8⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
7⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
6⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10261.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45747.exe
10⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40078.exe
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
11⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
8⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
7⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
6⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52466.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-20054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20054.exe
6⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
7⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50998.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56904.exe
10⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
11⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 236
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
8⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
7⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
6⤵
- Program crash
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
5⤵
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5258.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61086.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-42799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42799.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46157.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
11⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
11⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 236
10⤵
PID:972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
9⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
8⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
7⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
6⤵
- Executes dropped EXE
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47246.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18238.exe
9⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4522.exe
10⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11681.exe
11⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
11⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
10⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
8⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
7⤵
- Program crash
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
6⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7889.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22576.exe
6⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49493.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23121.exe
8⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45155.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52052.exe
10⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60965.exe
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 236
11⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 236
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
8⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
7⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37795.exe
6⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
7⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52301.exe
8⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56987.exe
9⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57130.exe
10⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
10⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 236
9⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
8⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
7⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
6⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
5⤵
- Program crash
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3250.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60894.exe
6⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24989.exe
7⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13307.exe
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43017.exe
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20750.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40929.exe
11⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 220
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
10⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
8⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
7⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7645.exe
6⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60837.exe
7⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59654.exe
8⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64221.exe
9⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38516.exe
10⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
9⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
8⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
7⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
6⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
5⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54620.exe
6⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-967.exe
7⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe
8⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49198.exe
9⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 236
9⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 236
8⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
7⤵
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
6⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
5⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
4⤵
- Program crash
PID:1324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
2⤵
- Program crash
PID:2544

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe

Filesize
184KB

MD5
a08a0e26a0b33c23b711cd12851c1a40

SHA1
30ce4e46f40d33c0ca695638cc29c811a079330b

SHA256
2f8d06788e5907530634b4b07d08f026e61b0ab42369021dc0b0af8e665198dc

SHA512
5fc2ee541fa989c8f72efc976f045d59681f6323474b52317c79073c870c087270268299e06e2b3416fd90108b6c145bc53157a054e4b501680924459243da06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15809.exe

Filesize
184KB

MD5
b04bd6408ea524090ccf78425cdb636d

SHA1
a40ecadebedd2261d145c2f9a25692834c861e94

SHA256
0594e4764ceedd6759c0c2f0dd4f96cd880881e1ffc0d0fb7a13a6b7b3b64d04

SHA512
3c0c43140276a307030fd660557394089c06d57d2fd771541326a9211d37105b1d3369f66400bd428fbc66ba051f852624ee18a1efe2c30386b4314273de5513

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe

Filesize
184KB

MD5
792e4e613ca100385521db42a3c8655e

SHA1
fce5d49820a3b981b2929962e96783ab32d42392

SHA256
b8024923adcfc34aa8962e002aec4a8184707332e72d825cbbcb0fd9fcb19239

SHA512
dd1083795c1a86cef8577efd077be989d92f105f0f50c04e0078e06049c1f257b2894c86b990d0f1d5d7b84dc427a49528b12a3ad1d51be642c83b6a07946b3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22585.exe

Filesize
184KB

MD5
97b497b20a0751c17b02bc93aa62ee4b

SHA1
1127cbcedeb441154781a4f65b4e7dbfd967adbe

SHA256
4bfb5cbc15764e659c08b89b8719eb8071f843e64c7ef53ede4ae81ff12ad5c2

SHA512
e2e15fd6bfe179794cef57e609ea04d14dce0d873d4b551357deda70f9456b0e75430680f445256e1cc9c12b69c24733ca70aa7b3e3ee3d0845c62630ff30f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32481.exe

Filesize
184KB

MD5
de1b84bf14f232e1c8ac1131502fb0eb

SHA1
0f1d6f607a2fabe953269edaf7ff8050c7d3f802

SHA256
e3e02f45a351307c84c669153b4c939c94c64412f8d15b59e474b4a38b21a43d

SHA512
5f4e7f8d1ba3489bfed1646ebc8b6e05f5a44083f916c18898526be71c5505b1076afd3bffe7618d3a052b196e224dca13e60f0a213a68d312634d5145261a9d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe

Filesize
184KB

MD5
694b9b4bfba5489de13d905a0a5190dc

SHA1
4a7021db22c6c06764808b028295f74e2ff8f275

SHA256
69e86cf220e4337cf82eaf341d91d6dff1c28a155464a962cf48b414f0ce3277

SHA512
f8e403f20600772175e2ce73467c89e81024b9f136d1f4419c531828d3851505e61cca23d51c6ca8c9445de5ef81d431b4cb7ff3a1285997d7461ad32f8340fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37138.exe

Filesize
184KB

MD5
4b2b98958a87bf32a8f3f6cf0fe0ef68

SHA1
6f76b1ae0be22ce36cd6c8d0f85ab32e0797f74e

SHA256
5e3c3b92f1f8a1116019beddbc43164ab1e900a28b5fcb41416c458f641e946e

SHA512
a2cc457dbb12d1bdd86e0b2e3218fb37e791686c934088f5c3d5a2b956dd642e8c81299bf3b4f5a925129608544b0438f42a4c5b20b63946845e4f94849b9aae

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37558.exe

Filesize
184KB

MD5
bf557da9442652bcc7b4429cc0716aef

SHA1
eb714a9ede9fa04596a2050117da9896544e33a3

SHA256
bfba189fb7423245c8e7296927876a93b42390f52e602677cf51f665af88d1e9

SHA512
4f66529c7d3c351e2921be86c484a26ffd5e89973dacd5f45b3782f0dc2f8ba1587a5b9463421cb59d09c65046b50d74a4fbbe77152527f01232353c1c0f69b3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe

Filesize
184KB

MD5
eb14f2cc7935bb4e29e3a58fa55d7c1a

SHA1
0210f91cc09b667d7a409bcfda46f84756d41c97

SHA256
bc12c6a655deeb1a13ac15d76f995cd02321c3c317572914f9478df40132991b

SHA512
c6cd04370057897e68da435e748958c49e616c583f71b0bd2ed744fd5fb60d212e5d32b8fbcf9ab57dfcc91e6477e433221f36d78f59b147657c90e3b6d948a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe

Filesize
184KB

MD5
3708a8f384421521f95837fc5c1783eb

SHA1
cf85144ba2f2fb074ed38bd14a08e2a55f915e4d

SHA256
a06613b7ddbbe15dac83650ae15bb2e10ee3dbd8ec795b6f5ac5d76aee9becb7

SHA512
5a99f97093baa639f74f0b0383966c78fba7bb5267254e9ba54347a3af7d96216efd955bbb3405e6854e1053ef38bad8814b4cbfb2437ac520f141188ab708e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6794.exe

Filesize
184KB

MD5
cdbe78a0054da82e0bd99e8b65842569

SHA1
e65e50d206f4417b150b33144174196866e19335

SHA256
fe2fb943e9d19140445b1b600e55489c9086248d6fff05241de80bad9c14a442

SHA512
69c810ddb07c43efe0e31d487704335b2789a3bbd2fec72920f62e60a0e1aee1ca676c2b6c0c4c7361ec668ebf7adb0d63394f2a04f91ba09f2ab3867f0f93c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15398.exe

Filesize
184KB

MD5
a3d66ec916103834cf71ec5e55311e53

SHA1
d39ed00caec5f5bcc23f3a17a78b014b661089cf

SHA256
e606d7f94d5a8753d1d7f69d2670f7bba615ccd39c4e9ddfef71b398c94c2c8c

SHA512
6e512b8e7ff3dffa588499b7f27106b89758200479f10be8592d79b12d5b9017f416c46d06806b13c30186cb2e93615bfe9419b17a860a2edfdb959523c28fd8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25046.exe

Filesize
184KB

MD5
c5662cdfc3563526cb6b73812ea82134

SHA1
b6c7f76ab4f1f57e87d758e0cbe8546668410ed4

SHA256
93e90ad84d918c490f7da4b755e8c55582eb3d38ce761b3987114d154520b5dd

SHA512
3fc613879fb183d88fcd9efe77adbcd01533a7c170faba8ac17f5f99a9c7f93ea0b25a78e66e36c4741172b9fdd46a0754704cab4d44c8c33da3824df6b2ae59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40183.exe

Filesize
184KB

MD5
bea64b3c042d537ef3b95ef99e4ee98d

SHA1
7a8cdc9165ae2d68304d811b7f5320aa35a812c6

SHA256
e53de19daba6744c280e83f718d0241037a0fbc630065791d0b75e9e6bb7eae0

SHA512
45b9a72f6c00aff556cf5a15d92655da37a7fa86280f66bf20b39feb45f3a60a917f33e3d5e9a4e531d26e4d61525e0fe370fc74a7d8828c4f8ce7565d19072f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41012.exe

Filesize
184KB

MD5
986dc99e2618fb1c73bafc94600f207b

SHA1
87d8bff7d183853f0cdbc8a2da99ca711a26bfb5

SHA256
ca7d5b8a547fb06f273f96eba4a53bc3ca74c4338e87272e12141911bd125190

SHA512
d9c72e1dddb659d4b72a6600a49a77a24f3c8891aa381442660f4b4dc1d2844d29f73d604f999b97b03e46a07f66475a36b78a7ae9d63c784eaca40aa24548ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe

Filesize
184KB

MD5
0430c78349c0738ca21100e028aeec88

SHA1
14b1361d69600f9a6f3c215f8050ad952a3db334

SHA256
1bbf7986c70f2bd23b2ee1c0f214550f3eece8d5aef7a14b079adc0e345b5038

SHA512
35a1f75551eb70d01d18391591b87b76c04e3b061d7b5ae592a56f8d7b5625ca5c245354ed009b9a737f8cafa311854fc87a87085a5bb579bc3ccdc045b33871

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48709.exe

Filesize
184KB

MD5
136c681e00957e8e5b7cc17cf57a7bc1

SHA1
29116678e656e44f5277c8c5a876fe79f4ba5811

SHA256
06964bd29b9cf8fc30117df95f7f27c75fbfeabee532131dbc73342b29a2ffd8

SHA512
342202da5542a8ee30fddd82e915a83c90231553ee0d109995276a741311f755ee2c4fad46b70f8e6999aa24c8543fb2dc12352f8186edc946a3b653bf46f26a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5367.exe

Filesize
184KB

MD5
bf170aa0e7487a5e8d38faec3c2a1456

SHA1
c598e7b12ceb85d0978519022c574c1209d668a6

SHA256
4db745ba5db3645589ff79d83b686ec0cf0d56f349aa009884eab9e01e8b447f

SHA512
1aaf9c4b635c8e1d77e79613de170bd098a52c4b4b9e42f53a1e79fb14bb90f5977bb90c41f81a2ae1ab9f2444ebae5b5d362019579dfe2d26256358f1070f9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56794.exe

Filesize
184KB

MD5
9a1152a4504a1f45aa343facb920d0b6

SHA1
efee769609e0ed603d180c99869fe98ade25c6c6

SHA256
5cca70c60626b1e6caa3b7daa09359b225c83943452cbf4fc585d793abf3e2bc

SHA512
f444c96f43bae98c26d768d9ffe64079f33621085f4597d12ac9aae1ccac18a0f6ef399c5bf6a87d3472f4e110d0b19c0644af733ff44fd289e18e936d70a1f2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59124.exe

Filesize
184KB

MD5
6dfe49f0f8b9e9ab63c4af25c0cd2a32

SHA1
97e90cebc885108501ac409bfc715c32154392c9

SHA256
0fc8e2e25a0dd7a2c5f594fdde481d0bcdd533725923d88db7d0bbe0aef14645

SHA512
f6949c1565637b46c25b414e988e9a88724e3b93dd7fa73fa4ffd932e23ce135901d0a9bbb970f5ac0f630d2e0c2c1fa33f923bb6fbe2a0102e728145aca64d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60961.exe

Filesize
184KB

MD5
e2d20a23fbd3bd75bda038bb4005a7d1

SHA1
087fd62cd470df9b8c26d148187d4b4b7d1eff48

SHA256
9535b09ee2b6ceb896de903140693c6ab9b48b3e545ffafe6c88822afab88491

SHA512
8b5abe382f787ec54052b30e2ea74610c79fdebe1ad113fbeb4d60f8e185b8b3d6e677bbcfcf45a26bc7724b2510f99fe237e962319a0c3336c087ff0ff9a96d

Download Submit