91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
Size

184KB
MD5

3cdebaafd26b7ed337362003444871bd
SHA1

374d1e182e68e4e4a5b1c7c02698ea1793cf3dcc
SHA256

91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119
SHA512

7f7b53db866b567e8d1217af9d344f728e2a534aff166e88884efeef6470b5f7a71d0362bae0e83056794d595b3ef52f76088d7dd292e797510b44d1ba9c437b
SSDEEP

3072:xCedJ8oT74hTdTaWelU4RrsmhlnViFln3:xCZo6JTag4FsmhlnViFl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-23986.exeUnicorn-3357.exeUnicorn-49029.exeUnicorn-6685.exeUnicorn-26551.exeUnicorn-48424.exeUnicorn-3758.exeUnicorn-22944.exeUnicorn-29559.exeUnicorn-55434.exeUnicorn-49425.exeUnicorn-34980.exeUnicorn-31974.exeUnicorn-55862.exeUnicorn-31908.exeUnicorn-58934.exeUnicorn-39068.exeUnicorn-56578.exeUnicorn-17212.exeUnicorn-48028.exeUnicorn-21857.exeUnicorn-63513.exeUnicorn-53648.exeUnicorn-11141.exeUnicorn-31412.exeUnicorn-11546.exeUnicorn-21791.exeUnicorn-64670.exeUnicorn-51505.exeUnicorn-60846.exeUnicorn-28043.exeUnicorn-46481.exeUnicorn-48245.exeUnicorn-55173.exeUnicorn-65266.exeUnicorn-19595.exeUnicorn-23316.exeUnicorn-56050.exeUnicorn-10378.exeUnicorn-64514.exeUnicorn-2926.exeUnicorn-39813.exeUnicorn-9859.exeUnicorn-17312.exeUnicorn-40341.exeUnicorn-29097.exeUnicorn-43674.exeUnicorn-43674.exeUnicorn-18572.exeUnicorn-53767.exeUnicorn-50991.exeUnicorn-52736.exeUnicorn-56685.exeUnicorn-52129.exeUnicorn-24195.exeUnicorn-11423.exeUnicorn-39338.exeUnicorn-42410.exeUnicorn-52503.exeUnicorn-63152.exeUnicorn-15404.exeUnicorn-15404.exeUnicorn-15404.exeUnicorn-15404.exe

pid	process
2120	Unicorn-23986.exe
2700	Unicorn-3357.exe
2696	Unicorn-49029.exe
2544	Unicorn-6685.exe
2400	Unicorn-26551.exe
2076	Unicorn-48424.exe
2916	Unicorn-3758.exe
2988	Unicorn-22944.exe
1484	Unicorn-29559.exe
2680	Unicorn-55434.exe
2740	Unicorn-49425.exe
2208	Unicorn-34980.exe
2052	Unicorn-31974.exe
1992	Unicorn-55862.exe
688	Unicorn-31908.exe
1056	Unicorn-58934.exe
584	Unicorn-39068.exe
1908	Unicorn-56578.exe
652	Unicorn-17212.exe
1724	Unicorn-48028.exe
1480	Unicorn-21857.exe
292	Unicorn-63513.exe
1868	Unicorn-53648.exe
932	Unicorn-11141.exe
2368	Unicorn-31412.exe
1592	Unicorn-11546.exe
1936	Unicorn-21791.exe
1116	Unicorn-64670.exe
2312	Unicorn-51505.exe
1948	Unicorn-60846.exe
2732	Unicorn-28043.exe
856	Unicorn-46481.exe
2612	Unicorn-48245.exe
2532	Unicorn-55173.exe
2424	Unicorn-65266.exe
2964	Unicorn-19595.exe
2152	Unicorn-23316.exe
2948	Unicorn-56050.exe
2676	Unicorn-10378.exe
2472	Unicorn-64514.exe
2504	Unicorn-2926.exe
2768	Unicorn-39813.exe
1532	Unicorn-9859.exe
1248	Unicorn-17312.exe
1192	Unicorn-40341.exe
2004	Unicorn-29097.exe
1188	Unicorn-43674.exe
2880	Unicorn-43674.exe
2204	Unicorn-18572.exe
1864	Unicorn-53767.exe
796	Unicorn-50991.exe
1012	Unicorn-52736.exe
1324	Unicorn-56685.exe
720	Unicorn-52129.exe
1952	Unicorn-24195.exe
2728	Unicorn-11423.exe
3064	Unicorn-39338.exe
3016	Unicorn-42410.exe
2600	Unicorn-52503.exe
2568	Unicorn-63152.exe
2580	Unicorn-15404.exe
3012	Unicorn-15404.exe
2960	Unicorn-15404.exe
384	Unicorn-15404.exe

Loads dropped DLL 64 IoCs

Processes:

91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exeUnicorn-23986.exeUnicorn-3357.exeUnicorn-49029.exeWerFault.exeUnicorn-6685.exeUnicorn-48424.exeUnicorn-26551.exeWerFault.exeWerFault.exeUnicorn-3758.exeUnicorn-29559.exeUnicorn-55434.exeUnicorn-49425.exeUnicorn-22944.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
2120	Unicorn-23986.exe
2120	Unicorn-23986.exe
2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
2120	Unicorn-23986.exe
2120	Unicorn-23986.exe
2700	Unicorn-3357.exe
2700	Unicorn-3357.exe
2696	Unicorn-49029.exe
2696	Unicorn-49029.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2808	WerFault.exe
2544	Unicorn-6685.exe
2544	Unicorn-6685.exe
2076	Unicorn-48424.exe
2076	Unicorn-48424.exe
2696	Unicorn-49029.exe
2696	Unicorn-49029.exe
2700	Unicorn-3357.exe
2700	Unicorn-3357.exe
2400	Unicorn-26551.exe
2400	Unicorn-26551.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1384	WerFault.exe
1384	WerFault.exe
1384	WerFault.exe
1384	WerFault.exe
1560	WerFault.exe
1384	WerFault.exe
2916	Unicorn-3758.exe
2916	Unicorn-3758.exe
2544	Unicorn-6685.exe
2544	Unicorn-6685.exe
1484	Unicorn-29559.exe
1484	Unicorn-29559.exe
2680	Unicorn-55434.exe
2680	Unicorn-55434.exe
2740	Unicorn-49425.exe
2740	Unicorn-49425.exe
2400	Unicorn-26551.exe
2400	Unicorn-26551.exe
2076	Unicorn-48424.exe
2076	Unicorn-48424.exe
2988	Unicorn-22944.exe
2988	Unicorn-22944.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
1168	WerFault.exe
2096	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1736	2168	WerFault.exe	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
2808	2120	WerFault.exe	Unicorn-23986.exe
1560	2700	WerFault.exe	Unicorn-3357.exe
1384	2696	WerFault.exe	Unicorn-49029.exe
2148	2544	WerFault.exe	Unicorn-6685.exe
1168	2076	WerFault.exe	Unicorn-48424.exe
2096	2400	WerFault.exe	Unicorn-26551.exe
2552	2916	WerFault.exe	Unicorn-3758.exe
2124	1484	WerFault.exe	Unicorn-29559.exe
2712	2680	WerFault.exe	Unicorn-55434.exe
2476	2740	WerFault.exe	Unicorn-49425.exe
908	2988	WerFault.exe	Unicorn-22944.exe
2288	2208	WerFault.exe	Unicorn-34980.exe
2088	2052	WerFault.exe	Unicorn-31974.exe
2344	1992	WerFault.exe	Unicorn-55862.exe
1236	688	WerFault.exe	Unicorn-31908.exe
2220	1056	WerFault.exe	Unicorn-58934.exe
1332	1908	WerFault.exe	Unicorn-56578.exe
2328	584	WerFault.exe	Unicorn-39068.exe
2016	652	WerFault.exe	Unicorn-17212.exe
3048	1724	WerFault.exe	Unicorn-48028.exe
1216	1480	WerFault.exe	Unicorn-21857.exe
2228	292	WerFault.exe	Unicorn-63513.exe
2856	1868	WerFault.exe	Unicorn-53648.exe
2708	932	WerFault.exe	Unicorn-11141.exe
2736	1592	WerFault.exe	Unicorn-11546.exe
2508	2368	WerFault.exe	Unicorn-31412.exe
2384	1936	WerFault.exe	Unicorn-21791.exe
2888	1116	WerFault.exe	Unicorn-64670.exe
2132	1948	WerFault.exe	Unicorn-60846.exe
1624	2732	WerFault.exe	Unicorn-28043.exe
1912	2312	WerFault.exe	Unicorn-51505.exe
2860	856	WerFault.exe	Unicorn-46481.exe
3176	2612	WerFault.exe	Unicorn-48245.exe
3288	2532	WerFault.exe	Unicorn-55173.exe
3372	2424	WerFault.exe	Unicorn-65266.exe
3388	2964	WerFault.exe	Unicorn-19595.exe
3476	2676	WerFault.exe	Unicorn-10378.exe
3484	1532	WerFault.exe	Unicorn-9859.exe
3564	2948	WerFault.exe	Unicorn-56050.exe
3624	1188	WerFault.exe	Unicorn-43674.exe
3144	3720	WerFault.exe	Unicorn-29594.exe
3664	1864	WerFault.exe	Unicorn-53767.exe
3752	2880	WerFault.exe	Unicorn-43674.exe
3612	3012	WerFault.exe	Unicorn-15404.exe
3652	2960	WerFault.exe	Unicorn-15404.exe
3696	2504	WerFault.exe	Unicorn-2926.exe
3716	1588	WerFault.exe	Unicorn-1616.exe
3828	2024	WerFault.exe	Unicorn-19353.exe
3848	1812	WerFault.exe	Unicorn-43220.exe
3836	1616	WerFault.exe	Unicorn-2612.exe
3936	2660	WerFault.exe	Unicorn-18477.exe
4008	2472	WerFault.exe	Unicorn-64514.exe
4052	1248	WerFault.exe	Unicorn-17312.exe
4060	2004	WerFault.exe	Unicorn-29097.exe
3232	2204	WerFault.exe	Unicorn-18572.exe
3428	2372	WerFault.exe	Unicorn-28503.exe
3588	1876	WerFault.exe	Unicorn-18889.exe
3744	2152	WerFault.exe	Unicorn-23316.exe
3380	2308	WerFault.exe	Unicorn-52365.exe
3424	2760	WerFault.exe	Unicorn-52436.exe
3224	1752	WerFault.exe	Unicorn-2088.exe
3316	2568	WerFault.exe	Unicorn-63152.exe
4192	2768	WerFault.exe	Unicorn-39813.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exeUnicorn-23986.exeUnicorn-3357.exeUnicorn-49029.exeUnicorn-6685.exeUnicorn-26551.exeUnicorn-48424.exeUnicorn-3758.exeUnicorn-29559.exeUnicorn-55434.exeUnicorn-49425.exeUnicorn-22944.exeUnicorn-34980.exeUnicorn-31974.exeUnicorn-55862.exeUnicorn-31908.exeUnicorn-58934.exeUnicorn-39068.exeUnicorn-56578.exeUnicorn-17212.exeUnicorn-48028.exeUnicorn-21857.exeUnicorn-63513.exeUnicorn-53648.exeUnicorn-11141.exeUnicorn-11546.exeUnicorn-31412.exeUnicorn-21791.exeUnicorn-64670.exeUnicorn-51505.exeUnicorn-60846.exeUnicorn-28043.exeUnicorn-46481.exeUnicorn-48245.exeUnicorn-55173.exeUnicorn-65266.exeUnicorn-19595.exeUnicorn-23316.exeUnicorn-10378.exeUnicorn-56050.exeUnicorn-64514.exeUnicorn-2926.exeUnicorn-39813.exeUnicorn-9859.exeUnicorn-17312.exeUnicorn-40341.exeUnicorn-29097.exeUnicorn-18572.exeUnicorn-43674.exeUnicorn-53767.exeUnicorn-43674.exeUnicorn-50991.exeUnicorn-52736.exeUnicorn-56685.exeUnicorn-52129.exeUnicorn-24195.exeUnicorn-11423.exeUnicorn-39338.exeUnicorn-42410.exeUnicorn-52503.exeUnicorn-63152.exeUnicorn-15404.exeUnicorn-15404.exeUnicorn-15404.exe

pid	process
2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
2120	Unicorn-23986.exe
2700	Unicorn-3357.exe
2696	Unicorn-49029.exe
2544	Unicorn-6685.exe
2400	Unicorn-26551.exe
2076	Unicorn-48424.exe
2916	Unicorn-3758.exe
1484	Unicorn-29559.exe
2680	Unicorn-55434.exe
2740	Unicorn-49425.exe
2988	Unicorn-22944.exe
2208	Unicorn-34980.exe
2052	Unicorn-31974.exe
1992	Unicorn-55862.exe
688	Unicorn-31908.exe
1056	Unicorn-58934.exe
584	Unicorn-39068.exe
1908	Unicorn-56578.exe
652	Unicorn-17212.exe
1724	Unicorn-48028.exe
1480	Unicorn-21857.exe
292	Unicorn-63513.exe
1868	Unicorn-53648.exe
932	Unicorn-11141.exe
1592	Unicorn-11546.exe
2368	Unicorn-31412.exe
1936	Unicorn-21791.exe
1116	Unicorn-64670.exe
2312	Unicorn-51505.exe
1948	Unicorn-60846.exe
2732	Unicorn-28043.exe
856	Unicorn-46481.exe
2612	Unicorn-48245.exe
2532	Unicorn-55173.exe
2424	Unicorn-65266.exe
2964	Unicorn-19595.exe
2152	Unicorn-23316.exe
2676	Unicorn-10378.exe
2948	Unicorn-56050.exe
2472	Unicorn-64514.exe
2504	Unicorn-2926.exe
2768	Unicorn-39813.exe
1532	Unicorn-9859.exe
1248	Unicorn-17312.exe
1192	Unicorn-40341.exe
2004	Unicorn-29097.exe
2204	Unicorn-18572.exe
2880	Unicorn-43674.exe
1864	Unicorn-53767.exe
1188	Unicorn-43674.exe
796	Unicorn-50991.exe
1012	Unicorn-52736.exe
1324	Unicorn-56685.exe
720	Unicorn-52129.exe
1952	Unicorn-24195.exe
2728	Unicorn-11423.exe
3064	Unicorn-39338.exe
3016	Unicorn-42410.exe
2600	Unicorn-52503.exe
2568	Unicorn-63152.exe
2960	Unicorn-15404.exe
2580	Unicorn-15404.exe
3012	Unicorn-15404.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exeUnicorn-23986.exeUnicorn-3357.exeUnicorn-49029.exeUnicorn-6685.exeUnicorn-48424.exeUnicorn-26551.exeUnicorn-3758.exe

description	pid	process	target process
PID 2168 wrote to memory of 2120	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-23986.exe
PID 2168 wrote to memory of 2120	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-23986.exe
PID 2168 wrote to memory of 2120	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-23986.exe
PID 2168 wrote to memory of 2120	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-23986.exe
PID 2120 wrote to memory of 2700	2120	Unicorn-23986.exe	Unicorn-3357.exe
PID 2120 wrote to memory of 2700	2120	Unicorn-23986.exe	Unicorn-3357.exe
PID 2120 wrote to memory of 2700	2120	Unicorn-23986.exe	Unicorn-3357.exe
PID 2120 wrote to memory of 2700	2120	Unicorn-23986.exe	Unicorn-3357.exe
PID 2168 wrote to memory of 2696	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-49029.exe
PID 2168 wrote to memory of 2696	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-49029.exe
PID 2168 wrote to memory of 2696	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-49029.exe
PID 2168 wrote to memory of 2696	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	Unicorn-49029.exe
PID 2168 wrote to memory of 1736	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	WerFault.exe
PID 2168 wrote to memory of 1736	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	WerFault.exe
PID 2168 wrote to memory of 1736	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	WerFault.exe
PID 2168 wrote to memory of 1736	2168	91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe	WerFault.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-23986.exe	Unicorn-6685.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-23986.exe	Unicorn-6685.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-23986.exe	Unicorn-6685.exe
PID 2120 wrote to memory of 2544	2120	Unicorn-23986.exe	Unicorn-6685.exe
PID 2700 wrote to memory of 2400	2700	Unicorn-3357.exe	Unicorn-26551.exe
PID 2700 wrote to memory of 2400	2700	Unicorn-3357.exe	Unicorn-26551.exe
PID 2700 wrote to memory of 2400	2700	Unicorn-3357.exe	Unicorn-26551.exe
PID 2700 wrote to memory of 2400	2700	Unicorn-3357.exe	Unicorn-26551.exe
PID 2696 wrote to memory of 2076	2696	Unicorn-49029.exe	Unicorn-48424.exe
PID 2696 wrote to memory of 2076	2696	Unicorn-49029.exe	Unicorn-48424.exe
PID 2696 wrote to memory of 2076	2696	Unicorn-49029.exe	Unicorn-48424.exe
PID 2696 wrote to memory of 2076	2696	Unicorn-49029.exe	Unicorn-48424.exe
PID 2120 wrote to memory of 2808	2120	Unicorn-23986.exe	WerFault.exe
PID 2120 wrote to memory of 2808	2120	Unicorn-23986.exe	WerFault.exe
PID 2120 wrote to memory of 2808	2120	Unicorn-23986.exe	WerFault.exe
PID 2120 wrote to memory of 2808	2120	Unicorn-23986.exe	WerFault.exe
PID 2544 wrote to memory of 2916	2544	Unicorn-6685.exe	Unicorn-3758.exe
PID 2544 wrote to memory of 2916	2544	Unicorn-6685.exe	Unicorn-3758.exe
PID 2544 wrote to memory of 2916	2544	Unicorn-6685.exe	Unicorn-3758.exe
PID 2544 wrote to memory of 2916	2544	Unicorn-6685.exe	Unicorn-3758.exe
PID 2076 wrote to memory of 2988	2076	Unicorn-48424.exe	Unicorn-22944.exe
PID 2076 wrote to memory of 2988	2076	Unicorn-48424.exe	Unicorn-22944.exe
PID 2076 wrote to memory of 2988	2076	Unicorn-48424.exe	Unicorn-22944.exe
PID 2076 wrote to memory of 2988	2076	Unicorn-48424.exe	Unicorn-22944.exe
PID 2696 wrote to memory of 1484	2696	Unicorn-49029.exe	Unicorn-29559.exe
PID 2696 wrote to memory of 1484	2696	Unicorn-49029.exe	Unicorn-29559.exe
PID 2696 wrote to memory of 1484	2696	Unicorn-49029.exe	Unicorn-29559.exe
PID 2696 wrote to memory of 1484	2696	Unicorn-49029.exe	Unicorn-29559.exe
PID 2700 wrote to memory of 2680	2700	Unicorn-3357.exe	Unicorn-55434.exe
PID 2700 wrote to memory of 2680	2700	Unicorn-3357.exe	Unicorn-55434.exe
PID 2700 wrote to memory of 2680	2700	Unicorn-3357.exe	Unicorn-55434.exe
PID 2700 wrote to memory of 2680	2700	Unicorn-3357.exe	Unicorn-55434.exe
PID 2400 wrote to memory of 2740	2400	Unicorn-26551.exe	Unicorn-49425.exe
PID 2400 wrote to memory of 2740	2400	Unicorn-26551.exe	Unicorn-49425.exe
PID 2400 wrote to memory of 2740	2400	Unicorn-26551.exe	Unicorn-49425.exe
PID 2400 wrote to memory of 2740	2400	Unicorn-26551.exe	Unicorn-49425.exe
PID 2700 wrote to memory of 1560	2700	Unicorn-3357.exe	WerFault.exe
PID 2700 wrote to memory of 1560	2700	Unicorn-3357.exe	WerFault.exe
PID 2700 wrote to memory of 1560	2700	Unicorn-3357.exe	WerFault.exe
PID 2700 wrote to memory of 1560	2700	Unicorn-3357.exe	WerFault.exe
PID 2696 wrote to memory of 1384	2696	Unicorn-49029.exe	WerFault.exe
PID 2696 wrote to memory of 1384	2696	Unicorn-49029.exe	WerFault.exe
PID 2696 wrote to memory of 1384	2696	Unicorn-49029.exe	WerFault.exe
PID 2696 wrote to memory of 1384	2696	Unicorn-49029.exe	WerFault.exe
PID 2916 wrote to memory of 2208	2916	Unicorn-3758.exe	Unicorn-34980.exe
PID 2916 wrote to memory of 2208	2916	Unicorn-3758.exe	Unicorn-34980.exe
PID 2916 wrote to memory of 2208	2916	Unicorn-3758.exe	Unicorn-34980.exe
PID 2916 wrote to memory of 2208	2916	Unicorn-3758.exe	Unicorn-34980.exe

C:\Users\Admin\AppData\Local\Temp\91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe
"C:\Users\Admin\AppData\Local\Temp\91ab85c8fa4a542676e07187872362669c2350de1d6a15fea230d4b5d675f119.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58934.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21791.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38500.exe
10⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2854.exe
11⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
12⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63757.exe
13⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
14⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
15⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
15⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
14⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
13⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
12⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28536.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
11⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14581.exe
12⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56026.exe
13⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6359.exe
14⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 236
12⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64846.exe
9⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43745.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4295.exe
11⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
12⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11939.exe
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 236
13⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
12⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
10⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 220
9⤵
- Program crash
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40441.exe
9⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32550.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6219.exe
11⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35978.exe
12⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 220
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
12⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
9⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
- Program crash
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
11⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18334.exe
12⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45875.exe
13⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 216
12⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29717.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-12469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12469.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61589.exe
10⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
11⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63682.exe
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10404 -s 216
12⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
8⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
7⤵
- Program crash
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29097.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5469.exe
9⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50088.exe
10⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61354.exe
11⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
12⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57361.exe
13⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
12⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
10⤵
PID:5132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
9⤵
- Program crash
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47545.exe
8⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14393.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58187.exe
10⤵
PID:6688

C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
11⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9081.exe
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
12⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 216
11⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 220
8⤵
- Program crash
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46359.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
8⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-9123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9123.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44236.exe
10⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50421.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe
12⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38983.exe
13⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 236
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49315.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42278.exe
10⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
11⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
11⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 236
10⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 220
8⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
7⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
6⤵
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39068.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2926.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
7⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57376.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13518.exe
10⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42771.exe
11⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5936.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 236
12⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
11⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
9⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 216
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
7⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34492.exe
9⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10330.exe
10⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 236
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
10⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
9⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
8⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
6⤵
- Program crash
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31908.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31412.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39813.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52436.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4945.exe
9⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62778.exe
11⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54939.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53213.exe
13⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 236
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
9⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8071.exe
9⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34761.exe
10⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7233.exe
11⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-679.exe
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
11⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
10⤵
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
8⤵
- Program crash
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7184.exe
7⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52208.exe
8⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65319.exe
9⤵
PID:3796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 220
10⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52226.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2489.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45688.exe
10⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
11⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
12⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 220
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
8⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9859.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
7⤵
- Executes dropped EXE
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16103.exe
8⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18741.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59740.exe
11⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55915.exe
12⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15132.exe
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
13⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 236
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16581.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14236.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21830.exe
11⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40927.exe
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
12⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 240
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4929.exe
7⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63098.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29822.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55065.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56155.exe
11⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4641.exe
12⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 220
12⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
9⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 236
8⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
7⤵
- Program crash
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
6⤵
- Program crash
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64514.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63152.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48085.exe
8⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11667.exe
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18450.exe
11⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32471.exe
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
12⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 216
9⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
8⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9016.exe
7⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60605.exe
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57377.exe
9⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49794.exe
10⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
11⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
11⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 236
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 236
8⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
7⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16400.exe
6⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41819.exe
7⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56748.exe
8⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
9⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47221.exe
10⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33999.exe
11⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
11⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 236
10⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
9⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 216
8⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
7⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
6⤵
- Program crash
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
5⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48028.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46481.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22788.exe
9⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21950.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
11⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56361.exe
12⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18387.exe
13⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50797.exe
14⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
14⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
13⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
11⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6656.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24797.exe
11⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
12⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55050.exe
13⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
11⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12543.exe
8⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36125.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63289.exe
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2357.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61197.exe
12⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
13⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
11⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 216
9⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
8⤵
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56685.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31480.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25409.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38228.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20838.exe
11⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64496.exe
12⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5118.exe
13⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
12⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28482.exe
10⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47338.exe
11⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
12⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
10⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
8⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
7⤵
- Program crash
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48245.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:720

C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22264.exe
8⤵
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15580.exe
11⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46141.exe
12⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
13⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 216
13⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 216
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36513.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33093.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
10⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60578.exe
11⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24444.exe
12⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
12⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
10⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 240
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21813.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
9⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1309.exe
10⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
11⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1217.exe
12⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
12⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
11⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
8⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
7⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
6⤵
- Program crash
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21857.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55173.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11547.exe
8⤵
PID:612

C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29594.exe
9⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 188
10⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 612 -s 236
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2471.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36689.exe
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38746.exe
10⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33204.exe
11⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32993.exe
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
8⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
7⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6123.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6888.exe
10⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
11⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
12⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10776 -s 216
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
11⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 236
8⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
7⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11423.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52365.exe
7⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16193.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
10⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28288.exe
11⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5860.exe
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 236
12⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 216
11⤵
PID:2692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 236
10⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
9⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11341.exe
8⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
9⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
10⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34232.exe
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
10⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
9⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
8⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
6⤵
- Program crash
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
5⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19595.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42410.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52526.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38834.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe
10⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
11⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38258.exe
12⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43226.exe
13⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
13⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
12⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
11⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30369.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11990.exe
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34626.exe
10⤵
PID:8028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14122.exe
11⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe
12⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 216
11⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
10⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56475.exe
7⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28723.exe
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44890.exe
10⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
11⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3563.exe
12⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 220
12⤵
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
8⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
7⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52503.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18889.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14007.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25300.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32694.exe
11⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22779.exe
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
12⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 236
8⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5543.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21403.exe
9⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-46724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46724.exe
10⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-22889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22889.exe
11⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 216
11⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
10⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
9⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
8⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
7⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
6⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39338.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10642.exe
7⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
8⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14127.exe
10⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29076.exe
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
11⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
10⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
8⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
7⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6325.exe
8⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52897.exe
9⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10359.exe
10⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
11⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
11⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
10⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
9⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
8⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
6⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24885.exe
7⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4507.exe
8⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23184.exe
9⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
10⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
11⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
10⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 236
9⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
8⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
7⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
6⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
5⤵
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-49029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49029.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17212.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1188

C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57008.exe
8⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9132.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22862.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43391.exe
12⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38756.exe
13⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
13⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
11⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
9⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 240
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19353.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31954.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25911.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
10⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32314.exe
11⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
12⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
11⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
8⤵
- Program crash
PID:3828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
7⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53767.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53598.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11643.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34254.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63541.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
9⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
8⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
7⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62512.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-10628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10628.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7542.exe
10⤵
PID:8624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27551.exe
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 216
11⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 220
7⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
6⤵
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50991.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
7⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36723.exe
8⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53118.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42797.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-32760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32760.exe
11⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59909.exe
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
8⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20578.exe
7⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64413.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9839.exe
9⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42572.exe
10⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
11⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
10⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
9⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
7⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2088.exe
6⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
7⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30111.exe
9⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1428.exe
10⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22606.exe
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 216
11⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 216
10⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
8⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
7⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
6⤵
- Program crash
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
5⤵
- Program crash
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56578.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51505.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43674.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21954.exe
7⤵
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-59964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59964.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43133.exe
11⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41042.exe
12⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 236
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 216
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
10⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2621.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37453.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
10⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44317.exe
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
11⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
8⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44756.exe
7⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29953.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14701.exe
9⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
10⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
11⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
10⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
8⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe
6⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58924.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41011.exe
8⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64822.exe
9⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27472.exe
10⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-676.exe
11⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 216
11⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
10⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
9⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
8⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
7⤵
PID:4160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
6⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-18572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18572.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
6⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
7⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe
8⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62812.exe
9⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9703.exe
10⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6711.exe
11⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
11⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
10⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
9⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
8⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 216
7⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
6⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29433.exe
7⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10058.exe
8⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44261.exe
9⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15535.exe
10⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
10⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
9⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
8⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 216
7⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
6⤵
- Program crash
PID:3232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 220
5⤵
- Program crash
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53648.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23316.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1616.exe
7⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32356.exe
8⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58176.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15249.exe
10⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18720.exe
11⤵
PID:9244

C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12203.exe
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9244 -s 216
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
11⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
9⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
8⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26722.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-3701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3701.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30230.exe
9⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14764.exe
10⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 236
11⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 236
10⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 216
8⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2612.exe
6⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18166.exe
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40939.exe
9⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
10⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 220
11⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
10⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 236
8⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
7⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
6⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56050.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18477.exe
6⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
7⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7475.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31923.exe
9⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21482.exe
10⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53926.exe
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 216
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 236
10⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
7⤵
- Program crash
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41683.exe
6⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52382.exe
7⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23232.exe
8⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31739.exe
9⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6363.exe
10⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49722.exe
11⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
11⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 236
9⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
8⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
7⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
6⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
5⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11141.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10378.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe
7⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21062.exe
8⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34995.exe
9⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55649.exe
10⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 236
11⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
9⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
8⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
7⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
6⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
5⤵
- Program crash
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
4⤵
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
2⤵
- Program crash
PID:1736

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11709.exe

Filesize
184KB

MD5
3b54cee53b350a366f9f737d8760789c

SHA1
7a3b4f1fc8f0f385b2162e90f607b816b1ecc1e0

SHA256
0e6d4076dc597849a13b7d2e89c9a23b87d249a7e0a6428769f64a8c61717f35

SHA512
8282885c623a097f60d8abad81b38aa9976c46e6e5eb36c2cceebc746372869d99956c3cfb3c930447df4defc5581ba9e07b58fb0fc8cb4a9b4c0da34c07cd1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe

Filesize
184KB

MD5
2e0008d9ad0df0ad518281d47d1077fb

SHA1
ba37a4a2b4c6b5f7cc43f6a0b2b4d590820855f6

SHA256
92234afb058db82e0ce2abb2d3075701f55d2f1ffc2bf228b50694b816000724

SHA512
b768996b1fa9b39fc9b1679b1b90d3619f0f58a306c8eac1a4536fbf14b8c3be260945cbc5614287a13f28b2f0879c1d4ecdce40f3aa3e7be98b7ebae921b8c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29392.exe

Filesize
184KB

MD5
0f719095990b7005cdb72349355ef519

SHA1
b8d9eca6964cd9963a1d65b83f0a1048314188e2

SHA256
11baa33bc2889bd59f4a1d4f8edb94dfcb9124124620688133d9ed6e1c315819

SHA512
d43574394a68c49c92684f4f4242aa446e1b567af250a5538b99a690ceac3eb2948ebc3f28afdee94c1a83cb68e60aef737bcdfcd8cd34facaadb9625e9e879e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29559.exe

Filesize
184KB

MD5
c704e0d86e973492ad85f8cf90946420

SHA1
adcd649f381e1bf864f0f59401fed7a1714338e8

SHA256
f230479d38235cd520965b60128d0625e435d5a91aacde7ffffa1f566fb202bb

SHA512
50e4a3ddb4ba11ae8e9ae214790e1c4063aa895bb74ccaa4904bc7dd8312c2f5e9065dc948fc37a06d5648e723554fe5237575238e8f71ff828bcf6bcf307706

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31676.exe

Filesize
184KB

MD5
485a22091a78c0726f2216f043b71926

SHA1
a9cf79c8d6fe1f3a8783ecb59a05426ca0a3b4f3

SHA256
8da89ca950fad22700de490331bfbed363aa26d85fc200b7385fb25a2250cf8a

SHA512
44af33f886c9366f14b267f51781642a172c285fb75c6d8a50d82d008fe44ffbc7bffa5e78dec5b2f2f4c8314954a3794d7efa570b9698a4162d484653292286

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31974.exe

Filesize
184KB

MD5
d4d0ce2de3048ff92705dd88f1b9e01b

SHA1
9c48f1822e36be25699640c970756190798e0eb7

SHA256
c543a228ce26d0a7c0b1e355674aad57cac14361401ccc379dbc81a922210c7c

SHA512
c03800464b4638ab2eb59e8d71bc374b53427956527cd0e74b2346d2c9688a64adf854bde9ca99e48dd8af6cf237cfa690be7c7c9bf38ffb60ca03405c7f49ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3357.exe

Filesize
184KB

MD5
37ce64c018dad9522174fad4be5b62f9

SHA1
b5e310e8a984eba7f1d461a14a850152c0956dd2

SHA256
2bfc6c34e40bf51180a393351b5497dd7bcaeca9ad38b0a3eb91d7dfc2be4696

SHA512
47bfb599addf7e7eb74d20e3a6cbaa157552f5fed5988127f9345809ee64801690cad674df8e9c8719be89a48463536fca0bfaf71b128528703ca94e59cd08e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe

Filesize
184KB

MD5
549212925b9722b5fc0c6bbb1b3e1cf8

SHA1
8c2894578fb8dc53e9ace737774977d21c299ec2

SHA256
bb533851debe0cbd56d4a70f17791d5377e376d8d85f8768f9fa1aede283024a

SHA512
f5f916a9fa30dca1583077aca35b00817f61c4db5ef772b3ed53cd7cf4e1cfdd6966db847587db17dd0f3b43f4471389c4c25f0970b7cc5f46bceab88a53d8b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40341.exe

Filesize
184KB

MD5
fbdb0c4b128195d1f551996c4da47f35

SHA1
c4a62ddc0ff250fd49b1615f8425ea53fa0c29f6

SHA256
a7630bb10c5e05881d4bae46ab7977a10b5293b137b0db2d0d4a524ca3c24aa4

SHA512
4e2fd159e100403623c4bc77c37b9d81a16c1bee38d4b5ebef8eec86febae2d592ed26aca11000738c09b3e09e47a5f32c7dd51c307ade696c97476d48711ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41249.exe

Filesize
184KB

MD5
8a66212f8910f9532eb9b5c54c2d2120

SHA1
26119b6ac255262a01fe912d0d094a5333def200

SHA256
ada4b414b51c017b4e6a7b5bf1fb032e990144797a58c126f41cd528bc57c790

SHA512
858e5bbf66b5eea7cabf9f9b3016325cfc44a0b9eeaf19685a68f817ebee41a8a5299a3384918f89467b7a6ba0bf1d341741e7ee7c88befc3c3a956c2da978dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42833.exe

Filesize
184KB

MD5
eedf425c16476296bf5eaba2d0c44c8f

SHA1
fddfc62c11361a951dcfd50c1dd8219a80150bd5

SHA256
c5f23f9b93ab2b73834dcbf6ed89d7c30b7f5cd547d1c9412bd7f508529365eb

SHA512
2b20139a42295ca5e021611377470eecd4b361defcf168eb454cff5d3cd02435fe7e5bd6c1d74c0e2ec52fad7b3aa66d0a4ea2b09e70b29d070f6ac3527e3ca3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48424.exe

Filesize
184KB

MD5
507168130f11c0686bc3871cb19ae828

SHA1
492ced80827c28916567857c42241fff76547eca

SHA256
6bff01606da67c1d28954798a342ac3a4cbf4282cb035650cab566d23ff1c241

SHA512
b849055e94499dcbba43c44acfa2aa8e3a7e11dd86e67478d5cdeeb5dade585d9c00bf6875ea208928d825b0208eb987cac267cdfe7dc03fc83f566b9f1baeb7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5449.exe

Filesize
184KB

MD5
1b1846e50d929c5bc4eeb3ca0e961ce8

SHA1
658d9ea5ab69576cfb477aef7bb1f33fbadd95cd

SHA256
e3859fa12605ace9e9c16d86582b39d90ac81f25681b6ceae0f876a448b114d3

SHA512
025adc386b149dfe45bfef75abb87ea5892a8e366be24a370899e197038ff994d8baf59b4bed817c2f13e091933dd38ad4f53bd05586e073d252d985fbeee910

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55434.exe

Filesize
184KB

MD5
87a697dd15d22e00261895256bb84111

SHA1
e052dcc640f00b00bed118d2ab835e7652be05bc

SHA256
10bf838c16c239e75b73148da5662ba87fb7ea2303b28cce989770a5368a61b7

SHA512
10aec1d2c44c536887d718cec5a7aaf20036a916228810b8c5ad990286e1be7346b0fdc5706a8c9bdb41e28fa534c0a5786e1317d179f7e78cffdb841b2625cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57301.exe

Filesize
184KB

MD5
d7e4970b28dd8ac7e592b0eb197a785b

SHA1
fc3b002e6e968fe6325d1af6317c8de46e042b03

SHA256
1ebd70712cc2cb05b452a18e362025a7547bfe3adcd647425dd2622e35294bda

SHA512
4ffb940def3b75f93c307c909d2584a55cf6a1ba262ae8199f59eb427580b72d0476a88a1268256275965abb02c69c7999b81b6d342d807cac87f8fb129edb67

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57550.exe

Filesize
184KB

MD5
139f0f3ead7c2968c418137a360e1485

SHA1
b44fedbb4c3096d08057e85a56b0dd6d4ae4ed86

SHA256
cffa85701dc1c0047c5ba706af8a21b823145ca1087e13b2262b14fa86d55105

SHA512
7cb05aef2ec0975d92f68c0e671ad230da2906a3eadfdbb72847637ef08ed28376b7d00e26f1a45cf0c52facd01f0660d2c07f15154ec1e00dabfab04b110416

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe

Filesize
184KB

MD5
085d187c8eff0eb83086ec1c4ba0e338

SHA1
0ba62070946a53a89256025f609a25017b088cef

SHA256
7665fe999380c7072884c82e7b7faa51280da34014692921c9b9308a3220726c

SHA512
8a775e658bfe64894c9aadd0042855c47814ca51c43a220d2b70501f9515011ddf285fea333cb8d458fcaa2da2da8b906039f690086dcb7c90374b6c14c0e52c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6685.exe

Filesize
184KB

MD5
d64ac5c72e968cc8727fe8a3deab0310

SHA1
e57aeb5eb708a9b5fd3704d5e758aa3163c8a92f

SHA256
fef1c1399b4a256cf005369822584bfa4c5aba5633fabd7c83b0289ecde1d820

SHA512
d6290bff12cbc7dd299c2510e9a83329f515f687b785a0e2f37e933e5d7a1e687a343895d0203e7396eed85a21bf567325ccbec2a1c5cbd551cd7e65ea98f4f1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22944.exe

Filesize
184KB

MD5
d905198a9c64852c23a416a7c9beee22

SHA1
bdb19873f77b4874b1513bcfadc8832ecd7e82a2

SHA256
9374af1ab132020ae1b11b5379d4d42cbf127b4b4c3f75412c6779e4f692285a

SHA512
1548e708c10583489f49091fbc0cff7423041428003da02905a5f097c9668adc67995d3afdf8c6c3c878310d21c6fab875a9e69e74f6f10330543377a703f421

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23986.exe

Filesize
184KB

MD5
56a7218a0bcf489f48015e068fc8452f

SHA1
dc77e7cb92ea6fb1b0401cfc79da167e876dff3e

SHA256
2c4ce5edfb846067ea3600a61cab31bce1a547ad16eddbe697bcc6cee63f24e1

SHA512
4129ccc93d9bff4b201c6128ece67395e3bed2100cee7786aa234892adc10abb877af40e032b138aa4b0370ceabbaa173a28edf45046b79120500074232d21e2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34980.exe

Filesize
184KB

MD5
91dc7bd0c4565f729395ad6a8a800c51

SHA1
b6ab25e11b9c132d02c8c347d6a2d64d3b35d21b

SHA256
17b10741f02ff7f3aa37db71980118182f30e89c29c4add51e872eb24a93865a

SHA512
4392858f21fa5b0ddfda982058ed104b26a3b45f78c9526c95a34091c073c24ad9abcbeb028278810c8ae03d0d01ec5a405c419ee4ba314d178ec9c87723a203

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3758.exe

Filesize
184KB

MD5
647879330a830c13ce5f243f9b7aac16

SHA1
01c2d5a3f5905174ce8dcee275c8453d10b361a1

SHA256
463d61902d3299779937511572588839422a5e476b053a538cb269ddd473286e

SHA512
16152ebe34cfdd21aba98feb005651633ff125cc447389b2fce94e16a1d4b8d6c36c448afc428d7a56bedee5d0750458c0b0eed153a7d5730a86c9f69b7eb3e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49029.exe

Filesize
184KB

MD5
c473d3f3e7339f2bc94e1a6c1443f412

SHA1
fe6152febcad079fcc2752e000b0eb2695896a12

SHA256
fb3ebaa0ed3874b8da941da9f6210652c6f49c5631a860e017d01c50d56c0c4a

SHA512
b29a6380d3fc660a608a4e2b6123f3f0c9b85f90ed13960f4fd3e6a941641847f8d41794b26520b0fe917e7059dbe76f9922234679c4c56721f22cc49b021a9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49425.exe

Filesize
184KB

MD5
d3f564473d59b4aba2e7d6ec51dacd1b

SHA1
1adad147ee60e3cd8b99783e9c58004e0c3ce9b7

SHA256
38b210ec74a909f14c94e381d991ba48d277b4624b8abaa1fd2c2b27a51baf76

SHA512
e2385053d19e6c0258a1de117c3f2ad494265a60677bac3e63806b17025ad1c5ecc3c8f261bc566f29c9011c062f8b3e377b230c3e9bd902229b7d87a45e4b38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55862.exe

Filesize
184KB

MD5
0c0c20ef8ff760747e6dd6ea3a9fc174

SHA1
059e2a1f5ba3395a7b37de5d9c24e9db3100e101

SHA256
9f23fcc2924e46b38b547084ee5d8185017213130ba1ea19d0ce24ee9e56e3dd

SHA512
866ecbe0aa8992be083dfebb003904853bb767fb9e003386e905e351905be0eb04d183e347047c462fe1e1a4b0eb27779b498c3ed52b3c78e81e55572223ea9c

Download Submit