8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
Size

184KB
MD5

528ac5c2df3416f965267867ed326af6
SHA1

28f73a4354b2c3e19f02f4be582ff34c52a9f177
SHA256

8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501
SHA512

8e613b37f1315e9c463bbae0fe3d6a3df465ffb8f869aae376e24c8acf3b28de03d353275dc0945af9838e463a86c67260713f430647b63eaac5627b7fb501ce
SSDEEP

3072:P3e3f8oTobhed5WWe8wLRssehlnViFFn3:P3Voia5WfLusehlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-22490.exeUnicorn-32879.exeUnicorn-60076.exeUnicorn-56916.exeUnicorn-11244.exeUnicorn-11244.exeUnicorn-42054.exeUnicorn-52915.exeUnicorn-42054.exeUnicorn-65167.exeUnicorn-54306.exeUnicorn-29008.exeUnicorn-5058.exeUnicorn-15687.exeUnicorn-22786.exeUnicorn-5380.exeUnicorn-64373.exeUnicorn-29562.exeUnicorn-18702.exeUnicorn-62510.exeUnicorn-16839.exeUnicorn-63901.exeUnicorn-52204.exeUnicorn-6532.exeUnicorn-15276.exeUnicorn-26137.exeUnicorn-31613.exeUnicorn-31613.exeUnicorn-42473.exeUnicorn-62339.exeUnicorn-7663.exeUnicorn-51732.exeUnicorn-33834.exeUnicorn-9884.exeUnicorn-61031.exeUnicorn-46086.exeUnicorn-38472.exeUnicorn-23528.exeUnicorn-35972.exeUnicorn-17498.exeUnicorn-28358.exeUnicorn-59085.exeUnicorn-13413.exeUnicorn-21582.exeUnicorn-21582.exeUnicorn-33642.exeUnicorn-13776.exeUnicorn-64368.exeUnicorn-44503.exeUnicorn-61592.exeUnicorn-26782.exeUnicorn-37642.exeUnicorn-6916.exeUnicorn-4223.exeUnicorn-8307.exeUnicorn-16668.exeUnicorn-43865.exeUnicorn-63730.exeUnicorn-59646.exeUnicorn-4970.exeUnicorn-14529.exeUnicorn-56117.exeUnicorn-21306.exeUnicorn-26590.exe

pid	process
2056	Unicorn-22490.exe
2968	Unicorn-32879.exe
2644	Unicorn-60076.exe
2216	Unicorn-56916.exe
2660	Unicorn-11244.exe
2888	Unicorn-11244.exe
1840	Unicorn-42054.exe
2672	Unicorn-52915.exe
2024	Unicorn-42054.exe
896	Unicorn-65167.exe
2800	Unicorn-54306.exe
552	Unicorn-29008.exe
1700	Unicorn-5058.exe
1540	Unicorn-15687.exe
2848	Unicorn-22786.exe
1264	Unicorn-5380.exe
2656	Unicorn-64373.exe
608	Unicorn-29562.exe
592	Unicorn-18702.exe
2408	Unicorn-62510.exe
3064	Unicorn-16839.exe
1760	Unicorn-63901.exe
1564	Unicorn-52204.exe
1356	Unicorn-6532.exe
1044	Unicorn-15276.exe
1892	Unicorn-26137.exe
2268	Unicorn-31613.exe
1636	Unicorn-31613.exe
1776	Unicorn-42473.exe
2164	Unicorn-62339.exe
1168	Unicorn-7663.exe
1976	Unicorn-51732.exe
2588	Unicorn-33834.exe
2288	Unicorn-9884.exe
2724	Unicorn-61031.exe
2788	Unicorn-46086.exe
2604	Unicorn-38472.exe
2436	Unicorn-23528.exe
2504	Unicorn-35972.exe
2704	Unicorn-17498.exe
1996	Unicorn-28358.exe
1672	Unicorn-59085.exe
2692	Unicorn-13413.exe
2228	Unicorn-21582.exe
2256	Unicorn-21582.exe
1908	Unicorn-33642.exe
932	Unicorn-13776.exe
852	Unicorn-64368.exe
1696	Unicorn-44503.exe
812	Unicorn-61592.exe
1508	Unicorn-26782.exe
1456	Unicorn-37642.exe
1004	Unicorn-6916.exe
1804	Unicorn-4223.exe
1932	Unicorn-8307.exe
1252	Unicorn-16668.exe
2004	Unicorn-43865.exe
888	Unicorn-63730.exe
1968	Unicorn-59646.exe
2804	Unicorn-4970.exe
2824	Unicorn-14529.exe
2532	Unicorn-56117.exe
2448	Unicorn-21306.exe
2516	Unicorn-26590.exe

Loads dropped DLL 64 IoCs

Processes:

8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exeUnicorn-22490.exeUnicorn-60076.exeUnicorn-32879.exeWerFault.exeUnicorn-56916.exeUnicorn-11244.exeUnicorn-11244.exeWerFault.exeWerFault.exeUnicorn-42054.exeUnicorn-52915.exeUnicorn-65167.exeUnicorn-54306.exeUnicorn-42054.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
2056	Unicorn-22490.exe
2056	Unicorn-22490.exe
2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
2644	Unicorn-60076.exe
2968	Unicorn-32879.exe
2644	Unicorn-60076.exe
2056	Unicorn-22490.exe
2056	Unicorn-22490.exe
2968	Unicorn-32879.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2896	WerFault.exe
2216	Unicorn-56916.exe
2888	Unicorn-11244.exe
2216	Unicorn-56916.exe
2888	Unicorn-11244.exe
2968	Unicorn-32879.exe
2968	Unicorn-32879.exe
2660	Unicorn-11244.exe
2660	Unicorn-11244.exe
2644	Unicorn-60076.exe
2644	Unicorn-60076.exe
1680	WerFault.exe
1216	WerFault.exe
1680	WerFault.exe
1216	WerFault.exe
1680	WerFault.exe
1216	WerFault.exe
1680	WerFault.exe
1216	WerFault.exe
1680	WerFault.exe
1216	WerFault.exe
1840	Unicorn-42054.exe
1840	Unicorn-42054.exe
2216	Unicorn-56916.exe
2216	Unicorn-56916.exe
2672	Unicorn-52915.exe
2672	Unicorn-52915.exe
896	Unicorn-65167.exe
896	Unicorn-65167.exe
2800	Unicorn-54306.exe
2660	Unicorn-11244.exe
2800	Unicorn-54306.exe
2660	Unicorn-11244.exe
2888	Unicorn-11244.exe
2024	Unicorn-42054.exe
2888	Unicorn-11244.exe
2024	Unicorn-42054.exe
3000	WerFault.exe
3000	WerFault.exe
1116	WerFault.exe
1116	WerFault.exe
3000	WerFault.exe
1116	WerFault.exe
3000	WerFault.exe
1116	WerFault.exe
1116	WerFault.exe
3000	WerFault.exe
1712	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2744	2196	WerFault.exe	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
2896	2056	WerFault.exe	Unicorn-22490.exe
1680	2968	WerFault.exe	Unicorn-32879.exe
1216	2644	WerFault.exe	Unicorn-60076.exe
3000	2216	WerFault.exe	Unicorn-56916.exe
1116	2888	WerFault.exe	Unicorn-11244.exe
1712	2660	WerFault.exe	Unicorn-11244.exe
2064	1840	WerFault.exe	Unicorn-42054.exe
1612	2672	WerFault.exe	Unicorn-52915.exe
2152	896	WerFault.exe	Unicorn-65167.exe
3048	2800	WerFault.exe	Unicorn-54306.exe
2520	2024	WerFault.exe	Unicorn-42054.exe
1164	552	WerFault.exe	Unicorn-29008.exe
2420	1700	WerFault.exe	Unicorn-5058.exe
1392	1540	WerFault.exe	Unicorn-15687.exe
540	2848	WerFault.exe	Unicorn-22786.exe
2404	2656	WerFault.exe	Unicorn-64373.exe
992	608	WerFault.exe	Unicorn-29562.exe
1328	592	WerFault.exe	Unicorn-18702.exe
2340	3064	WerFault.exe	Unicorn-16839.exe
2168	2408	WerFault.exe	Unicorn-62510.exe
1600	1760	WerFault.exe	Unicorn-63901.exe
3040	1564	WerFault.exe	Unicorn-52204.exe
2584	1044	WerFault.exe	Unicorn-15276.exe
2264	1356	WerFault.exe	Unicorn-6532.exe
2664	1892	WerFault.exe	Unicorn-26137.exe
2616	1168	WerFault.exe	Unicorn-7663.exe
2468	1636	WerFault.exe	Unicorn-31613.exe
2820	2164	WerFault.exe	Unicorn-62339.exe
2948	2268	WerFault.exe	Unicorn-31613.exe
1048	1776	WerFault.exe	Unicorn-42473.exe
976	1976	WerFault.exe	Unicorn-51732.exe
472	2588	WerFault.exe	Unicorn-33834.exe
1000	2724	WerFault.exe	Unicorn-61031.exe
3092	2604	WerFault.exe	Unicorn-38472.exe
3124	2704	WerFault.exe	Unicorn-17498.exe
3168	1672	WerFault.exe	Unicorn-59085.exe
3276	1996	WerFault.exe	Unicorn-28358.exe
3296	2436	WerFault.exe	Unicorn-23528.exe
3304	1696	WerFault.exe	Unicorn-44503.exe
3352	2788	WerFault.exe	Unicorn-46086.exe
3452	852	WerFault.exe	Unicorn-64368.exe
3468	2228	WerFault.exe	Unicorn-21582.exe
3712	2504	WerFault.exe	Unicorn-35972.exe
3780	2288	WerFault.exe	Unicorn-9884.exe
3796	1908	WerFault.exe	Unicorn-33642.exe
3832	2256	WerFault.exe	Unicorn-21582.exe
3848	2692	WerFault.exe	Unicorn-13413.exe
4072	932	WerFault.exe	Unicorn-13776.exe
3748	2824	WerFault.exe	Unicorn-14529.exe
3948	2004	WerFault.exe	Unicorn-43865.exe
3980	888	WerFault.exe	Unicorn-63730.exe
3976	1804	WerFault.exe	Unicorn-4223.exe
3408	2352	WerFault.exe	Unicorn-48826.exe
3388	2424	WerFault.exe	Unicorn-8115.exe
3416	1912	WerFault.exe	Unicorn-45619.exe
3696	688	WerFault.exe	Unicorn-22183.exe
3720	2532	WerFault.exe	Unicorn-56117.exe
3788	2448	WerFault.exe	Unicorn-21306.exe
4024	812	WerFault.exe	Unicorn-61592.exe
4160	1508	WerFault.exe	Unicorn-26782.exe
4204	2012	WerFault.exe	Unicorn-10336.exe
4224	1648	WerFault.exe	Unicorn-10891.exe
4268	1104	WerFault.exe	Unicorn-32812.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exeUnicorn-22490.exeUnicorn-32879.exeUnicorn-60076.exeUnicorn-56916.exeUnicorn-11244.exeUnicorn-11244.exeUnicorn-42054.exeUnicorn-52915.exeUnicorn-42054.exeUnicorn-54306.exeUnicorn-65167.exeUnicorn-29008.exeUnicorn-5058.exeUnicorn-15687.exeUnicorn-22786.exeUnicorn-5380.exeUnicorn-64373.exeUnicorn-29562.exeUnicorn-18702.exeUnicorn-62510.exeUnicorn-16839.exeUnicorn-63901.exeUnicorn-52204.exeUnicorn-6532.exeUnicorn-15276.exeUnicorn-26137.exeUnicorn-42473.exeUnicorn-62339.exeUnicorn-31613.exeUnicorn-31613.exeUnicorn-7663.exeUnicorn-51732.exeUnicorn-33834.exeUnicorn-9884.exeUnicorn-61031.exeUnicorn-46086.exeUnicorn-38472.exeUnicorn-23528.exeUnicorn-35972.exeUnicorn-17498.exeUnicorn-28358.exeUnicorn-59085.exeUnicorn-13413.exeUnicorn-21582.exeUnicorn-21582.exeUnicorn-33642.exeUnicorn-64368.exeUnicorn-13776.exeUnicorn-44503.exeUnicorn-61592.exeUnicorn-26782.exeUnicorn-37642.exeUnicorn-4223.exeUnicorn-6916.exeUnicorn-8307.exeUnicorn-63730.exeUnicorn-16668.exeUnicorn-43865.exeUnicorn-59646.exeUnicorn-4970.exeUnicorn-14529.exeUnicorn-56117.exeUnicorn-21306.exe

pid	process
2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
2056	Unicorn-22490.exe
2968	Unicorn-32879.exe
2644	Unicorn-60076.exe
2216	Unicorn-56916.exe
2660	Unicorn-11244.exe
2888	Unicorn-11244.exe
1840	Unicorn-42054.exe
2672	Unicorn-52915.exe
2024	Unicorn-42054.exe
2800	Unicorn-54306.exe
896	Unicorn-65167.exe
552	Unicorn-29008.exe
1700	Unicorn-5058.exe
1540	Unicorn-15687.exe
2848	Unicorn-22786.exe
1264	Unicorn-5380.exe
2656	Unicorn-64373.exe
608	Unicorn-29562.exe
592	Unicorn-18702.exe
2408	Unicorn-62510.exe
3064	Unicorn-16839.exe
1760	Unicorn-63901.exe
1564	Unicorn-52204.exe
1356	Unicorn-6532.exe
1044	Unicorn-15276.exe
1892	Unicorn-26137.exe
1776	Unicorn-42473.exe
2164	Unicorn-62339.exe
1636	Unicorn-31613.exe
2268	Unicorn-31613.exe
1168	Unicorn-7663.exe
1976	Unicorn-51732.exe
2588	Unicorn-33834.exe
2288	Unicorn-9884.exe
2724	Unicorn-61031.exe
2788	Unicorn-46086.exe
2604	Unicorn-38472.exe
2436	Unicorn-23528.exe
2504	Unicorn-35972.exe
2704	Unicorn-17498.exe
1996	Unicorn-28358.exe
1672	Unicorn-59085.exe
2692	Unicorn-13413.exe
2256	Unicorn-21582.exe
2228	Unicorn-21582.exe
1908	Unicorn-33642.exe
852	Unicorn-64368.exe
932	Unicorn-13776.exe
1696	Unicorn-44503.exe
812	Unicorn-61592.exe
1508	Unicorn-26782.exe
1456	Unicorn-37642.exe
1804	Unicorn-4223.exe
1004	Unicorn-6916.exe
1932	Unicorn-8307.exe
888	Unicorn-63730.exe
1252	Unicorn-16668.exe
2004	Unicorn-43865.exe
1968	Unicorn-59646.exe
2804	Unicorn-4970.exe
2824	Unicorn-14529.exe
2532	Unicorn-56117.exe
2448	Unicorn-21306.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exeUnicorn-22490.exeUnicorn-60076.exeUnicorn-32879.exeUnicorn-56916.exeUnicorn-11244.exeUnicorn-11244.exeUnicorn-42054.exe

description	pid	process	target process
PID 2196 wrote to memory of 2056	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-22490.exe
PID 2196 wrote to memory of 2056	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-22490.exe
PID 2196 wrote to memory of 2056	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-22490.exe
PID 2196 wrote to memory of 2056	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-22490.exe
PID 2056 wrote to memory of 2968	2056	Unicorn-22490.exe	Unicorn-32879.exe
PID 2056 wrote to memory of 2968	2056	Unicorn-22490.exe	Unicorn-32879.exe
PID 2056 wrote to memory of 2968	2056	Unicorn-22490.exe	Unicorn-32879.exe
PID 2056 wrote to memory of 2968	2056	Unicorn-22490.exe	Unicorn-32879.exe
PID 2196 wrote to memory of 2644	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-60076.exe
PID 2196 wrote to memory of 2644	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-60076.exe
PID 2196 wrote to memory of 2644	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-60076.exe
PID 2196 wrote to memory of 2644	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	Unicorn-60076.exe
PID 2196 wrote to memory of 2744	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	WerFault.exe
PID 2196 wrote to memory of 2744	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	WerFault.exe
PID 2196 wrote to memory of 2744	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	WerFault.exe
PID 2196 wrote to memory of 2744	2196	8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe	WerFault.exe
PID 2644 wrote to memory of 2660	2644	Unicorn-60076.exe	Unicorn-11244.exe
PID 2644 wrote to memory of 2660	2644	Unicorn-60076.exe	Unicorn-11244.exe
PID 2644 wrote to memory of 2660	2644	Unicorn-60076.exe	Unicorn-11244.exe
PID 2644 wrote to memory of 2660	2644	Unicorn-60076.exe	Unicorn-11244.exe
PID 2056 wrote to memory of 2216	2056	Unicorn-22490.exe	Unicorn-56916.exe
PID 2056 wrote to memory of 2216	2056	Unicorn-22490.exe	Unicorn-56916.exe
PID 2056 wrote to memory of 2216	2056	Unicorn-22490.exe	Unicorn-56916.exe
PID 2056 wrote to memory of 2216	2056	Unicorn-22490.exe	Unicorn-56916.exe
PID 2968 wrote to memory of 2888	2968	Unicorn-32879.exe	Unicorn-11244.exe
PID 2968 wrote to memory of 2888	2968	Unicorn-32879.exe	Unicorn-11244.exe
PID 2968 wrote to memory of 2888	2968	Unicorn-32879.exe	Unicorn-11244.exe
PID 2968 wrote to memory of 2888	2968	Unicorn-32879.exe	Unicorn-11244.exe
PID 2056 wrote to memory of 2896	2056	Unicorn-22490.exe	WerFault.exe
PID 2056 wrote to memory of 2896	2056	Unicorn-22490.exe	WerFault.exe
PID 2056 wrote to memory of 2896	2056	Unicorn-22490.exe	WerFault.exe
PID 2056 wrote to memory of 2896	2056	Unicorn-22490.exe	WerFault.exe
PID 2216 wrote to memory of 1840	2216	Unicorn-56916.exe	Unicorn-42054.exe
PID 2216 wrote to memory of 1840	2216	Unicorn-56916.exe	Unicorn-42054.exe
PID 2216 wrote to memory of 1840	2216	Unicorn-56916.exe	Unicorn-42054.exe
PID 2216 wrote to memory of 1840	2216	Unicorn-56916.exe	Unicorn-42054.exe
PID 2888 wrote to memory of 2024	2888	Unicorn-11244.exe	Unicorn-42054.exe
PID 2888 wrote to memory of 2024	2888	Unicorn-11244.exe	Unicorn-42054.exe
PID 2888 wrote to memory of 2024	2888	Unicorn-11244.exe	Unicorn-42054.exe
PID 2888 wrote to memory of 2024	2888	Unicorn-11244.exe	Unicorn-42054.exe
PID 2968 wrote to memory of 2672	2968	Unicorn-32879.exe	Unicorn-52915.exe
PID 2968 wrote to memory of 2672	2968	Unicorn-32879.exe	Unicorn-52915.exe
PID 2968 wrote to memory of 2672	2968	Unicorn-32879.exe	Unicorn-52915.exe
PID 2968 wrote to memory of 2672	2968	Unicorn-32879.exe	Unicorn-52915.exe
PID 2660 wrote to memory of 2800	2660	Unicorn-11244.exe	Unicorn-54306.exe
PID 2660 wrote to memory of 2800	2660	Unicorn-11244.exe	Unicorn-54306.exe
PID 2660 wrote to memory of 2800	2660	Unicorn-11244.exe	Unicorn-54306.exe
PID 2660 wrote to memory of 2800	2660	Unicorn-11244.exe	Unicorn-54306.exe
PID 2644 wrote to memory of 896	2644	Unicorn-60076.exe	Unicorn-65167.exe
PID 2644 wrote to memory of 896	2644	Unicorn-60076.exe	Unicorn-65167.exe
PID 2644 wrote to memory of 896	2644	Unicorn-60076.exe	Unicorn-65167.exe
PID 2644 wrote to memory of 896	2644	Unicorn-60076.exe	Unicorn-65167.exe
PID 2968 wrote to memory of 1680	2968	Unicorn-32879.exe	WerFault.exe
PID 2968 wrote to memory of 1680	2968	Unicorn-32879.exe	WerFault.exe
PID 2644 wrote to memory of 1216	2644	Unicorn-60076.exe	WerFault.exe
PID 2968 wrote to memory of 1680	2968	Unicorn-32879.exe	WerFault.exe
PID 2968 wrote to memory of 1680	2968	Unicorn-32879.exe	WerFault.exe
PID 2644 wrote to memory of 1216	2644	Unicorn-60076.exe	WerFault.exe
PID 2644 wrote to memory of 1216	2644	Unicorn-60076.exe	WerFault.exe
PID 2644 wrote to memory of 1216	2644	Unicorn-60076.exe	WerFault.exe
PID 1840 wrote to memory of 552	1840	Unicorn-42054.exe	Unicorn-29008.exe
PID 1840 wrote to memory of 552	1840	Unicorn-42054.exe	Unicorn-29008.exe
PID 1840 wrote to memory of 552	1840	Unicorn-42054.exe	Unicorn-29008.exe
PID 1840 wrote to memory of 552	1840	Unicorn-42054.exe	Unicorn-29008.exe

C:\Users\Admin\AppData\Local\Temp\8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe
"C:\Users\Admin\AppData\Local\Temp\8491a092a2976a156f6be270b365518f798077b8ce1e5bed8936aca776c74501.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18702.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61031.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8307.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
9⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64088.exe
10⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
11⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
12⤵
PID:7084

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
13⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
14⤵
PID:12036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53957.exe
15⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
14⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7084 -s 216
13⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 236
12⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16362.exe
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19600.exe
11⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14545.exe
12⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52937.exe
13⤵
PID:12508

C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15914.exe
14⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
12⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 236
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50554.exe
8⤵
PID:412

C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39584.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40518.exe
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50326.exe
11⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21104.exe
12⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13523.exe
13⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 220
13⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 412 -s 236
9⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
8⤵
- Program crash
PID:1000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
7⤵
- Program crash
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7663.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25111.exe
9⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
10⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
11⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
12⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-54784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54784.exe
13⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58235.exe
14⤵
PID:12308

C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45488.exe
15⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
14⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
11⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 216
10⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39152.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32667.exe
11⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-31131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31131.exe
12⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54530.exe
13⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 236
13⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 220
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13989.exe
8⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
9⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11374.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16331.exe
11⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26663.exe
12⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28381.exe
13⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 220
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
10⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
8⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-48826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48826.exe
7⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16928.exe
12⤵
PID:11808

C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41705.exe
13⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 236
11⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
10⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
9⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
8⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 220
7⤵
- Program crash
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
6⤵
- Program crash
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29562.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62339.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21582.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26590.exe
8⤵
- Executes dropped EXE
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
9⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11353.exe
11⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
12⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
13⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
14⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 220
14⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
13⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
12⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
11⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 216
10⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
10⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22496.exe
12⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17307.exe
13⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
13⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
11⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 220
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63486.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38017.exe
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17893.exe
11⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
12⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
13⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 220
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
11⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
8⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45619.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
8⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23331.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15183.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55033.exe
11⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63803.exe
12⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
13⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
13⤵
PID:14316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
11⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
9⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
8⤵
- Program crash
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
6⤵
- Program crash
PID:992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-15687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15687.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-17498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17498.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8115.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
9⤵
PID:280

C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
11⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18630.exe
12⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51458.exe
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
13⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
12⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
11⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 216
10⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
9⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1161.exe
8⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
11⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 200
12⤵
PID:9928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
9⤵
PID:4788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53787.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-606.exe
8⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14285.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40347.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36642.exe
11⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
12⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25457.exe
13⤵
PID:14116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10436 -s 216
13⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 236
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23885.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6854.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
11⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4587.exe
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 220
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 220
10⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
7⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59085.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3154.exe
7⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63102.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29382.exe
10⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5256.exe
11⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26196.exe
12⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
13⤵
PID:12652

C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
14⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
13⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
12⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
10⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
9⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4332.exe
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
11⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
12⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 220
11⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
10⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
8⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
7⤵
- Program crash
PID:3168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52204.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23528.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59646.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55837.exe
8⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30046.exe
9⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6823.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
12⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11001.exe
13⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
13⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 220
11⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30600.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-980.exe
10⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28910.exe
11⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64753.exe
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 220
12⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 220
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
7⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11483.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36066.exe
10⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21628.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32138.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42068.exe
12⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 236
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 236
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 220
10⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
9⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 216
8⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
7⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4970.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
7⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25194.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16554.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
10⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29896.exe
11⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45319.exe
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
12⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 220
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
7⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10523.exe
8⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
9⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54400.exe
10⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46559.exe
11⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
11⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
10⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
8⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
7⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
6⤵
- Program crash
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
5⤵
- Program crash
PID:1612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51732.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61592.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10336.exe
9⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10419.exe
10⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11052.exe
11⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25054.exe
12⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
13⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17359.exe
14⤵
PID:12372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54040.exe
15⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
14⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
13⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
12⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
11⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
10⤵
- Program crash
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16699.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47612.exe
11⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
12⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62978.exe
13⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
13⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
12⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
9⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10891.exe
8⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53590.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-41779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41779.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27384.exe
11⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
12⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16757.exe
13⤵
PID:12612

C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62784.exe
14⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
13⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
12⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 236
11⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
10⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 236
9⤵
- Program crash
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
8⤵
- Program crash
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6916.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43777.exe
8⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17410.exe
9⤵
PID:3964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 220
10⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2204.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
11⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38028.exe
12⤵
PID:13116

C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55002.exe
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 220
12⤵
PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
11⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
8⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9884.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4223.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23907.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64275.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7285.exe
11⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29569.exe
12⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55625.exe
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
13⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
9⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
8⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52495.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47856.exe
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41281.exe
10⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
11⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
12⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 220
11⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
10⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
7⤵
- Program crash
PID:3780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
6⤵
- Program crash
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62510.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33834.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49807.exe
8⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10995.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48686.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2687.exe
11⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25044.exe
12⤵
PID:9768

C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6725.exe
13⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9768 -s 216
13⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
11⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
10⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
10⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23861.exe
12⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34139.exe
13⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 236
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
11⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
10⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
8⤵
- Program crash
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38109.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37206.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31712.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63611.exe
11⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58806.exe
12⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 220
12⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
7⤵
- Program crash
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37642.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13496.exe
7⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51364.exe
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13377.exe
9⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53824.exe
10⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
11⤵
PID:12180

C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6318.exe
12⤵
PID:1408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
11⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
10⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 236
9⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
8⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
7⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
6⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
5⤵
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46086.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25303.exe
8⤵
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36268.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9916.exe
11⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45905.exe
12⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
13⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
13⤵
PID:13552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 236
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
11⤵
PID:1040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 216
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-14840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14840.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37166.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18028.exe
11⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-48858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48858.exe
12⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54512.exe
13⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
13⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 236
12⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
11⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4576.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40067.exe
10⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42532.exe
11⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3217.exe
12⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 216
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
8⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
7⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43865.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33279.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42288.exe
10⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46253.exe
11⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43949.exe
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
12⤵
PID:13564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 216
8⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
6⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63730.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
7⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40051.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31795.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
10⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
11⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
12⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 236
12⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 236
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 216
7⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
6⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
5⤵
- Program crash
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5380.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33642.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59454.exe
8⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
9⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44628.exe
10⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
11⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28837.exe
12⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31842.exe
13⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63985.exe
14⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
14⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
13⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
12⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
11⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47472.exe
10⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6242.exe
12⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52584.exe
13⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 220
13⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
12⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
11⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 220
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35971.exe
8⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38297.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59947.exe
11⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34172.exe
12⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61463.exe
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
13⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
9⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
8⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22183.exe
7⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29195.exe
8⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
9⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25189.exe
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7046.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
12⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37452.exe
13⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
13⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
11⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
10⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
9⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 236
8⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44503.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
7⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58613.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42656.exe
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62578.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
11⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35013.exe
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 220
12⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 236
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
9⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
8⤵
- Program crash
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
7⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44436.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12884.exe
10⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29704.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62475.exe
12⤵
PID:12400

C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43926.exe
13⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 216
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
7⤵
- Program crash
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42473.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64368.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
7⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
8⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65152.exe
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39828.exe
11⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7337.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33259.exe
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
13⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
9⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39536.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21489.exe
9⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31515.exe
11⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
12⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
11⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 220
8⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18073.exe
7⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40264.exe
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26014.exe
10⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17644.exe
11⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9657.exe
12⤵
PID:12688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
13⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
12⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 220
11⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
10⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
8⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
7⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65162.exe
6⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3595.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11421.exe
11⤵
PID:10124

C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29175.exe
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4342.exe
7⤵
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 220
8⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
7⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
6⤵
- Program crash
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
5⤵
- Program crash
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31613.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21306.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3128.exe
7⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21961.exe
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26616.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51027.exe
10⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34655.exe
11⤵
PID:12536

C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
12⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
11⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
9⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
8⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 216
7⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
6⤵
- Program crash
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13776.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42049.exe
6⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42023.exe
7⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30975.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
11⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
12⤵
PID:12432

C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21368.exe
13⤵
PID:14180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 220
11⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32930.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43964.exe
8⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-53533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53533.exe
9⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17452.exe
10⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12262.exe
11⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 220
11⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 220
10⤵
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
9⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 240
7⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65136.exe
6⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42189.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7674.exe
8⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50840.exe
9⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25148.exe
10⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55716.exe
11⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11164 -s 236
11⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 236
10⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
9⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
8⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
7⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
6⤵
- Program crash
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
5⤵
- Program crash
PID:2404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-65167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65167.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22786.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15276.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35972.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14529.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
8⤵
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34021.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56408.exe
10⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48510.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32932.exe
12⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29642.exe
13⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
13⤵
PID:14032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
11⤵
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
9⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
8⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56003.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10108.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52729.exe
11⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 220
12⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 220
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
9⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
8⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56117.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37939.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60248.exe
10⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
11⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60010.exe
12⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
12⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
11⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 216
8⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
7⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
6⤵
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28358.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16476.exe
6⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33855.exe
7⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1073.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7866.exe
9⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37301.exe
10⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50804.exe
11⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
12⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
12⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
10⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
8⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-409.exe
8⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50181.exe
9⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44177.exe
10⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37919.exe
11⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
11⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 220
10⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
9⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
8⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
7⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56968.exe
6⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
7⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
8⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10746.exe
9⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
10⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10534.exe
11⤵
PID:12576

C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
12⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
10⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
9⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
8⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
7⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
6⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
5⤵
- Program crash
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26137.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46133.exe
6⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41447.exe
7⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19548.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59563.exe
10⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50124.exe
11⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4099.exe
12⤵
PID:12012

C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30823.exe
13⤵
PID:13700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 216
11⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
10⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7850.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35360.exe
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 220
10⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
9⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
8⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
7⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29749.exe
6⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33829.exe
7⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15266.exe
8⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42781.exe
9⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23155.exe
10⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30060.exe
11⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
11⤵
PID:13348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
10⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
9⤵
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
8⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
7⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
6⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
5⤵
- Program crash
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
4⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 220
3⤵
- Loads dropped DLL
- Program crash
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
2⤵
- Program crash
PID:2744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
Filesize
184KB

MD5
0cf9b411c1998fcbdd66c83f5c1e27df

SHA1
845a235ac2e2bfb816d1b6fa437d881f8646b8c6

SHA256
bf1ce0a66c40e0246ef2ccf9d2f5d976a411997d12b70d43a399e8b3e3624244

SHA512
ef1a996aafa11e4e3e9e81b1052796641e3899e6fc7073ceae71e4c834286b51a1fe6c9905798928e7881199b01931b4c70bee9c563592720452a50ebeea4f85

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15687.exe
Filesize
184KB

MD5
5b67922d0a7ba82d544ffd109e629f8c

SHA1
6ca61c86b3ecd63b5ecb2474f10370c85b1a1dd8

SHA256
74d9a4253ab3daf66f5fe3393146a25a95b7d380213de68485f60053597aa8dd

SHA512
b367b4813e4f297d2a901f6334ece8371c12457fcdc82929cc6600f4582aa615e2441971d8df5b1adbda75225ea97fe60828db7df3ced13fdacb399123965df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40544.exe
Filesize
184KB

MD5
e574e16b53dcb42e9811c6f6037da44d

SHA1
cb5ec2495135fcd5841c963bc9cd33ea446bd4dc

SHA256
0a257b02732db222ee7c3d9b40ccbf83ae6c4f946c50cced19fff226780dee15

SHA512
1b2684e680f03d9efe10c9c4cd6f2dd54db6e37d4a53ee1e43cdd097a75ca5216c40b5ef89d713765ac7cef4efa70ccbae9481c8f09698a715b2d12633e6cd4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48334.exe
Filesize
184KB

MD5
df1e188d90470c72e72fad02281b878d

SHA1
caf4c545249d8fb2bf1abca100f47b02e8580d3f

SHA256
182b38fc44b49121b23a71f470a7669620787dd640c2f27241d3db3cab284184

SHA512
33f10d65ce5e84df450d381fa6180ea167790b7bfc1f272745d57f0b363c4b4546f0575d57c36520cef135b20624f9d5dd0b55600fd171bd9ba8b7c2fbcadf00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52915.exe
Filesize
184KB

MD5
f9ee1292d702f78661d694df6e9d8d2a

SHA1
806bad54ebb48fd5ca37ec02eaf9844e857e4a5c

SHA256
5413a6e3ab75269dae390451a9843b13b8ba4ea5d08b2f4ac465ad7665c3ddb4

SHA512
2bc2f73d24d78bb294b7beb54b46918db3c4463e3c04e4c1727548d04523ed31b4aab08008db5f06c134e770c7e511e3289eb223b34812ef2592cd9f34a6f8d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54306.exe
Filesize
184KB

MD5
5f09d402a03e2bbe9348ce073e7f606c

SHA1
ffd80bc60c41138240ecc6a477a88c86ad1faa7f

SHA256
4c76e5f7ea5bbfd8d97121c4f4e4e1d9bf8452cf5a574c34e396914ac73cafee

SHA512
93a3152b87263f9abe88c61cd6c273655b9baaadd3f489b1e638dac1f203932e1dcff3fd8a1e5dc04d8291ee58e4fdc54b3f2da70d7634d8e535ac310c2d8c51

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56916.exe
Filesize
184KB

MD5
6c885c5c13066aa8502e2dc7d53ac09d

SHA1
c076d04fecf086645913e12a6e3bed626884f1f1

SHA256
186b028467ee0887593e1eca1770dbf8d5344466e6b3be9fe4fec458e84c5253

SHA512
0949edf15319c63a48d61e7dd0b153919908c0730146d29d96a5530f5921c779cea7742e48ac9278fd2ee71d5e8bf89183e68f96b097f6e863c81f0a86935b44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58302.exe
Filesize
184KB

MD5
0900e5674ded3e9b4705ad80956753b6

SHA1
8aac1ab9d2a1e45faa4e85b531e84c8a9e30ebeb

SHA256
f7bb2350c666ba19877ec582853c7af93f5d48df3770721f1f1cbd50222f7ea5

SHA512
b7ea378265c99afce3aef7b540f3c6df03f37899a146b7b222703245f03bedf630f4c484520ac7523e020b5cace788d0de90108f969c83085d3ba806804c3946

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65167.exe
Filesize
184KB

MD5
5a89e18ed173034dacf640c6c9011a4f

SHA1
d04988f6f6d876012097933877cde984f34436c3

SHA256
bf92d9be17fa4a0a141d2ecbef1e5ef36e35f4886e2d967937511fef58f2bbe0

SHA512
9a669ffa045ebdc5b13ada3efbe0e48d5fcf67f26010a1376b81ec42aed37113e39f2309b696dac4d5a7b0c79553f5229efe708e2808ed2ae29fcd11caac8f2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
Filesize
184KB

MD5
cea50a7a29355a3233855526dd6b7dd4

SHA1
2a23b318cca5f7ebff786655c83b686c0f5869aa

SHA256
5bb4b667bc1722bad9a23f9134df1bad0c138f15892f3526c4609bf303cd5eb3

SHA512
484883ee2c4a197647635fa00dd875ce8e61ddbf4a813063a69e2963687f79508111431ae1df3ba8d29796e135c323f9e4890496ccc229d5a2aaeed4448ff4bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6688.exe
Filesize
184KB

MD5
2a950fcd6c82ff5647fa0fd53e78131f

SHA1
b8f32c890cde2a148fe63a2db72b9facde864dd4

SHA256
45146b689ce5b72f7e87d1cb31173b7f16757d1c2f2f3dcbf0fa48d9d04b5a18

SHA512
2987ec0ffe1273122816b15c43035b050b3f4cd1aa0010f6d9b771d2c0a13df15c4e68e88d5a391fc23b50b16fd35a7cd26a668eb92f8904bc1008299b26ed8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22490.exe
Filesize
184KB

MD5
f3d26c35d115ca5fde83158da11b31fb

SHA1
ecbc34e9ea6e6e1781cf9e81ca5d5b50cd32cc08

SHA256
6b4aca7c6a3e6557d00ebcc503af5c6532a93a6148b2b3a817c72c112f6d5711

SHA512
d52ad7853228082988ebb76902fd86fd85f183841bd19e997ca132fbc689616f273e865288799bc2ec5c6434155a18f3e2ee2ec022a850a25c2929df70087054

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29008.exe
Filesize
184KB

MD5
1bbe2f34ece676cd7a1fbf42d7bbb81f

SHA1
21985146fa4b080bd746ffb908264dcdf7d0f224

SHA256
1fa874a2d7867a62cfde324d59f9b659842b0307daa418a2d6c5d061c13d639c

SHA512
47f372d6feec396a51fcbb12439fe269b5f285b40eb6ab477882089837393db73c5636a0f155640035ef725f80680c9182eb01daf56caa78c7fa8607c6dec8a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
Filesize
184KB

MD5
78edb44b780573c6f0db0494dce4c833

SHA1
72fd2a71ed0ac7ae62b822d8247300c6f688ffbd

SHA256
004123f72f2584c8c40ebe7dce895df7359eac65cd948b8c0b81aaaf1183e77a

SHA512
a90644617582e76be442c349586448cf5ffdaa97e2bc6d5d8a8bfd5a5a431857d56ee50645622be66ef5c6ca7efcddd9ddd22969e038beda78ef52cb533be5c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42054.exe
Filesize
184KB

MD5
27a715f9c86ef7e1feeac6ee61f3ff48

SHA1
33b97ea17ab5e9c395ea48a36e8527d5d8874032

SHA256
6796939805f740248bb418b2e62564fc26b68193a4466bd436c2c82b678742db

SHA512
3fae1ba42411da08ed85415678434da87651eaf900fd6d77b31c462d40ed2d0f4e6f7b065d0e3a54380dadc78486a35f7c770f98de23d80ce2043aedfb8bfab4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5058.exe
Filesize
184KB

MD5
ea20f70ad542cd68df3e46961964d50e

SHA1
e722f2e252e7f773438f72808f5d8eb02ea1789d

SHA256
53fa0a8dde6b8213ee7605431bcd2748e79cca4e0ae26ba8960f49ad6b644d38

SHA512
d9d9fc839c05410d736841539bf5b6f3c730dd65a1aa318c90ab695540d6bb5c091b74134948ce95c6f656b5c06b1fc196747e3e11f392aaa2e3adb840155508

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60076.exe
Filesize
184KB

MD5
a3384d7a3d71aca7d3c5940b543a95f5

SHA1
480b9389ad30f744c5cc3acaf4bd0f0c6c928ba8

SHA256
26b36b2d935b76981621f715aef9e6b56c0bad2252ffbdddbdbb9cc9f745fb95

SHA512
a12501e4ac16b0c8263e839daeb0d4ef5d79f426b997d1c0831da57cf02c37be3fc0377b201c8dc218083a3455a78e71e3025bff351e873e1d4b4a394b9d5159

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads