75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
Size

184KB
MD5

4fe3ef471607d1ea6ff3af0fe0acd829
SHA1

02479e8df36685cdbbae989e17c07c2e3b01922b
SHA256

75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735
SHA512

45281a95febf47f894e9d77f916b9490fec67b1f1d95b59705520756ad5c2b8d6a13ffd4094cfb0d19dddb2d01f2accc5b3062db953f9d7ee101d539fb244e0e
SSDEEP

3072:nRdsCHoldfaKdqNTee70pxNEIK43IQ6+rHy/85ERBJOhlnVOFx:nR/oSGqN10PNEIfLCAhlnVOF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-46971.exeUnicorn-56291.exeUnicorn-36425.exeUnicorn-40400.exeUnicorn-60266.exeUnicorn-25456.exeUnicorn-30656.exeUnicorn-49685.exeUnicorn-34740.exeUnicorn-34740.exeUnicorn-53769.exeUnicorn-2705.exeUnicorn-22571.exeUnicorn-4288.exeUnicorn-15149.exeUnicorn-35015.exeUnicorn-8372.exeUnicorn-54044.exeUnicorn-8372.exeUnicorn-26930.exeUnicorn-31014.exeUnicorn-19316.exeUnicorn-60178.exeUnicorn-25368.exeUnicorn-64262.exeUnicorn-9586.exeUnicorn-29452.exeUnicorn-2809.exeUnicorn-13670.exeUnicorn-13670.exeUnicorn-33536.exeUnicorn-43026.exeUnicorn-62892.exeUnicorn-1439.exeUnicorn-20468.exeUnicorn-9607.exeUnicorn-34688.exeUnicorn-53717.exeUnicorn-8045.exeUnicorn-624.exeUnicorn-40910.exeUnicorn-44994.exeUnicorn-55855.exeUnicorn-58315.exeUnicorn-59747.exeUnicorn-14075.exeUnicorn-14075.exeUnicorn-33104.exeUnicorn-36909.exeUnicorn-40993.exeUnicorn-51854.exeUnicorn-45077.exeUnicorn-55938.exeUnicorn-10266.exeUnicorn-29295.exeUnicorn-49161.exeUnicorn-30879.exeUnicorn-49908.exeUnicorn-4236.exeUnicorn-15097.exeUnicorn-8320.exeUnicorn-12404.exeUnicorn-4791.exeUnicorn-28741.exe

pid	process
2308	Unicorn-46971.exe
960	Unicorn-56291.exe
2732	Unicorn-36425.exe
2708	Unicorn-40400.exe
2668	Unicorn-60266.exe
2476	Unicorn-25456.exe
2148	Unicorn-30656.exe
952	Unicorn-49685.exe
1976	Unicorn-34740.exe
2952	Unicorn-34740.exe
2816	Unicorn-53769.exe
1532	Unicorn-2705.exe
1376	Unicorn-22571.exe
3032	Unicorn-4288.exe
2028	Unicorn-15149.exe
2040	Unicorn-35015.exe
2228	Unicorn-8372.exe
604	Unicorn-54044.exe
1068	Unicorn-8372.exe
768	Unicorn-26930.exe
2140	Unicorn-31014.exe
1840	Unicorn-19316.exe
1204	Unicorn-60178.exe
984	Unicorn-25368.exe
1188	Unicorn-64262.exe
1076	Unicorn-9586.exe
576	Unicorn-29452.exe
3060	Unicorn-2809.exe
2960	Unicorn-13670.exe
1740	Unicorn-13670.exe
2924	Unicorn-33536.exe
2664	Unicorn-43026.exe
2544	Unicorn-62892.exe
2092	Unicorn-1439.exe
2556	Unicorn-20468.exe
2704	Unicorn-9607.exe
2568	Unicorn-34688.exe
2292	Unicorn-53717.exe
2496	Unicorn-8045.exe
1728	Unicorn-624.exe
2244	Unicorn-40910.exe
1548	Unicorn-44994.exe
2688	Unicorn-55855.exe
2440	Unicorn-58315.exe
2840	Unicorn-59747.exe
1652	Unicorn-14075.exe
2752	Unicorn-14075.exe
1444	Unicorn-33104.exe
2032	Unicorn-36909.exe
2036	Unicorn-40993.exe
588	Unicorn-51854.exe
844	Unicorn-45077.exe
1792	Unicorn-55938.exe
2412	Unicorn-10266.exe
1192	Unicorn-29295.exe
3068	Unicorn-49161.exe
2360	Unicorn-30879.exe
2320	Unicorn-49908.exe
2128	Unicorn-4236.exe
2236	Unicorn-15097.exe
2692	Unicorn-8320.exe
2456	Unicorn-12404.exe
1836	Unicorn-4791.exe
2168	Unicorn-28741.exe

Loads dropped DLL 64 IoCs

Processes:

75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exeUnicorn-46971.exeUnicorn-56291.exeUnicorn-36425.exeWerFault.exeUnicorn-60266.exeUnicorn-25456.exeUnicorn-40400.exeWerFault.exeWerFault.exeUnicorn-30656.exeUnicorn-34740.exeUnicorn-49685.exeUnicorn-53769.exeUnicorn-34740.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
2308	Unicorn-46971.exe
2308	Unicorn-46971.exe
756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
2308	Unicorn-46971.exe
2308	Unicorn-46971.exe
960	Unicorn-56291.exe
960	Unicorn-56291.exe
2732	Unicorn-36425.exe
2732	Unicorn-36425.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2484	WerFault.exe
2668	Unicorn-60266.exe
2668	Unicorn-60266.exe
960	Unicorn-56291.exe
960	Unicorn-56291.exe
2476	Unicorn-25456.exe
2708	Unicorn-40400.exe
2476	Unicorn-25456.exe
2708	Unicorn-40400.exe
2732	Unicorn-36425.exe
2732	Unicorn-36425.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2740	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2636	WerFault.exe
2740	WerFault.exe
2636	WerFault.exe
2148	Unicorn-30656.exe
2668	Unicorn-60266.exe
2668	Unicorn-60266.exe
2148	Unicorn-30656.exe
1976	Unicorn-34740.exe
1976	Unicorn-34740.exe
2708	Unicorn-40400.exe
2708	Unicorn-40400.exe
952	Unicorn-49685.exe
952	Unicorn-49685.exe
2816	Unicorn-53769.exe
2952	Unicorn-34740.exe
2816	Unicorn-53769.exe
2476	Unicorn-25456.exe
2952	Unicorn-34740.exe
2476	Unicorn-25456.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1896	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
328	WerFault.exe
328	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2660	756	WerFault.exe	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
2484	2308	WerFault.exe	Unicorn-46971.exe
2740	960	WerFault.exe	Unicorn-56291.exe
2636	2732	WerFault.exe	Unicorn-36425.exe
1896	2668	WerFault.exe	Unicorn-60266.exe
1556	2708	WerFault.exe	Unicorn-40400.exe
328	2476	WerFault.exe	Unicorn-25456.exe
1676	2148	WerFault.exe	Unicorn-30656.exe
1704	1976	WerFault.exe	Unicorn-34740.exe
912	952	WerFault.exe	Unicorn-49685.exe
1644	2952	WerFault.exe	Unicorn-34740.exe
2192	2816	WerFault.exe	Unicorn-53769.exe
3036	1532	WerFault.exe	Unicorn-2705.exe
1244	1376	WerFault.exe	Unicorn-22571.exe
812	604	WerFault.exe	Unicorn-54044.exe
1492	3032	WerFault.exe	Unicorn-4288.exe
2152	2228	WerFault.exe	Unicorn-8372.exe
1440	1068	WerFault.exe	Unicorn-8372.exe
2900	2028	WerFault.exe	Unicorn-15149.exe
1312	2040	WerFault.exe	Unicorn-35015.exe
2272	768	WerFault.exe	Unicorn-26930.exe
1464	2140	WerFault.exe	Unicorn-31014.exe
1832	1840	WerFault.exe	Unicorn-19316.exe
2508	984	WerFault.exe	Unicorn-25368.exe
2464	1204	WerFault.exe	Unicorn-60178.exe
2872	3060	WerFault.exe	Unicorn-2809.exe
2252	1076	WerFault.exe	Unicorn-9586.exe
2800	2960	WerFault.exe	Unicorn-13670.exe
1304	2924	WerFault.exe	Unicorn-33536.exe
1972	1740	WerFault.exe	Unicorn-13670.exe
2856	1188	WerFault.exe	Unicorn-64262.exe
2864	576	WerFault.exe	Unicorn-29452.exe
2912	2628	WerFault.exe	Unicorn-65497.exe
448	1588	WerFault.exe	Unicorn-65497.exe
1208	2664	WerFault.exe	Unicorn-43026.exe
3088	2544	WerFault.exe	Unicorn-62892.exe
3112	2092	WerFault.exe	Unicorn-1439.exe
3128	2556	WerFault.exe	Unicorn-20468.exe
3152	2704	WerFault.exe	Unicorn-9607.exe
3220	2568	WerFault.exe	Unicorn-34688.exe
3228	2496	WerFault.exe	Unicorn-8045.exe
3272	2292	WerFault.exe	Unicorn-53717.exe
3292	1728	WerFault.exe	Unicorn-624.exe
3404	2244	WerFault.exe	Unicorn-40910.exe
3456	2840	WerFault.exe	Unicorn-59747.exe
3464	1652	WerFault.exe	Unicorn-14075.exe
3484	1548	WerFault.exe	Unicorn-44994.exe
3496	2688	WerFault.exe	Unicorn-55855.exe
3520	2440	WerFault.exe	Unicorn-58315.exe
3544	2752	WerFault.exe	Unicorn-14075.exe
3536	1444	WerFault.exe	Unicorn-33104.exe
4048	2648	WerFault.exe	Unicorn-34002.exe
3960	2036	WerFault.exe	Unicorn-40993.exe
3940	2032	WerFault.exe	Unicorn-36909.exe
3864	1192	WerFault.exe	Unicorn-29295.exe
3992	2796	WerFault.exe	Unicorn-12767.exe
4056	2360	WerFault.exe	Unicorn-30879.exe
3584	3008	WerFault.exe	Unicorn-4044.exe
3832	752	WerFault.exe	Unicorn-12212.exe
3976	2168	WerFault.exe	Unicorn-28741.exe
4104	588	WerFault.exe	Unicorn-51854.exe
4092	2320	WerFault.exe	Unicorn-49908.exe
4240	2456	WerFault.exe	Unicorn-12404.exe
4648	1836	WerFault.exe	Unicorn-4791.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exeUnicorn-46971.exeUnicorn-56291.exeUnicorn-36425.exeUnicorn-40400.exeUnicorn-60266.exeUnicorn-25456.exeUnicorn-30656.exeUnicorn-49685.exeUnicorn-34740.exeUnicorn-34740.exeUnicorn-53769.exeUnicorn-2705.exeUnicorn-22571.exeUnicorn-4288.exeUnicorn-8372.exeUnicorn-54044.exeUnicorn-15149.exeUnicorn-35015.exeUnicorn-8372.exeUnicorn-26930.exeUnicorn-31014.exeUnicorn-19316.exeUnicorn-60178.exeUnicorn-25368.exeUnicorn-9586.exeUnicorn-64262.exeUnicorn-2809.exeUnicorn-29452.exeUnicorn-13670.exeUnicorn-13670.exeUnicorn-33536.exeUnicorn-43026.exeUnicorn-62892.exeUnicorn-1439.exeUnicorn-20468.exeUnicorn-9607.exeUnicorn-8045.exeUnicorn-34688.exeUnicorn-53717.exeUnicorn-624.exeUnicorn-40910.exeUnicorn-44994.exeUnicorn-55855.exeUnicorn-59747.exeUnicorn-14075.exeUnicorn-58315.exeUnicorn-14075.exeUnicorn-33104.exeUnicorn-36909.exeUnicorn-40993.exeUnicorn-51854.exeUnicorn-55938.exeUnicorn-45077.exeUnicorn-29295.exeUnicorn-10266.exeUnicorn-49161.exeUnicorn-30879.exeUnicorn-49908.exeUnicorn-15097.exeUnicorn-4236.exeUnicorn-8320.exeUnicorn-12404.exeUnicorn-4791.exe

pid	process
756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
2308	Unicorn-46971.exe
960	Unicorn-56291.exe
2732	Unicorn-36425.exe
2708	Unicorn-40400.exe
2668	Unicorn-60266.exe
2476	Unicorn-25456.exe
2148	Unicorn-30656.exe
952	Unicorn-49685.exe
1976	Unicorn-34740.exe
2952	Unicorn-34740.exe
2816	Unicorn-53769.exe
1532	Unicorn-2705.exe
1376	Unicorn-22571.exe
3032	Unicorn-4288.exe
2228	Unicorn-8372.exe
604	Unicorn-54044.exe
2028	Unicorn-15149.exe
2040	Unicorn-35015.exe
1068	Unicorn-8372.exe
768	Unicorn-26930.exe
2140	Unicorn-31014.exe
1840	Unicorn-19316.exe
1204	Unicorn-60178.exe
984	Unicorn-25368.exe
1076	Unicorn-9586.exe
1188	Unicorn-64262.exe
3060	Unicorn-2809.exe
576	Unicorn-29452.exe
2960	Unicorn-13670.exe
1740	Unicorn-13670.exe
2924	Unicorn-33536.exe
2664	Unicorn-43026.exe
2544	Unicorn-62892.exe
2092	Unicorn-1439.exe
2556	Unicorn-20468.exe
2704	Unicorn-9607.exe
2496	Unicorn-8045.exe
2568	Unicorn-34688.exe
2292	Unicorn-53717.exe
1728	Unicorn-624.exe
2244	Unicorn-40910.exe
1548	Unicorn-44994.exe
2688	Unicorn-55855.exe
2840	Unicorn-59747.exe
1652	Unicorn-14075.exe
2440	Unicorn-58315.exe
2752	Unicorn-14075.exe
1444	Unicorn-33104.exe
2032	Unicorn-36909.exe
2036	Unicorn-40993.exe
588	Unicorn-51854.exe
1792	Unicorn-55938.exe
844	Unicorn-45077.exe
1192	Unicorn-29295.exe
2412	Unicorn-10266.exe
3068	Unicorn-49161.exe
2360	Unicorn-30879.exe
2320	Unicorn-49908.exe
2236	Unicorn-15097.exe
2128	Unicorn-4236.exe
2692	Unicorn-8320.exe
2456	Unicorn-12404.exe
1836	Unicorn-4791.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exeUnicorn-46971.exeUnicorn-56291.exeUnicorn-36425.exeUnicorn-60266.exeUnicorn-25456.exeUnicorn-40400.exe

description	pid	process	target process
PID 756 wrote to memory of 2308	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-46971.exe
PID 756 wrote to memory of 2308	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-46971.exe
PID 756 wrote to memory of 2308	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-46971.exe
PID 756 wrote to memory of 2308	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-46971.exe
PID 2308 wrote to memory of 960	2308	Unicorn-46971.exe	Unicorn-56291.exe
PID 2308 wrote to memory of 960	2308	Unicorn-46971.exe	Unicorn-56291.exe
PID 2308 wrote to memory of 960	2308	Unicorn-46971.exe	Unicorn-56291.exe
PID 2308 wrote to memory of 960	2308	Unicorn-46971.exe	Unicorn-56291.exe
PID 756 wrote to memory of 2732	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-36425.exe
PID 756 wrote to memory of 2732	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-36425.exe
PID 756 wrote to memory of 2732	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-36425.exe
PID 756 wrote to memory of 2732	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	Unicorn-36425.exe
PID 756 wrote to memory of 2660	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	WerFault.exe
PID 756 wrote to memory of 2660	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	WerFault.exe
PID 756 wrote to memory of 2660	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	WerFault.exe
PID 756 wrote to memory of 2660	756	75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe	WerFault.exe
PID 2308 wrote to memory of 2708	2308	Unicorn-46971.exe	Unicorn-40400.exe
PID 2308 wrote to memory of 2708	2308	Unicorn-46971.exe	Unicorn-40400.exe
PID 2308 wrote to memory of 2708	2308	Unicorn-46971.exe	Unicorn-40400.exe
PID 2308 wrote to memory of 2708	2308	Unicorn-46971.exe	Unicorn-40400.exe
PID 960 wrote to memory of 2668	960	Unicorn-56291.exe	Unicorn-60266.exe
PID 960 wrote to memory of 2668	960	Unicorn-56291.exe	Unicorn-60266.exe
PID 960 wrote to memory of 2668	960	Unicorn-56291.exe	Unicorn-60266.exe
PID 960 wrote to memory of 2668	960	Unicorn-56291.exe	Unicorn-60266.exe
PID 2732 wrote to memory of 2476	2732	Unicorn-36425.exe	Unicorn-25456.exe
PID 2732 wrote to memory of 2476	2732	Unicorn-36425.exe	Unicorn-25456.exe
PID 2732 wrote to memory of 2476	2732	Unicorn-36425.exe	Unicorn-25456.exe
PID 2732 wrote to memory of 2476	2732	Unicorn-36425.exe	Unicorn-25456.exe
PID 2308 wrote to memory of 2484	2308	Unicorn-46971.exe	WerFault.exe
PID 2308 wrote to memory of 2484	2308	Unicorn-46971.exe	WerFault.exe
PID 2308 wrote to memory of 2484	2308	Unicorn-46971.exe	WerFault.exe
PID 2308 wrote to memory of 2484	2308	Unicorn-46971.exe	WerFault.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-60266.exe	Unicorn-30656.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-60266.exe	Unicorn-30656.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-60266.exe	Unicorn-30656.exe
PID 2668 wrote to memory of 2148	2668	Unicorn-60266.exe	Unicorn-30656.exe
PID 960 wrote to memory of 952	960	Unicorn-56291.exe	Unicorn-49685.exe
PID 960 wrote to memory of 952	960	Unicorn-56291.exe	Unicorn-49685.exe
PID 960 wrote to memory of 952	960	Unicorn-56291.exe	Unicorn-49685.exe
PID 960 wrote to memory of 952	960	Unicorn-56291.exe	Unicorn-49685.exe
PID 2476 wrote to memory of 2952	2476	Unicorn-25456.exe	Unicorn-34740.exe
PID 2476 wrote to memory of 2952	2476	Unicorn-25456.exe	Unicorn-34740.exe
PID 2476 wrote to memory of 2952	2476	Unicorn-25456.exe	Unicorn-34740.exe
PID 2476 wrote to memory of 2952	2476	Unicorn-25456.exe	Unicorn-34740.exe
PID 2708 wrote to memory of 1976	2708	Unicorn-40400.exe	Unicorn-34740.exe
PID 2708 wrote to memory of 1976	2708	Unicorn-40400.exe	Unicorn-34740.exe
PID 2708 wrote to memory of 1976	2708	Unicorn-40400.exe	Unicorn-34740.exe
PID 2708 wrote to memory of 1976	2708	Unicorn-40400.exe	Unicorn-34740.exe
PID 2732 wrote to memory of 2816	2732	Unicorn-36425.exe	Unicorn-53769.exe
PID 2732 wrote to memory of 2816	2732	Unicorn-36425.exe	Unicorn-53769.exe
PID 2732 wrote to memory of 2816	2732	Unicorn-36425.exe	Unicorn-53769.exe
PID 2732 wrote to memory of 2816	2732	Unicorn-36425.exe	Unicorn-53769.exe
PID 960 wrote to memory of 2740	960	Unicorn-56291.exe	WerFault.exe
PID 960 wrote to memory of 2740	960	Unicorn-56291.exe	WerFault.exe
PID 960 wrote to memory of 2740	960	Unicorn-56291.exe	WerFault.exe
PID 960 wrote to memory of 2740	960	Unicorn-56291.exe	WerFault.exe
PID 2732 wrote to memory of 2636	2732	Unicorn-36425.exe	WerFault.exe
PID 2732 wrote to memory of 2636	2732	Unicorn-36425.exe	WerFault.exe
PID 2732 wrote to memory of 2636	2732	Unicorn-36425.exe	WerFault.exe
PID 2732 wrote to memory of 2636	2732	Unicorn-36425.exe	WerFault.exe
PID 2668 wrote to memory of 1532	2668	Unicorn-60266.exe	Unicorn-2705.exe
PID 2668 wrote to memory of 1532	2668	Unicorn-60266.exe	Unicorn-2705.exe
PID 2668 wrote to memory of 1532	2668	Unicorn-60266.exe	Unicorn-2705.exe
PID 2668 wrote to memory of 1532	2668	Unicorn-60266.exe	Unicorn-2705.exe

C:\Users\Admin\AppData\Local\Temp\75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe
"C:\Users\Admin\AppData\Local\Temp\75547700bee5d400f6a5fbed8f0fcac2782ca63959b543e7be3ea79995ce9735.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31014.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1439.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45077.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
10⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
11⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
12⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-5186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5186.exe
13⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35711.exe
14⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19051.exe
15⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 204
15⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
14⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
13⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
12⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
11⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9773.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60121.exe
11⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57724.exe
12⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58134.exe
13⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
14⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 220
14⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 236
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
12⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
11⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 220
10⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
9⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35669.exe
10⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-24927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24927.exe
11⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45918.exe
12⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
13⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
14⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
14⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
13⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 220
12⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
11⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
10⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
9⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55938.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27226.exe
9⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37807.exe
10⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35726.exe
11⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52825.exe
12⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
13⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
14⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
14⤵
PID:13668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
12⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
11⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22025.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58476.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3240.exe
11⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39795.exe
12⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
13⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 220
13⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
9⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
8⤵
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10266.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
9⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
10⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38487.exe
11⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59177.exe
12⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63972.exe
13⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
13⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
12⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49623.exe
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64008.exe
11⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
12⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-60254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60254.exe
13⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 220
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15528.exe
8⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50059.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48985.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
11⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58326.exe
12⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
13⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 216
13⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
9⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
7⤵
- Program crash
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19316.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9607.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49161.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
9⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62311.exe
10⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54200.exe
11⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9462.exe
12⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
13⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 208
14⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 220
13⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
12⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
11⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 216
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50614.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
10⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19468.exe
11⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
12⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46461.exe
13⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 216
13⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 220
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
11⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 220
9⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
8⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29295.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
8⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44984.exe
10⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44460.exe
11⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11873.exe
12⤵
PID:12164

C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49632.exe
13⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 236
11⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 220
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47319.exe
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8035.exe
10⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
11⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
12⤵
PID:11380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48262.exe
13⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 236
12⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 236
11⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
8⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
7⤵
- Program crash
PID:1832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
6⤵
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-26930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26930.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62892.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40993.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55430.exe
9⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
10⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50635.exe
11⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35918.exe
12⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
12⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44979.exe
13⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
14⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58599.exe
15⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 216
15⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
14⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
13⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 220
12⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
11⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38745.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35233.exe
11⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
12⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3614.exe
13⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
14⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
14⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
13⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
12⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5622.exe
11⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
12⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43744.exe
13⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9590.exe
14⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
12⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
9⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-4838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4838.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27994.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34107.exe
10⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35425.exe
11⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
12⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40371.exe
13⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45501.exe
14⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
14⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
12⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
11⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
10⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35237.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20651.exe
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
11⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
12⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18475.exe
13⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 216
13⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 220
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 236
11⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
9⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51854.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50630.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
11⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30122.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53036.exe
13⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
13⤵
PID:14064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 216
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
11⤵
PID:9924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 216
8⤵
- Program crash
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
7⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36909.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
8⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34024.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43894.exe
11⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
12⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62929.exe
13⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33441.exe
14⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
14⤵
PID:13708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
11⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22601.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11413.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
11⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7698.exe
12⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64551.exe
13⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
13⤵
PID:13700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 220
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57329.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30023.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46302.exe
11⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3998.exe
12⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
13⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 204
13⤵
PID:13956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 220
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
9⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
8⤵
- Program crash
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-58123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58123.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19826.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28461.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62259.exe
10⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56167.exe
12⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
13⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 236
13⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 220
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32907.exe
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12482.exe
9⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50194.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9452.exe
11⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6990.exe
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 204
12⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
10⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
8⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
7⤵
- Program crash
PID:1208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
6⤵
- Program crash
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35015.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33536.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26411.exe
8⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
9⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
10⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56146.exe
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62555.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
13⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
14⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 220
14⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
13⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
12⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
10⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2560.exe
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
11⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
13⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 220
13⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
11⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3276.exe
8⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55653.exe
10⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56141.exe
11⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
12⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
13⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
12⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
11⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
10⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
9⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
8⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10821.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4475.exe
8⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29639.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16483.exe
10⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5508.exe
11⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13017.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40125.exe
13⤵
PID:13716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
13⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
12⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
11⤵
PID:9636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48668.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18705.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34974.exe
10⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
11⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53041.exe
12⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 216
12⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 236
11⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
8⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 220
7⤵
- Program crash
PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
6⤵
- Program crash
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44994.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
7⤵
PID:1588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
- Program crash
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
7⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21471.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47309.exe
10⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3095.exe
11⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33109.exe
12⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
12⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
11⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
10⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
8⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
7⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14905.exe
6⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8559.exe
7⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33723.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7137.exe
9⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22893.exe
10⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
11⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3269.exe
12⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
12⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 236
10⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 236
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13743.exe
8⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
9⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19951.exe
10⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52299.exe
11⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 204
11⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
10⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
9⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
8⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
7⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
6⤵
- Program crash
PID:2800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 240
5⤵
- Program crash
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34688.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30879.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
9⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50936.exe
10⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26899.exe
11⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
11⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3951.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18202.exe
12⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20042.exe
13⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7421.exe
14⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
12⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
11⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2202.exe
10⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25742.exe
11⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
12⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62026.exe
13⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35439.exe
14⤵
PID:13944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
14⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
13⤵
PID:280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 216
12⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
11⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
10⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
9⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17666.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
9⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38959.exe
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65404.exe
11⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
12⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26072.exe
13⤵
PID:12224

C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31926.exe
14⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
13⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
12⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
11⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 236
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47013.exe
10⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
11⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24266.exe
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
12⤵
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
11⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
9⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
8⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
8⤵
- Program crash
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53717.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51538.exe
8⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15248.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9275.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
11⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2161.exe
12⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
13⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
13⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 220
12⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30193.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-993.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17621.exe
11⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
12⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 204
12⤵
PID:13948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
11⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
8⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-946.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11356.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60230.exe
9⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 188
10⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
7⤵
- Program crash
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
6⤵
- Program crash
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9586.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4791.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
7⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49540.exe
8⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11216.exe
9⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9369.exe
10⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
11⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
11⤵
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
10⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
9⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
8⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
7⤵
- Program crash
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
6⤵
- Program crash
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
5⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15149.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28741.exe
7⤵
- Executes dropped EXE
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8751.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56966.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49348.exe
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-718.exe
11⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36588.exe
12⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12361.exe
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
13⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
12⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
11⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
10⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49353.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20376.exe
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43313.exe
10⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
11⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57478.exe
12⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
12⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
11⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 236
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
8⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58507.exe
7⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35067.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
11⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36103.exe
12⤵
PID:11372

C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34199.exe
13⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58180.exe
8⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49260.exe
9⤵
PID:6256

C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
10⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3513.exe
11⤵
PID:12260

C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
12⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
11⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6256 -s 236
10⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
9⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
8⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
7⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12767.exe
6⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
7⤵
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32462.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10370.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40900.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7511.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52906.exe
12⤵
PID:12100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61884.exe
13⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
11⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
9⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33483.exe
8⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 220
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13473.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12508.exe
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
9⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53915.exe
10⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
11⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14141.exe
12⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
12⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 216
11⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
10⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
9⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
8⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 220
7⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
6⤵
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55855.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4044.exe
6⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13665.exe
7⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61709.exe
8⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1621.exe
9⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29878.exe
10⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26373.exe
11⤵
PID:11912

C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49933.exe
12⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 236
11⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
10⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
9⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
8⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
7⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
6⤵
- Program crash
PID:3496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
5⤵
- Program crash
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29452.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58315.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38855.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19058.exe
9⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43837.exe
10⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59291.exe
11⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51969.exe
12⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31684.exe
13⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51474.exe
14⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
14⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
12⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62866.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
11⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37055.exe
12⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11160 -s 220
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 220
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
8⤵
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
9⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
8⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57884.exe
7⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47454.exe
8⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2996.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
11⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17237.exe
12⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
13⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
13⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
11⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17941.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45347.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64392.exe
10⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42893.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54629.exe
12⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 204
12⤵
PID:13964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 216
11⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
8⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
7⤵
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33104.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2700.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35970.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30490.exe
9⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13162.exe
10⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5477.exe
11⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
12⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 236
11⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
8⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
7⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
6⤵
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13670.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12212.exe
7⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53868.exe
8⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-54143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54143.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-51569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51569.exe
10⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40947.exe
12⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
13⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
13⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 220
11⤵
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
10⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
9⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 236
8⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38086.exe
7⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19525.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39810.exe
9⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28020.exe
10⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14496.exe
11⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47722.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
12⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 220
11⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
10⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
8⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
7⤵
- Program crash
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
6⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-583.exe
7⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41279.exe
10⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59888.exe
11⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30971.exe
12⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
12⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
11⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
9⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
8⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58782.exe
7⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
8⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
9⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57283.exe
10⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31770.exe
11⤵
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
11⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 236
10⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 220
9⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
8⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
6⤵
- Program crash
PID:1972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
5⤵
- Program crash
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54044.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60178.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8045.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4236.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
8⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10728.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18015.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56816.exe
12⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31220.exe
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
13⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
12⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
9⤵
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-3551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3551.exe
8⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13982.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
10⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33874.exe
11⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 236
10⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
8⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5030.exe
7⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13110.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4314.exe
9⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11299.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3038.exe
11⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2522.exe
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 220
12⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 220
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
8⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15097.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20812.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17444.exe
9⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64885.exe
10⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50293.exe
11⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
12⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
7⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25612.exe
8⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 188
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
8⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 240
6⤵
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-624.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12404.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
7⤵
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50360.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61600.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
10⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
11⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
12⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
12⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 236
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3852.exe
7⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24298.exe
9⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48539.exe
10⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64167.exe
11⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
11⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
10⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
9⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
7⤵
- Program crash
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33426.exe
6⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40630.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
8⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33775.exe
9⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48264.exe
10⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6715.exe
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
11⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
10⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
9⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
8⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
7⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
6⤵
- Program crash
PID:3292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
5⤵
- Program crash
PID:812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64262.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 220
6⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59747.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65497.exe
6⤵
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
7⤵
- Program crash
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54231.exe
6⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27501.exe
7⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
8⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-4802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4802.exe
9⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
10⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
11⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
11⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
10⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
9⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
8⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
7⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
6⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
5⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
4⤵
- Program crash
PID:2192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
2⤵
- Program crash
PID:2660

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1567.exe
Filesize
184KB

MD5
54139676bd0cf329c3e5714fff065770

SHA1
6d9cd85ae9403fd4180e097007413b57dbf6d3c5

SHA256
8e470dcc5917b069cae31d86a22d3b3f3ede0fa2160bc0b9e39035e6c422f35e

SHA512
1c73886aaec75f84714989a951d98a035089e777d3ec3f964675375b3c24fff3c5a9ef9bfd92ab9d837137d3b4bca944cf1647d09c56ae7ae8911929cc696bf0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
Filesize
184KB

MD5
58c88139ea72bfe62531bde713def844

SHA1
0f7c5aaccd1d05396c71633e7993ca642412aacc

SHA256
4e87c9893929779bc983e1cb2d8c0506e85784f4fcc6a678fbca4554f1fc632c

SHA512
d05a56189801d31c4c2b64572dce1eef786721eb307a903c403463dc8bb52763a97ea2443ceb192ce46864f57b8f2171694a0d3b6b3b5834e3281db37427e015

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33111.exe
Filesize
184KB

MD5
8fc0ff0205a87da2f0eedbc4161f5bb2

SHA1
4a4154e189a04820497a3da364e77826a1eecafb

SHA256
27b9651993578729efcee92c8d91f16dc47aa70d366676631007a9811e6f8850

SHA512
4f6b42589cb8340f930268137670e66fe17c5f22ad52d2cdcf60d0507092cfd82c9c98323fb821f4aa2a77155229be7680e61c8c9f64a9d0011eb4f66e686b4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34740.exe
Filesize
184KB

MD5
a90600c026d12931728475fd838b0647

SHA1
ca56e4e2f76c56256f185a1327da4a9d381acaa0

SHA256
2b4383c5dac0e07449cd02707ba7a4cb0e6e6f1e0a608c163dc130dbdadf2ac1

SHA512
a4b13235df6e84939b163b095125503ad5a3c1e612c84f92ee5d0bfad8e9fe580ebcfae40b9216dd521e24fb881cf2fb221d6c8fa27cd9bf4fa41274d8773bb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40817.exe
Filesize
184KB

MD5
51dc9ed38124b7777657ae14953c7c4f

SHA1
dad37b4cd82105b28010fcc511173ebaccf2957c

SHA256
3646d2ec7a0ef69cb1828e6bd6bea37c40194729cc099f2ffdfb8013b0087f4d

SHA512
e1e8ed98b7a7cd9a6051661e3b9611d246b4ed009558d287888ada6ac33390d20fd56cf408a11dd33322202563d1f81b85fa9990c478323fa78a20c5f4ba520f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22571.exe
Filesize
184KB

MD5
906972c2a9f90060922b694e7922ac03

SHA1
54f4c695d549449534222977287c720a2603dec9

SHA256
55e80b2ccfbb57da2f104bf9fe44906b37717ad26bc2ac07812eedf618c02299

SHA512
d33936e8e2c73fedf210ee8ba35430d0b9ff2c441116fc8bbe482b92f4d793be0d03b3aab69ac9157ed2ca03dc8e1157a4e1ad370b1446b7f76c6c8e4b6a2145

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25456.exe
Filesize
184KB

MD5
75a015b41a5add4cdbd156e7568da75a

SHA1
244a87ade1f195a3dfa9ddeccea9656e9169a30e

SHA256
162c610b459a9263f077d6b721bc1adb3491e117bad842a117e382018beb654b

SHA512
e658d139ae95d4aa5d1b9c0a891313b012b96c230bbfecaf26dc8183f7c3efe2fafb1a6aae469cbce6153f0dfd07ec4d93c304072443ad49b4e975c8089a9644

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2705.exe
Filesize
184KB

MD5
46a3bb384dbe3d753c6e713f51453531

SHA1
0de5ab99bba15bf04cb9bf1f24a1ead22e7d2b45

SHA256
c97d141aeff9308e40d8c911ca64142346c6f93538fafcefc4aae764d9ead292

SHA512
8161749f047e3541addf1c4d40a4c2cc85033789b3d4182f58a7ff573bbd5eb54b4dd9d469a9ced772d23036f615547bcba1f32f1d454d11f3f92c31b5bd967a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30656.exe
Filesize
184KB

MD5
42bb2f57706f621de68f4a6981ebe8a3

SHA1
7a779021e89151835e8bda0986ae23b3d5e0b840

SHA256
a6949c2e4c591a9e5dcb722517d94c32558ea86d6938215d8714215aed212db4

SHA512
5536f622ea569bd95543685492a092bfa65c39b0cb9e6e95d2217d78a43cd5c969d8fa9ff46184cd81a3b9000077b422edab498901946a89c7dcdabd1192366e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36425.exe
Filesize
184KB

MD5
28732be5d888f0421d6a76f3e1c4f5ae

SHA1
9c94bf287f944a602384fe840b5e56bf16386d73

SHA256
0b11f4da7fd3ed815dd5743a5f1cf77ea24d3a98d62ae32adc68a07fa79c2550

SHA512
8592595532b88fed5a81ccb89f1ea767effb04d9fcfd565d2c26567fe012f23dff794acfdaa06f2c6ab7b25ca07d98a061501372d26a23ff27050b7eebb32ac2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40400.exe
Filesize
184KB

MD5
b5a0b09e479650b405cbd9b8ee6fcd60

SHA1
a5174f5fd860b7d4f381a5e16e1fb4dc066246e4

SHA256
c6d3488f7ce9361d31d25dbfbc2d5e075017a154e59867cfbc90eb8e0c84d757

SHA512
27bac6fa8e7eae77f085cfe18a246ca53d14bf813580beb4c7b76c54435842386db745131700dc46085d6480fad295d0597f0c034a36b2c778535ffed6092e7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4288.exe
Filesize
184KB

MD5
7b81e34275e482d6048e9c4cfa3f3e08

SHA1
369d7f476f02bb996d1ded1a56a3f6269204233e

SHA256
1557e3a24076b8c285db7c3834b1a6dca9c8b4c778b3727c5b5a211eaa93b2fc

SHA512
27487fa0125e6fc2e0991238424211e7219f8c0ff1404cc8c4ce0944fd12875fb72369c753987c9a7d0f74abbbc8741c8608a8a94ccc7641ff7e1d091aa57744

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46971.exe
Filesize
184KB

MD5
4254e5f1f6f8be77c7011fc5bd3d44ce

SHA1
ed13249f57d1bf68345365a5b73abaf6ea15f4e8

SHA256
41c06f4c0b94a68468ffd1fde1e9b0b8b84ce08355ba527e9416bdd644c72e04

SHA512
a8efdc66151a5f1c5e2cda4bfc25426e72f01c34adf7d05140e8db3e915e2ad803ea807327dde72a15c39652a43ea45db0aee653650fad5fa0088a49ce67dc44

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49685.exe
Filesize
184KB

MD5
87092b470fd5ff19841558ecfb2de630

SHA1
66c5a79a07e7d14cce7a6d51171e0ad1baad351a

SHA256
181b4685d923b3adaea4be0e556361ac03b06b5dac46527279da28c5c47268ba

SHA512
70aaf1a9a1c105509b295d67f1e1b1a34b636047100178f3b92ce55f9d117b072db193db2422a0ba4da59cd4db02e010d06a47941a651cf8214a9b94db84fa62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
Filesize
184KB

MD5
5853de2a514ba288a0a806cd41290b2a

SHA1
9c4cb752a8b96b0f36837e8519e2d69431321095

SHA256
76959c2e1d148428bbc08c25fe4ef8909630716b3449a7b5dd2b0398a3ea3342

SHA512
08c1b3f9ee245ac056d6f748a5d6b9afd37b91f4c58fea284d1f85dbad18a839bea775dbde8f9638337ef0513dc7f9b754c6a09c9dacadccba0312621f807e3c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
Filesize
184KB

MD5
b8aeef3c50b17b1eee22c54b4e7674a7

SHA1
7d2f942e48387075e31cf672fb7396b21dcf4309

SHA256
707c3247a19bbe084d7f8b69e9aaa6156f19f8ab487599fb5d32d1af2a5c8546

SHA512
af2c74fdbb46dcf6165ceda2509940baf5f27912d926695ad8baaf3c586127180e0f3318ed42e2c40c6aa97192bcbbdb8f5da0d90f139fabe2d7e9730d180e21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60266.exe
Filesize
184KB

MD5
a78e74505eeb28cb03bc91b56dd54d03

SHA1
0cad88972451234391f8ac4c1477537c1301669e

SHA256
85783958470c6f4d948bc6cf4ff5741618397b5ea74f16f5354207d468b02368

SHA512
b4c02548c8bae896bb1d0a54a0f444ffba7160b9a12018d0cf0b7a47a3c12525e0fefc38c46b05a4733fabb346a1d4034f4a14b3bfc299e2a4aea38015c81f01

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads