95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
Size

184KB
MD5

27da27319d195c61900074e8b6d65cce
SHA1

8265b168f501fe42e5b5efa827530dea0e55b633
SHA256

95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6
SHA512

88091d27a2b06ec5e615f90e137e057f91978d74415a953ff7a7fadbbf67e7bfd66ab9b2b35ca450c44bcd14982c24ed6c2e940f48789f9844d4f461ed3cb641
SSDEEP

1536:PBZW62Z/3rto5x1t4SFlSwMFM9yvZc86mdljIIR2VQetAhl5hj5nizpvg:ZjU3rtof74S6dFaWe0IIRtsAhlnViF4

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-9399.exeUnicorn-16125.exeUnicorn-35031.exeUnicorn-48060.exeUnicorn-30847.exeUnicorn-28194.exeUnicorn-32257.exeUnicorn-47550.exeUnicorn-44898.exeUnicorn-45474.exeUnicorn-13507.exeUnicorn-62727.exeUnicorn-29993.exeUnicorn-62499.exeUnicorn-8591.exeUnicorn-30569.exeUnicorn-43209.exeUnicorn-29033.exeUnicorn-46054.exeUnicorn-25378.exeUnicorn-6306.exeUnicorn-26172.exeUnicorn-58481.exeUnicorn-64905.exeUnicorn-49192.exeUnicorn-18871.exeUnicorn-34583.exeUnicorn-4397.exeUnicorn-17335.exeUnicorn-16026.exeUnicorn-32995.exeUnicorn-52913.exeUnicorn-25086.exeUnicorn-36487.exeUnicorn-33642.exeUnicorn-2444.exeUnicorn-38250.exeUnicorn-58692.exeUnicorn-51188.exeUnicorn-57156.exeUnicorn-12361.exeUnicorn-11001.exeUnicorn-39248.exeUnicorn-20639.exeUnicorn-62278.exeUnicorn-56217.exeUnicorn-7701.exeUnicorn-63404.exeUnicorn-28444.exeUnicorn-11998.exeUnicorn-55558.exeUnicorn-9886.exeUnicorn-7042.exeUnicorn-55206.exeUnicorn-22752.exeUnicorn-4142.exeUnicorn-49020.exeUnicorn-27922.exeUnicorn-47954.exeUnicorn-29973.exeUnicorn-29086.exeUnicorn-53076.exeUnicorn-38602.exeUnicorn-44519.exe

pid	process
1696	Unicorn-9399.exe
2924	Unicorn-16125.exe
3068	Unicorn-35031.exe
2628	Unicorn-48060.exe
2712	Unicorn-30847.exe
2484	Unicorn-28194.exe
1312	Unicorn-32257.exe
1640	Unicorn-47550.exe
2372	Unicorn-44898.exe
2156	Unicorn-45474.exe
1816	Unicorn-13507.exe
1976	Unicorn-62727.exe
1792	Unicorn-29993.exe
2904	Unicorn-62499.exe
2748	Unicorn-8591.exe
2004	Unicorn-30569.exe
308	Unicorn-43209.exe
2432	Unicorn-29033.exe
464	Unicorn-46054.exe
1496	Unicorn-25378.exe
1208	Unicorn-6306.exe
616	Unicorn-26172.exe
300	Unicorn-58481.exe
788	Unicorn-64905.exe
1680	Unicorn-49192.exe
2856	Unicorn-18871.exe
1668	Unicorn-34583.exe
1224	Unicorn-4397.exe
1592	Unicorn-17335.exe
2480	Unicorn-16026.exe
1960	Unicorn-32995.exe
2824	Unicorn-52913.exe
2412	Unicorn-25086.exe
2456	Unicorn-36487.exe
860	Unicorn-33642.exe
2812	Unicorn-2444.exe
2316	Unicorn-38250.exe
2000	Unicorn-58692.exe
2464	Unicorn-51188.exe
1484	Unicorn-57156.exe
1612	Unicorn-12361.exe
836	Unicorn-11001.exe
1948	Unicorn-39248.exe
2492	Unicorn-20639.exe
2336	Unicorn-62278.exe
2196	Unicorn-56217.exe
240	Unicorn-7701.exe
1660	Unicorn-63404.exe
268	Unicorn-28444.exe
2944	Unicorn-11998.exe
1704	Unicorn-55558.exe
2064	Unicorn-9886.exe
2756	Unicorn-7042.exe
1568	Unicorn-55206.exe
2836	Unicorn-22752.exe
1340	Unicorn-4142.exe
1748	Unicorn-49020.exe
2472	Unicorn-27922.exe
1092	Unicorn-47954.exe
1308	Unicorn-29973.exe
2648	Unicorn-29086.exe
2660	Unicorn-53076.exe
1812	Unicorn-38602.exe
1400	Unicorn-44519.exe

Loads dropped DLL 64 IoCs

Processes:

95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exeUnicorn-9399.exeUnicorn-35031.exeUnicorn-16125.exeWerFault.exeUnicorn-28194.exeUnicorn-48060.exeUnicorn-30847.exeWerFault.exeWerFault.exeUnicorn-13507.exeUnicorn-47550.exeUnicorn-45474.exeUnicorn-44898.exeUnicorn-32257.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
1696	Unicorn-9399.exe
1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
1696	Unicorn-9399.exe
3068	Unicorn-35031.exe
1696	Unicorn-9399.exe
2924	Unicorn-16125.exe
3068	Unicorn-35031.exe
2924	Unicorn-16125.exe
1696	Unicorn-9399.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2848	WerFault.exe
2484	Unicorn-28194.exe
2484	Unicorn-28194.exe
2628	Unicorn-48060.exe
3068	Unicorn-35031.exe
2628	Unicorn-48060.exe
3068	Unicorn-35031.exe
2712	Unicorn-30847.exe
2712	Unicorn-30847.exe
2924	Unicorn-16125.exe
2924	Unicorn-16125.exe
1240	WerFault.exe
1480	WerFault.exe
1240	WerFault.exe
1480	WerFault.exe
1240	WerFault.exe
1480	WerFault.exe
1240	WerFault.exe
1480	WerFault.exe
1240	WerFault.exe
1480	WerFault.exe
2712	Unicorn-30847.exe
1816	Unicorn-13507.exe
2712	Unicorn-30847.exe
1816	Unicorn-13507.exe
2628	Unicorn-48060.exe
1640	Unicorn-47550.exe
1640	Unicorn-47550.exe
2628	Unicorn-48060.exe
2156	Unicorn-45474.exe
2156	Unicorn-45474.exe
2372	Unicorn-44898.exe
2484	Unicorn-28194.exe
1312	Unicorn-32257.exe
2484	Unicorn-28194.exe
2372	Unicorn-44898.exe
1312	Unicorn-32257.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1156	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1552	WerFault.exe
1460	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2540	1908	WerFault.exe	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
2848	1696	WerFault.exe	Unicorn-9399.exe
1480	2924	WerFault.exe	Unicorn-16125.exe
1240	3068	WerFault.exe	Unicorn-35031.exe
1156	2484	WerFault.exe	Unicorn-28194.exe
1552	2628	WerFault.exe	Unicorn-48060.exe
1460	2712	WerFault.exe	Unicorn-30847.exe
2604	1816	WerFault.exe	Unicorn-13507.exe
2620	1640	WerFault.exe	Unicorn-47550.exe
2528	2156	WerFault.exe	Unicorn-45474.exe
1584	2372	WerFault.exe	Unicorn-44898.exe
2844	1312	WerFault.exe	Unicorn-32257.exe
948	1976	WerFault.exe	Unicorn-62727.exe
2956	1792	WerFault.exe	Unicorn-29993.exe
2900	2904	WerFault.exe	Unicorn-62499.exe
2160	2748	WerFault.exe	Unicorn-8591.exe
1912	2004	WerFault.exe	Unicorn-30569.exe
1716	308	WerFault.exe	Unicorn-43209.exe
2720	464	WerFault.exe	Unicorn-46054.exe
2632	2432	WerFault.exe	Unicorn-29033.exe
2636	616	WerFault.exe	Unicorn-26172.exe
2992	1208	WerFault.exe	Unicorn-6306.exe
3032	300	WerFault.exe	Unicorn-58481.exe
1728	1960	WerFault.exe	Unicorn-32995.exe
2996	1496	WerFault.exe	Unicorn-25378.exe
2376	788	WerFault.exe	Unicorn-64905.exe
3060	2480	WerFault.exe	Unicorn-16026.exe
1868	2856	WerFault.exe	Unicorn-18871.exe
2948	2316	WerFault.exe	Unicorn-38250.exe
2224	2944	WerFault.exe	Unicorn-11998.exe
2704	836	WerFault.exe	Unicorn-11001.exe
2380	1484	WerFault.exe	Unicorn-57156.exe
2968	2064	WerFault.exe	Unicorn-9886.exe
2516	1948	WerFault.exe	Unicorn-39248.exe
3156	2000	WerFault.exe	Unicorn-58692.exe
3324	1612	WerFault.exe	Unicorn-12361.exe
3364	1568	WerFault.exe	Unicorn-55206.exe
3436	1668	WerFault.exe	Unicorn-34583.exe
3488	2456	WerFault.exe	Unicorn-36487.exe
3660	2492	WerFault.exe	Unicorn-20639.exe
3676	860	WerFault.exe	Unicorn-33642.exe
3792	1704	WerFault.exe	Unicorn-55558.exe
3808	2464	WerFault.exe	Unicorn-51188.exe
3816	2812	WerFault.exe	Unicorn-2444.exe
3872	1680	WerFault.exe	Unicorn-49192.exe
3912	2824	WerFault.exe	Unicorn-52913.exe
3948	1660	WerFault.exe	Unicorn-63404.exe
3980	1224	WerFault.exe	Unicorn-4397.exe
3988	936	WerFault.exe	Unicorn-31458.exe
3996	2196	WerFault.exe	Unicorn-56217.exe
4020	268	WerFault.exe	Unicorn-28444.exe
4052	240	WerFault.exe	Unicorn-7701.exe
4060	2336	WerFault.exe	Unicorn-62278.exe
4068	1592	WerFault.exe	Unicorn-17335.exe
3372	2836	WerFault.exe	Unicorn-22752.exe
3452	1748	WerFault.exe	Unicorn-49020.exe
3460	1308	WerFault.exe	Unicorn-29973.exe
3536	1092	WerFault.exe	Unicorn-47954.exe
3776	2412	WerFault.exe	Unicorn-25086.exe
3840	2660	WerFault.exe	Unicorn-53076.exe
3136	2756	WerFault.exe	Unicorn-7042.exe
3400	2076	WerFault.exe	Unicorn-56972.exe
3428	2472	WerFault.exe	Unicorn-27922.exe
3688	1540	WerFault.exe	Unicorn-19033.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exeUnicorn-9399.exeUnicorn-16125.exeUnicorn-35031.exeUnicorn-30847.exeUnicorn-48060.exeUnicorn-28194.exeUnicorn-32257.exeUnicorn-47550.exeUnicorn-45474.exeUnicorn-44898.exeUnicorn-13507.exeUnicorn-62727.exeUnicorn-29993.exeUnicorn-62499.exeUnicorn-8591.exeUnicorn-30569.exeUnicorn-46054.exeUnicorn-43209.exeUnicorn-29033.exeUnicorn-25378.exeUnicorn-6306.exeUnicorn-26172.exeUnicorn-58481.exeUnicorn-64905.exeUnicorn-49192.exeUnicorn-18871.exeUnicorn-34583.exeUnicorn-17335.exeUnicorn-4397.exeUnicorn-32995.exeUnicorn-16026.exeUnicorn-52913.exeUnicorn-25086.exeUnicorn-36487.exeUnicorn-33642.exeUnicorn-2444.exeUnicorn-38250.exeUnicorn-58692.exeUnicorn-51188.exeUnicorn-57156.exeUnicorn-12361.exeUnicorn-11001.exeUnicorn-20639.exeUnicorn-39248.exeUnicorn-62278.exeUnicorn-56217.exeUnicorn-7701.exeUnicorn-63404.exeUnicorn-28444.exeUnicorn-11998.exeUnicorn-9886.exeUnicorn-55558.exeUnicorn-7042.exeUnicorn-55206.exeUnicorn-22752.exeUnicorn-4142.exeUnicorn-49020.exeUnicorn-27922.exeUnicorn-47954.exeUnicorn-29973.exeUnicorn-29086.exeUnicorn-53076.exeUnicorn-38602.exe

pid	process
1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
1696	Unicorn-9399.exe
2924	Unicorn-16125.exe
3068	Unicorn-35031.exe
2712	Unicorn-30847.exe
2628	Unicorn-48060.exe
2484	Unicorn-28194.exe
1312	Unicorn-32257.exe
1640	Unicorn-47550.exe
2156	Unicorn-45474.exe
2372	Unicorn-44898.exe
1816	Unicorn-13507.exe
1976	Unicorn-62727.exe
1792	Unicorn-29993.exe
2904	Unicorn-62499.exe
2748	Unicorn-8591.exe
2004	Unicorn-30569.exe
464	Unicorn-46054.exe
308	Unicorn-43209.exe
2432	Unicorn-29033.exe
1496	Unicorn-25378.exe
1208	Unicorn-6306.exe
616	Unicorn-26172.exe
300	Unicorn-58481.exe
788	Unicorn-64905.exe
1680	Unicorn-49192.exe
2856	Unicorn-18871.exe
1668	Unicorn-34583.exe
1592	Unicorn-17335.exe
1224	Unicorn-4397.exe
1960	Unicorn-32995.exe
2480	Unicorn-16026.exe
2824	Unicorn-52913.exe
2412	Unicorn-25086.exe
2456	Unicorn-36487.exe
860	Unicorn-33642.exe
2812	Unicorn-2444.exe
2316	Unicorn-38250.exe
2000	Unicorn-58692.exe
2464	Unicorn-51188.exe
1484	Unicorn-57156.exe
1612	Unicorn-12361.exe
836	Unicorn-11001.exe
2492	Unicorn-20639.exe
1948	Unicorn-39248.exe
2336	Unicorn-62278.exe
2196	Unicorn-56217.exe
240	Unicorn-7701.exe
1660	Unicorn-63404.exe
268	Unicorn-28444.exe
2944	Unicorn-11998.exe
2064	Unicorn-9886.exe
1704	Unicorn-55558.exe
2756	Unicorn-7042.exe
1568	Unicorn-55206.exe
2836	Unicorn-22752.exe
1340	Unicorn-4142.exe
1748	Unicorn-49020.exe
2472	Unicorn-27922.exe
1092	Unicorn-47954.exe
1308	Unicorn-29973.exe
2648	Unicorn-29086.exe
2660	Unicorn-53076.exe
1812	Unicorn-38602.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exeUnicorn-9399.exeUnicorn-35031.exeUnicorn-16125.exeUnicorn-28194.exeUnicorn-48060.exeUnicorn-30847.exe

description	pid	process	target process
PID 1908 wrote to memory of 1696	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-9399.exe
PID 1908 wrote to memory of 1696	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-9399.exe
PID 1908 wrote to memory of 1696	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-9399.exe
PID 1908 wrote to memory of 1696	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-9399.exe
PID 1908 wrote to memory of 2924	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-16125.exe
PID 1908 wrote to memory of 2924	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-16125.exe
PID 1908 wrote to memory of 2924	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-16125.exe
PID 1908 wrote to memory of 2924	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	Unicorn-16125.exe
PID 1696 wrote to memory of 3068	1696	Unicorn-9399.exe	Unicorn-35031.exe
PID 1696 wrote to memory of 3068	1696	Unicorn-9399.exe	Unicorn-35031.exe
PID 1696 wrote to memory of 3068	1696	Unicorn-9399.exe	Unicorn-35031.exe
PID 1696 wrote to memory of 3068	1696	Unicorn-9399.exe	Unicorn-35031.exe
PID 1908 wrote to memory of 2540	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	WerFault.exe
PID 1908 wrote to memory of 2540	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	WerFault.exe
PID 1908 wrote to memory of 2540	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	WerFault.exe
PID 1908 wrote to memory of 2540	1908	95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe	WerFault.exe
PID 3068 wrote to memory of 2628	3068	Unicorn-35031.exe	Unicorn-48060.exe
PID 3068 wrote to memory of 2628	3068	Unicorn-35031.exe	Unicorn-48060.exe
PID 3068 wrote to memory of 2628	3068	Unicorn-35031.exe	Unicorn-48060.exe
PID 3068 wrote to memory of 2628	3068	Unicorn-35031.exe	Unicorn-48060.exe
PID 2924 wrote to memory of 2712	2924	Unicorn-16125.exe	Unicorn-30847.exe
PID 2924 wrote to memory of 2712	2924	Unicorn-16125.exe	Unicorn-30847.exe
PID 2924 wrote to memory of 2712	2924	Unicorn-16125.exe	Unicorn-30847.exe
PID 2924 wrote to memory of 2712	2924	Unicorn-16125.exe	Unicorn-30847.exe
PID 1696 wrote to memory of 2484	1696	Unicorn-9399.exe	Unicorn-28194.exe
PID 1696 wrote to memory of 2484	1696	Unicorn-9399.exe	Unicorn-28194.exe
PID 1696 wrote to memory of 2484	1696	Unicorn-9399.exe	Unicorn-28194.exe
PID 1696 wrote to memory of 2484	1696	Unicorn-9399.exe	Unicorn-28194.exe
PID 1696 wrote to memory of 2848	1696	Unicorn-9399.exe	WerFault.exe
PID 1696 wrote to memory of 2848	1696	Unicorn-9399.exe	WerFault.exe
PID 1696 wrote to memory of 2848	1696	Unicorn-9399.exe	WerFault.exe
PID 1696 wrote to memory of 2848	1696	Unicorn-9399.exe	WerFault.exe
PID 2484 wrote to memory of 1312	2484	Unicorn-28194.exe	Unicorn-32257.exe
PID 2484 wrote to memory of 1312	2484	Unicorn-28194.exe	Unicorn-32257.exe
PID 2484 wrote to memory of 1312	2484	Unicorn-28194.exe	Unicorn-32257.exe
PID 2484 wrote to memory of 1312	2484	Unicorn-28194.exe	Unicorn-32257.exe
PID 2628 wrote to memory of 1640	2628	Unicorn-48060.exe	Unicorn-47550.exe
PID 2628 wrote to memory of 1640	2628	Unicorn-48060.exe	Unicorn-47550.exe
PID 2628 wrote to memory of 1640	2628	Unicorn-48060.exe	Unicorn-47550.exe
PID 2628 wrote to memory of 1640	2628	Unicorn-48060.exe	Unicorn-47550.exe
PID 3068 wrote to memory of 2372	3068	Unicorn-35031.exe	Unicorn-44898.exe
PID 3068 wrote to memory of 2372	3068	Unicorn-35031.exe	Unicorn-44898.exe
PID 3068 wrote to memory of 2372	3068	Unicorn-35031.exe	Unicorn-44898.exe
PID 3068 wrote to memory of 2372	3068	Unicorn-35031.exe	Unicorn-44898.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-30847.exe	Unicorn-13507.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-30847.exe	Unicorn-13507.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-30847.exe	Unicorn-13507.exe
PID 2712 wrote to memory of 1816	2712	Unicorn-30847.exe	Unicorn-13507.exe
PID 2924 wrote to memory of 2156	2924	Unicorn-16125.exe	Unicorn-45474.exe
PID 2924 wrote to memory of 2156	2924	Unicorn-16125.exe	Unicorn-45474.exe
PID 2924 wrote to memory of 2156	2924	Unicorn-16125.exe	Unicorn-45474.exe
PID 2924 wrote to memory of 2156	2924	Unicorn-16125.exe	Unicorn-45474.exe
PID 2924 wrote to memory of 1480	2924	Unicorn-16125.exe	WerFault.exe
PID 2924 wrote to memory of 1480	2924	Unicorn-16125.exe	WerFault.exe
PID 2924 wrote to memory of 1480	2924	Unicorn-16125.exe	WerFault.exe
PID 2924 wrote to memory of 1480	2924	Unicorn-16125.exe	WerFault.exe
PID 3068 wrote to memory of 1240	3068	Unicorn-35031.exe	WerFault.exe
PID 3068 wrote to memory of 1240	3068	Unicorn-35031.exe	WerFault.exe
PID 3068 wrote to memory of 1240	3068	Unicorn-35031.exe	WerFault.exe
PID 3068 wrote to memory of 1240	3068	Unicorn-35031.exe	WerFault.exe
PID 2712 wrote to memory of 1976	2712	Unicorn-30847.exe	Unicorn-62727.exe
PID 2712 wrote to memory of 1976	2712	Unicorn-30847.exe	Unicorn-62727.exe
PID 2712 wrote to memory of 1976	2712	Unicorn-30847.exe	Unicorn-62727.exe
PID 2712 wrote to memory of 1976	2712	Unicorn-30847.exe	Unicorn-62727.exe

C:\Users\Admin\AppData\Local\Temp\95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe
"C:\Users\Admin\AppData\Local\Temp\95212114ce0c12648c0fe404b2fb47685908c47834b8f3d0f71256faf48f58d6.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-9399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9399.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26172.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22752.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27011.exe
10⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53274.exe
11⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46755.exe
12⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31956.exe
13⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17566.exe
14⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
14⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
13⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
12⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 216
11⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
10⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4649.exe
9⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
10⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20472.exe
11⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19508.exe
12⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24238.exe
13⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
13⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 236
12⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
11⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 216
10⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
9⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1663.exe
9⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42200.exe
10⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15395.exe
11⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60851.exe
12⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37715.exe
13⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 236
13⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 236
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
10⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
9⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
8⤵
- Program crash
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47954.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20989.exe
9⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
10⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58031.exe
11⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17315.exe
12⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6503.exe
13⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
13⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
12⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
11⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 216
10⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
9⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52322.exe
8⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60370.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26370.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
11⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
12⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
12⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
11⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 236
9⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
8⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
7⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6306.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25086.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13308.exe
9⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8662.exe
10⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14153.exe
11⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33959.exe
12⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23323.exe
13⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
13⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
12⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
11⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
10⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21303.exe
9⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46411.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
11⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
12⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
12⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
11⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
10⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 220
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59883.exe
8⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39344.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18408.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37856.exe
12⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 236
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 236
9⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
8⤵
- Program crash
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56972.exe
8⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23380.exe
9⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
11⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64927.exe
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 216
10⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
9⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22315.exe
8⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4938.exe
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
9⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
7⤵
- Program crash
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
6⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17335.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9589.exe
8⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20868.exe
9⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30389.exe
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42097.exe
11⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20259.exe
12⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 236
12⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 236
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 236
9⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
8⤵
- Program crash
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-19038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19038.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
9⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 300
10⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
9⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
7⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63404.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20991.exe
7⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26718.exe
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49965.exe
9⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-45018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45018.exe
10⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
11⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 236
11⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
9⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 216
8⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 236
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
6⤵
- Program crash
PID:1716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29033.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9886.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe
8⤵
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
10⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2288.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
12⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
11⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
10⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 216
9⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 236
8⤵
- Program crash
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18146.exe
7⤵
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59975.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33850.exe
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52463.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39270.exe
12⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
12⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
10⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3075.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13398.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
11⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
11⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 220
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 236
8⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
7⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7042.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
7⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32863.exe
8⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36913.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61986.exe
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65504.exe
12⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 236
12⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
11⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
10⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
9⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61228.exe
7⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44025.exe
8⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8498.exe
10⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60464.exe
11⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 236
11⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
9⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 236
8⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
7⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
6⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-16026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16026.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7701.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-23487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23487.exe
7⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5214.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55687.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50986.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6344.exe
11⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
11⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 236
10⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
9⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
8⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
7⤵
- Program crash
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11592.exe
6⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40474.exe
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52628.exe
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43175.exe
9⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18715.exe
10⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
10⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
9⤵
PID:1144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
8⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
7⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
6⤵
- Program crash
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
5⤵
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:464

C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11998.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-300.exe
8⤵
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33308.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37150.exe
11⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47746.exe
12⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
12⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
11⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 236
9⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
8⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32406.exe
7⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
8⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43032.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
10⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56740.exe
11⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 236
11⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
7⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55558.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44519.exe
7⤵
- Executes dropped EXE
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30977.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5064.exe
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8730.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15932.exe
11⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51781.exe
12⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
12⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 236
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
10⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30584.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38890.exe
10⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56246.exe
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 240
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
8⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
7⤵
- Program crash
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 464 -s 240
6⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20639.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25962.exe
7⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14027.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6838.exe
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28354.exe
11⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 236
11⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
10⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
9⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
8⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
7⤵
- Program crash
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19033.exe
6⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42705.exe
7⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60484.exe
8⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62941.exe
9⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20009.exe
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
10⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
9⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
8⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
7⤵
- Program crash
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
6⤵
- Program crash
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
5⤵
- Program crash
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8591.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49192.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18858.exe
7⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21666.exe
10⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50209.exe
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
11⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
9⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 216
8⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
7⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe
6⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8736.exe
7⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-27132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27132.exe
8⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5355.exe
9⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
10⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
10⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
9⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
8⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
7⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
6⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58580.exe
7⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe
8⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20294.exe
9⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3915.exe
10⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4397.exe
11⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
10⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
9⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 216
7⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
6⤵
- Program crash
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
5⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-30847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30847.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39248.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
8⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15648.exe
9⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26915.exe
10⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
12⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
13⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 236
13⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
12⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
11⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
10⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
9⤵
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
8⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26641.exe
7⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49135.exe
8⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46987.exe
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
12⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
11⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
9⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
8⤵
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
7⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21157.exe
7⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29842.exe
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58709.exe
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 320
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 236
9⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
8⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
7⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
6⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22693.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15771.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51410.exe
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27784.exe
10⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61512.exe
11⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
11⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
8⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 236
7⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-715.exe
6⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
7⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32725.exe
8⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-318.exe
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 236
10⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
9⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
8⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
7⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
6⤵
- Program crash
PID:3436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
5⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25378.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29086.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48054.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36659.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63449.exe
10⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
11⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
12⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
12⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 236
11⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
10⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 236
8⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
7⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
7⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31772.exe
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23679.exe
9⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
10⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
9⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
8⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
7⤵
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
6⤵
- Program crash
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55206.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61629.exe
7⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16676.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16578.exe
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
10⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6652.exe
11⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10313.exe
12⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
11⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 236
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
9⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
8⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
7⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58209.exe
6⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
8⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
10⤵
PID:3480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 236
9⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
8⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 216
7⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
6⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
5⤵
- Program crash
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62499.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58481.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58692.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29973.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20029.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27739.exe
10⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42905.exe
11⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
12⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 236
12⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 236
11⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
9⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 236
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15840.exe
7⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62192.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43311.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23726.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42300.exe
11⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
12⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
11⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
8⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
7⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53076.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50652.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12770.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19581.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47791.exe
11⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 236
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
8⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
7⤵
- Program crash
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
6⤵
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51188.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8940.exe
6⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56922.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4710.exe
8⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
9⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50092.exe
10⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 236
10⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 236
9⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
8⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
7⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
6⤵
- Program crash
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
5⤵
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64905.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57156.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15734.exe
6⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62435.exe
7⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62472.exe
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15422.exe
9⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27641.exe
10⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
10⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 236
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
8⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
7⤵
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
6⤵
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44384.exe
5⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49690.exe
6⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14681.exe
7⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27347.exe
8⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18263.exe
9⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 236
9⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
8⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
7⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
6⤵
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
5⤵
- Program crash
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
4⤵
- Program crash
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
2⤵
- Program crash
PID:2540

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13507.exe

Filesize
184KB

MD5
07df87bcfc20d7731fc29552ff4a459a

SHA1
8593ea197c19ef275395179cd8ec96be8f899af2

SHA256
bfa5a6ff42efca5f6f88faf9b26657a05bc3ab296a6f51808c53613b18613b0f

SHA512
01b08f8fc3eb8239e459a260dbe51f71dd6b8f695490d5286a4d455ce6ab40cbe4830aa71befb66251aa375aac4ec58668eff25d0d1e10c00a9c37bfe42b9a65

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23270.exe

Filesize
184KB

MD5
ee408c48dd9c4445fb8b293b2250da3c

SHA1
d2a8afd40bf623e30b1dbb2d6d521b63b6923796

SHA256
23c225a342b6362d05b681c5e235da3d2aa22ebbddf54d4ab76ea2a2ef01d717

SHA512
edca0c126cde0eadc202887246ad875e0d8801bbcbd3f834b0081ea26e50b662fd9a01dd3dcbca86d52ce0a75e5678770fd6219c13134781b5f8a2cbb5eb580a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40735.exe

Filesize
184KB

MD5
334bc65902d675a8fddd5efe25330578

SHA1
38df901de2c584a389c7f7a750acf21c9f6390a8

SHA256
8b4f1c492685c26ec2eaeb7a381e2c1bfc8bb2a2e39d8145ec299cf68ce4818c

SHA512
9fd7c0a5ff528d65c4b0b2bc02d7fc1c2dcd0f1f6049dc1be96517e19dd33f84811c8b096f541595e245f90da5f57384a3070761725ffdfaab27f0c28ed5086f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48060.exe

Filesize
184KB

MD5
793feaa562b017963b71d67e53f80aa8

SHA1
924c12b304d7c52de8c7a4076fe14652d63dbabe

SHA256
dd7f6384b925a88fd44aa4ecf76ba037ecdb936cb695f3125d95d247634f3375

SHA512
18f9199bb1b89db82d9bb239812157b105ffbe6c651903f657d7d271eac8b7d1199b6b94512f713d3022a1f2bcc3b2c0d2800f3c7a17cf23d6de6316a6320ab6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe

Filesize
184KB

MD5
475cb147a8881e12b766da26285a1729

SHA1
174bca1d032557ca72f7f1cdaf2e3ec8c44396cd

SHA256
7b483b1a46f6ba5085839ded531ae41f940ffd0a9d22f517cb740c86fbbea316

SHA512
9e3dbb4622c69637bb67af282919f13189de46238cd6f1a32d15349ee53654c951f72bcc4da5c0554084fee61ec1662f6ba0475728db7df0273fd77f7cd205d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56569.exe

Filesize
184KB

MD5
537b638a6700e536adfaecf7e49551ad

SHA1
79e080bfc2466d1990c70b6e5e1c4c301863cb12

SHA256
b5ed842356777c2a745c8cd6b0be2be27fd00d4351e76b919c5f07fb7f12fb55

SHA512
34904d7f19afaf8e880377e3607a5e9816a3c928e2a1bdb8ce89543127cb8e1282b914007161caa26db65a7d397f84aafe29ace9f5799e41bd8faf10e7b0f4ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58179.exe

Filesize
184KB

MD5
af98557b17a71897e61f7664057cd5d9

SHA1
27933b323372aec875299f01edf8fe2061f16990

SHA256
a8bd0e6243f20c9869a3972e1694a3951be6ae4f27dded83c3725495170e3856

SHA512
21a9bc64d93b6336b97cbc04e0f41b83e6051163317fbdd9162643d2b980963f9b5b83202add02dec9f221a540488b0c6b84f7af48638affd6410c01eabe97b9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16125.exe

Filesize
184KB

MD5
1fecd838d12d8f4a8ad495d5fa64918a

SHA1
c4e2c8d0d0779360db79dc755e421ac3f2d7de07

SHA256
ad6c346294da11ad3599c442b00d68724f735ed0addaea85d0751f2daba703d0

SHA512
217ae6a4f7f1454d2c180592d576af264634a5089d7001d58ba928880b3ea6e4a47d9681ecf69515f598f5650e73115926e94cd6fed0ae752149209d99f3a672

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe

Filesize
184KB

MD5
362f0cb7c7a5cdf32a9a775ccebf2814

SHA1
1028709f7c8f9185dd4394d71bb6cab6b711732c

SHA256
a8ec7192f8b04eff5963d49074c275d77209db6fb0d9241b4435487f10724feb

SHA512
4ad42e1682e5da6f76f77d9c0e5c2318ed20ca9d4ac2018a5d7afce77b70fd04bd18ff9a15391afd0e17443b8b8633b71a95858e7084acf561617194ccb83393

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29993.exe

Filesize
184KB

MD5
08eff925f3633797e12050ea988cf7a4

SHA1
7a92eca94a4528bc5e64be6b4452e3c90944e700

SHA256
7f71230313c7b0ab4fc030b1cc18180ab08cc26702db07510860aeaf0520e3f4

SHA512
af73ed96ac2ef0165ec239f2e003365784d794ca1e5943c3b3e54500d9fb049c3e4a8912ecf77af081de54c94d99578f8d42152e0890759c9a9ca5cb2904ec85

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30569.exe

Filesize
184KB

MD5
ee4bd9c99ec654e870894bb660ef64fe

SHA1
6a76794f684fc27c7231d6e4dcf95ec7ab2c1498

SHA256
61584b91490c96f1af205aa94c283f44071c27f85c19f1f2dc3f4fdadc63bb84

SHA512
b3a5eb260c8d4afa599db0676860eb9569e3259c8513ba096f9db06d2fc84f2cf8548ee5f33aca8add42f77c557790483518057b868baa82f47f83e1159a3dcc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30847.exe

Filesize
184KB

MD5
a475c2b3483ffa3e3937b82642d34de9

SHA1
6a7628e93c02e4e919dff231b0d0f06170984825

SHA256
9da3dd71411f58833890a9f9d5707b75f45059609ff730808bbb48e3535ec7a1

SHA512
bf7cbf42a930045aa09acdb8b797584af73938dfd276733df5d69b5bfc7952f88e689810cb35996387100cdfa9e40ddd9113d1962a1518e448e434e4295d5e2d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe

Filesize
184KB

MD5
5b5b848ce697d812dbe960ade47d49e5

SHA1
0438dc53a1f25fa38d146f5c35828cd908e3e32e

SHA256
560a5ef93127d98617a93d855cdf3745f4b7b4d49a708a2ab21b8ced5c1f7080

SHA512
38277ab28409f779003bf1b815541c66d36d000e68e093b390427cce809383f1df84a761b88776b1abe94e5799cfbf44dfa06f748ad35aac4e91886f4858bf68

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35031.exe

Filesize
184KB

MD5
3a10dbeb775e0f3e489937b19028486b

SHA1
268232474ba1db291678a3501b7b18b804c8a880

SHA256
e3becb9713b61b1cb4379c67e99e2a61b9dedfa70bffc92770255b3ee690d99f

SHA512
2d9915d6d1e9234f3de99970d3b132392b319027ea7213337d79f724d229cc311f06f2f89cfb2639f942da34bdd65b7abe1d305c850354825994725dba81a6e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43209.exe

Filesize
184KB

MD5
5b1ae045e6a2b0cd5345024e10d21c4d

SHA1
72cea9d85f7f84aa4e74a3543007e76654f5fa84

SHA256
eab15262668db65dbeddb0e33c6deeadf723ee95daf26a926c53f2f5139c105c

SHA512
33c55e4a123e95a5db43c545f7ab10eccaf19e19fd5942f03694f05382579498709a3b7caea9c0ebf0f443391bffaaeab13f4e4d97ec001c789453e9cb2c04ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44898.exe

Filesize
184KB

MD5
52b8aea0da2c0154a1114685c9e35d17

SHA1
58c5f33c7f7d8b05798d0151c818c9f8c87aefe5

SHA256
e7b61185677667a20bfd81f8a4263a654a8424900f2fdf0ee0437cea448023bd

SHA512
84137ae92622ba2967265fda4cfcd35f1a6e7d77ed9e4f1c7eab1cde1b6f8700f1a5372fe2122c5f4cd4e4f9b63fd73757a7adbee0784dc0e9851ec5b2cf60da

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45474.exe

Filesize
184KB

MD5
0d26f9f684fa8c4f6e5e49650a3eb44e

SHA1
5edbfdd10b7f93e0240cf359a66fd57c59c1b906

SHA256
c73406f0b2daa6247c57cb7e0304eb7bfe8358737c467c71ae60f199499cfc3a

SHA512
ecaa395616177d5bf1583c849afd73179b6425f16e9676baea016fa3a14b4a4f1523b8ecc66d21feca0bd60269cb002fa5ba5e9dad3bcfba478da76f5273fbf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47550.exe

Filesize
184KB

MD5
46b538a4b898272131283df53b3b3f11

SHA1
2faa6eb08ba1bcd6820eb8ac967bcc2abc23987f

SHA256
4a2fd381ac066bfa140b87bf7b2d58a3d490fa53dbe6ee708a27b18ac9da35be

SHA512
f111d15d9351953c152b8a31dc62aa8c0d0ae739fcc0f05c9cfc34ef9df9192f1dbaa52000e3b1ab1021e20992c777b92281131ae970fc852652337b29a09334

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62727.exe

Filesize
184KB

MD5
3864df7cad91469924f7dca226a4dbfb

SHA1
25b796c51365f11de3e8e0647c742fdd9e0e2e36

SHA256
5f1c2212dff5136a47e825342b5c3752047f3abdfa753d94e5a3e96dcc710626

SHA512
56a1fb629857624e5e37eb7a8a165dd3ce0bab2c9cd5a2f51e212e9b22f4f32808fdb92fd9529e2926835f2a13ddf353c7f3607918ef7fa8af382104640dccf6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9399.exe

Filesize
184KB

MD5
640c5484e16ec980a91e86fceb74a1ea

SHA1
1f451113f1f1489e6294ca5f2e02ada617ce0fcd

SHA256
b0a40012a3c7812ecc2e7fcb4e6da93771015691bbcdc5b2ff9c611b4ac9a7da

SHA512
d9879a2d3dcd2169fb0729de76a672e17dfce6d642a4b4083e25d3a4a72f5eb3d5469085c60f190aa158bff44636fb175893b60cfcf91287a5af7142aab70221

Download Submit