9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
Size

184KB
MD5

5b3dfd0a0c474cc1bb6475d66a891b34
SHA1

ea8662e893c2f851305cb2ce977170191ac4b117
SHA256

9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be
SHA512

f6d5bf118cafd77a0d0f0c74a0f7dbbbc82b8c930030d4e21c51f792d9e0ae7860f15023b7b903694a3f0441e51af9dde28385a8ee64d2cbe619e5266fbb2b50
SSDEEP

3072:E/n5aqoDqvOWd9MOnrpqLQT7whlnniF/n3:E/poDi9MXL67whlnniF/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-56627.exeUnicorn-4145.exeUnicorn-29479.exeUnicorn-45903.exeUnicorn-32390.exeUnicorn-13100.exeUnicorn-63667.exeUnicorn-31056.exeUnicorn-30798.exeUnicorn-36121.exeUnicorn-55987.exeUnicorn-30459.exeUnicorn-12913.exeUnicorn-10593.exeUnicorn-47480.exeUnicorn-37304.exeUnicorn-417.exeUnicorn-41912.exeUnicorn-4449.exeUnicorn-8651.exeUnicorn-31293.exeUnicorn-55283.exeUnicorn-3519.exeUnicorn-17120.exeUnicorn-2943.exeUnicorn-53223.exeUnicorn-5055.exeUnicorn-7940.exeUnicorn-54531.exeUnicorn-3104.exeUnicorn-51687.exeUnicorn-3680.exeUnicorn-54737.exeUnicorn-17815.exeUnicorn-50549.exeUnicorn-37419.exeUnicorn-39444.exeUnicorn-20695.exeUnicorn-58878.exeUnicorn-31572.exeUnicorn-53097.exeUnicorn-62703.exeUnicorn-27976.exeUnicorn-65043.exeUnicorn-19372.exeUnicorn-47446.exeUnicorn-37353.exeUnicorn-52838.exeUnicorn-45910.exeUnicorn-238.exeUnicorn-55827.exeUnicorn-10155.exeUnicorn-11115.exeUnicorn-4730.exeUnicorn-20443.exeUnicorn-91.exeUnicorn-22489.exeUnicorn-20412.exeUnicorn-53983.exeUnicorn-7247.exeUnicorn-2047.exeUnicorn-30486.exeUnicorn-10620.exeUnicorn-59904.exe

pid	process
2948	Unicorn-56627.exe
2592	Unicorn-4145.exe
2608	Unicorn-29479.exe
2736	Unicorn-45903.exe
2460	Unicorn-32390.exe
2476	Unicorn-13100.exe
324	Unicorn-63667.exe
564	Unicorn-31056.exe
1568	Unicorn-30798.exe
1452	Unicorn-36121.exe
1664	Unicorn-55987.exe
2644	Unicorn-30459.exe
2324	Unicorn-12913.exe
2672	Unicorn-10593.exe
2296	Unicorn-47480.exe
2784	Unicorn-37304.exe
1720	Unicorn-417.exe
2984	Unicorn-41912.exe
2588	Unicorn-4449.exe
1332	Unicorn-8651.exe
1520	Unicorn-31293.exe
980	Unicorn-55283.exe
2808	Unicorn-3519.exe
300	Unicorn-17120.exe
1800	Unicorn-2943.exe
1684	Unicorn-53223.exe
2184	Unicorn-5055.exe
2800	Unicorn-7940.exe
808	Unicorn-54531.exe
2600	Unicorn-3104.exe
2240	Unicorn-51687.exe
1644	Unicorn-3680.exe
2544	Unicorn-54737.exe
2404	Unicorn-17815.exe
2888	Unicorn-50549.exe
2448	Unicorn-37419.exe
2164	Unicorn-39444.exe
776	Unicorn-20695.exe
2700	Unicorn-58878.exe
2444	Unicorn-31572.exe
1628	Unicorn-53097.exe
1180	Unicorn-62703.exe
1724	Unicorn-27976.exe
1084	Unicorn-65043.exe
1972	Unicorn-19372.exe
1860	Unicorn-47446.exe
1316	Unicorn-37353.exe
1476	Unicorn-52838.exe
1580	Unicorn-45910.exe
2304	Unicorn-238.exe
2100	Unicorn-55827.exe
1016	Unicorn-10155.exe
1560	Unicorn-11115.exe
2172	Unicorn-4730.exe
2892	Unicorn-20443.exe
2908	Unicorn-91.exe
2992	Unicorn-22489.exe
1992	Unicorn-20412.exe
2756	Unicorn-53983.exe
2432	Unicorn-7247.exe
2836	Unicorn-2047.exe
2528	Unicorn-30486.exe
380	Unicorn-10620.exe
240	Unicorn-59904.exe

Loads dropped DLL 64 IoCs

Processes:

9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exeUnicorn-56627.exeUnicorn-29479.exeUnicorn-4145.exeWerFault.exeUnicorn-32390.exeUnicorn-45903.exeUnicorn-13100.exeWerFault.exeWerFault.exeUnicorn-63667.exeUnicorn-31056.exeUnicorn-36121.exeUnicorn-30798.exeUnicorn-55987.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
2948	Unicorn-56627.exe
1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
2948	Unicorn-56627.exe
1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
2608	Unicorn-29479.exe
2608	Unicorn-29479.exe
2592	Unicorn-4145.exe
2592	Unicorn-4145.exe
2948	Unicorn-56627.exe
2948	Unicorn-56627.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
1424	WerFault.exe
2460	Unicorn-32390.exe
2460	Unicorn-32390.exe
2592	Unicorn-4145.exe
2736	Unicorn-45903.exe
2592	Unicorn-4145.exe
2736	Unicorn-45903.exe
2608	Unicorn-29479.exe
2608	Unicorn-29479.exe
2476	Unicorn-13100.exe
2476	Unicorn-13100.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1796	WerFault.exe
324	Unicorn-63667.exe
2460	Unicorn-32390.exe
324	Unicorn-63667.exe
2460	Unicorn-32390.exe
564	Unicorn-31056.exe
564	Unicorn-31056.exe
1452	Unicorn-36121.exe
1452	Unicorn-36121.exe
1568	Unicorn-30798.exe
1568	Unicorn-30798.exe
2736	Unicorn-45903.exe
2736	Unicorn-45903.exe
1664	Unicorn-55987.exe
1664	Unicorn-55987.exe
2476	Unicorn-13100.exe
2476	Unicorn-13100.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2180	WerFault.exe
2136	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2652	1524	WerFault.exe	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
1424	2948	WerFault.exe	Unicorn-56627.exe
1796	2608	WerFault.exe	Unicorn-29479.exe
1816	2592	WerFault.exe	Unicorn-4145.exe
548	2460	WerFault.exe	Unicorn-32390.exe
2180	2736	WerFault.exe	Unicorn-45903.exe
2136	2476	WerFault.exe	Unicorn-13100.exe
1400	564	WerFault.exe	Unicorn-31056.exe
2536	324	WerFault.exe	Unicorn-63667.exe
2768	1452	WerFault.exe	Unicorn-36121.exe
2684	1568	WerFault.exe	Unicorn-30798.exe
2640	1664	WerFault.exe	Unicorn-55987.exe
940	2644	WerFault.exe	Unicorn-30459.exe
1632	2672	WerFault.exe	Unicorn-10593.exe
1116	2296	WerFault.exe	Unicorn-47480.exe
2036	2324	WerFault.exe	Unicorn-12913.exe
956	2984	WerFault.exe	Unicorn-41912.exe
2156	2588	WerFault.exe	Unicorn-4449.exe
2064	2784	WerFault.exe	Unicorn-37304.exe
1552	1720	WerFault.exe	Unicorn-417.exe
2020	980	WerFault.exe	Unicorn-55283.exe
2028	2808	WerFault.exe	Unicorn-3519.exe
1100	1520	WerFault.exe	Unicorn-31293.exe
2128	1800	WerFault.exe	Unicorn-2943.exe
2112	1332	WerFault.exe	Unicorn-8651.exe
1920	808	WerFault.exe	Unicorn-54531.exe
640	2908	WerFault.exe	Unicorn-91.exe
2956	2544	WerFault.exe	Unicorn-54737.exe
1948	2600	WerFault.exe	Unicorn-3104.exe
2508	2304	WerFault.exe	Unicorn-238.exe
1380	2448	WerFault.exe	Unicorn-37419.exe
2924	2888	WerFault.exe	Unicorn-50549.exe
2792	2164	WerFault.exe	Unicorn-39444.exe
1408	2404	WerFault.exe	Unicorn-17815.exe
1976	2444	WerFault.exe	Unicorn-31572.exe
2424	2700	WerFault.exe	Unicorn-58878.exe
2860	1684	WerFault.exe	Unicorn-53223.exe
3352	2240	WerFault.exe	Unicorn-51687.exe
3388	1084	WerFault.exe	Unicorn-65043.exe
3616	2800	WerFault.exe	Unicorn-7940.exe
3868	1628	WerFault.exe	Unicorn-53097.exe
3904	300	WerFault.exe	Unicorn-17120.exe
3948	1560	WerFault.exe	Unicorn-11115.exe
3960	1644	WerFault.exe	Unicorn-3680.exe
3984	2184	WerFault.exe	Unicorn-5055.exe
4024	1724	WerFault.exe	Unicorn-27976.exe
4032	240	WerFault.exe	Unicorn-59904.exe
4056	1972	WerFault.exe	Unicorn-19372.exe
4072	1860	WerFault.exe	Unicorn-47446.exe
1340	1316	WerFault.exe	Unicorn-37353.exe
3156	1476	WerFault.exe	Unicorn-52838.exe
3196	1580	WerFault.exe	Unicorn-45910.exe
3448	1992	WerFault.exe	Unicorn-20412.exe
3472	3004	WerFault.exe	Unicorn-38888.exe
3456	2528	WerFault.exe	Unicorn-30486.exe
3704	2088	WerFault.exe	Unicorn-29355.exe
3712	2836	WerFault.exe	Unicorn-2047.exe
3716	556	WerFault.exe	Unicorn-55141.exe
3840	1864	WerFault.exe	Unicorn-3293.exe
3420	2756	WerFault.exe	Unicorn-53983.exe
3732	776	WerFault.exe	Unicorn-20695.exe
3896	2172	WerFault.exe	Unicorn-4730.exe
3268	380	WerFault.exe	Unicorn-10620.exe
3308	2864	WerFault.exe	Unicorn-31062.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exeUnicorn-56627.exeUnicorn-4145.exeUnicorn-29479.exeUnicorn-45903.exeUnicorn-32390.exeUnicorn-13100.exeUnicorn-31056.exeUnicorn-63667.exeUnicorn-36121.exeUnicorn-30798.exeUnicorn-55987.exeUnicorn-30459.exeUnicorn-12913.exeUnicorn-10593.exeUnicorn-47480.exeUnicorn-37304.exeUnicorn-41912.exeUnicorn-417.exeUnicorn-4449.exeUnicorn-8651.exeUnicorn-31293.exeUnicorn-55283.exeUnicorn-3519.exeUnicorn-17120.exeUnicorn-2943.exeUnicorn-53223.exeUnicorn-51687.exeUnicorn-54531.exeUnicorn-5055.exeUnicorn-7940.exeUnicorn-3104.exeUnicorn-3680.exeUnicorn-17815.exeUnicorn-54737.exeUnicorn-37419.exeUnicorn-50549.exeUnicorn-39444.exeUnicorn-20695.exeUnicorn-58878.exeUnicorn-31572.exeUnicorn-53097.exeUnicorn-62703.exeUnicorn-27976.exeUnicorn-19372.exeUnicorn-47446.exeUnicorn-65043.exeUnicorn-37353.exeUnicorn-52838.exeUnicorn-238.exeUnicorn-45910.exeUnicorn-11115.exeUnicorn-10155.exeUnicorn-55827.exeUnicorn-4730.exeUnicorn-20443.exeUnicorn-22489.exeUnicorn-20412.exeUnicorn-53983.exeUnicorn-7247.exeUnicorn-2047.exeUnicorn-10620.exeUnicorn-30486.exeUnicorn-59904.exe

pid	process
1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
2948	Unicorn-56627.exe
2592	Unicorn-4145.exe
2608	Unicorn-29479.exe
2736	Unicorn-45903.exe
2460	Unicorn-32390.exe
2476	Unicorn-13100.exe
564	Unicorn-31056.exe
324	Unicorn-63667.exe
1452	Unicorn-36121.exe
1568	Unicorn-30798.exe
1664	Unicorn-55987.exe
2644	Unicorn-30459.exe
2324	Unicorn-12913.exe
2672	Unicorn-10593.exe
2296	Unicorn-47480.exe
2784	Unicorn-37304.exe
2984	Unicorn-41912.exe
1720	Unicorn-417.exe
2588	Unicorn-4449.exe
1332	Unicorn-8651.exe
1520	Unicorn-31293.exe
980	Unicorn-55283.exe
2808	Unicorn-3519.exe
300	Unicorn-17120.exe
1800	Unicorn-2943.exe
1684	Unicorn-53223.exe
2240	Unicorn-51687.exe
808	Unicorn-54531.exe
2184	Unicorn-5055.exe
2800	Unicorn-7940.exe
2600	Unicorn-3104.exe
1644	Unicorn-3680.exe
2404	Unicorn-17815.exe
2544	Unicorn-54737.exe
2448	Unicorn-37419.exe
2888	Unicorn-50549.exe
2164	Unicorn-39444.exe
776	Unicorn-20695.exe
2700	Unicorn-58878.exe
2444	Unicorn-31572.exe
1628	Unicorn-53097.exe
1180	Unicorn-62703.exe
1724	Unicorn-27976.exe
1972	Unicorn-19372.exe
1860	Unicorn-47446.exe
1084	Unicorn-65043.exe
1316	Unicorn-37353.exe
1476	Unicorn-52838.exe
2304	Unicorn-238.exe
1580	Unicorn-45910.exe
1560	Unicorn-11115.exe
1016	Unicorn-10155.exe
2100	Unicorn-55827.exe
2172	Unicorn-4730.exe
2892	Unicorn-20443.exe
2992	Unicorn-22489.exe
1992	Unicorn-20412.exe
2756	Unicorn-53983.exe
2432	Unicorn-7247.exe
2836	Unicorn-2047.exe
380	Unicorn-10620.exe
2528	Unicorn-30486.exe
240	Unicorn-59904.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exeUnicorn-56627.exeUnicorn-29479.exeUnicorn-4145.exeUnicorn-32390.exeUnicorn-45903.exeUnicorn-13100.exeUnicorn-63667.exe

description	pid	process	target process
PID 1524 wrote to memory of 2948	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-56627.exe
PID 1524 wrote to memory of 2948	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-56627.exe
PID 1524 wrote to memory of 2948	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-56627.exe
PID 1524 wrote to memory of 2948	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-56627.exe
PID 2948 wrote to memory of 2592	2948	Unicorn-56627.exe	Unicorn-4145.exe
PID 2948 wrote to memory of 2592	2948	Unicorn-56627.exe	Unicorn-4145.exe
PID 2948 wrote to memory of 2592	2948	Unicorn-56627.exe	Unicorn-4145.exe
PID 2948 wrote to memory of 2592	2948	Unicorn-56627.exe	Unicorn-4145.exe
PID 1524 wrote to memory of 2608	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-29479.exe
PID 1524 wrote to memory of 2608	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-29479.exe
PID 1524 wrote to memory of 2608	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-29479.exe
PID 1524 wrote to memory of 2608	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	Unicorn-29479.exe
PID 1524 wrote to memory of 2652	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	WerFault.exe
PID 1524 wrote to memory of 2652	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	WerFault.exe
PID 1524 wrote to memory of 2652	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	WerFault.exe
PID 1524 wrote to memory of 2652	1524	9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe	WerFault.exe
PID 2608 wrote to memory of 2736	2608	Unicorn-29479.exe	Unicorn-45903.exe
PID 2608 wrote to memory of 2736	2608	Unicorn-29479.exe	Unicorn-45903.exe
PID 2608 wrote to memory of 2736	2608	Unicorn-29479.exe	Unicorn-45903.exe
PID 2608 wrote to memory of 2736	2608	Unicorn-29479.exe	Unicorn-45903.exe
PID 2592 wrote to memory of 2460	2592	Unicorn-4145.exe	Unicorn-32390.exe
PID 2592 wrote to memory of 2460	2592	Unicorn-4145.exe	Unicorn-32390.exe
PID 2592 wrote to memory of 2460	2592	Unicorn-4145.exe	Unicorn-32390.exe
PID 2592 wrote to memory of 2460	2592	Unicorn-4145.exe	Unicorn-32390.exe
PID 2948 wrote to memory of 2476	2948	Unicorn-56627.exe	Unicorn-13100.exe
PID 2948 wrote to memory of 2476	2948	Unicorn-56627.exe	Unicorn-13100.exe
PID 2948 wrote to memory of 2476	2948	Unicorn-56627.exe	Unicorn-13100.exe
PID 2948 wrote to memory of 2476	2948	Unicorn-56627.exe	Unicorn-13100.exe
PID 2948 wrote to memory of 1424	2948	Unicorn-56627.exe	WerFault.exe
PID 2948 wrote to memory of 1424	2948	Unicorn-56627.exe	WerFault.exe
PID 2948 wrote to memory of 1424	2948	Unicorn-56627.exe	WerFault.exe
PID 2948 wrote to memory of 1424	2948	Unicorn-56627.exe	WerFault.exe
PID 2460 wrote to memory of 324	2460	Unicorn-32390.exe	Unicorn-63667.exe
PID 2460 wrote to memory of 324	2460	Unicorn-32390.exe	Unicorn-63667.exe
PID 2460 wrote to memory of 324	2460	Unicorn-32390.exe	Unicorn-63667.exe
PID 2460 wrote to memory of 324	2460	Unicorn-32390.exe	Unicorn-63667.exe
PID 2736 wrote to memory of 1568	2736	Unicorn-45903.exe	Unicorn-30798.exe
PID 2736 wrote to memory of 1568	2736	Unicorn-45903.exe	Unicorn-30798.exe
PID 2736 wrote to memory of 1568	2736	Unicorn-45903.exe	Unicorn-30798.exe
PID 2736 wrote to memory of 1568	2736	Unicorn-45903.exe	Unicorn-30798.exe
PID 2592 wrote to memory of 564	2592	Unicorn-4145.exe	Unicorn-31056.exe
PID 2592 wrote to memory of 564	2592	Unicorn-4145.exe	Unicorn-31056.exe
PID 2592 wrote to memory of 564	2592	Unicorn-4145.exe	Unicorn-31056.exe
PID 2592 wrote to memory of 564	2592	Unicorn-4145.exe	Unicorn-31056.exe
PID 2608 wrote to memory of 1452	2608	Unicorn-29479.exe	Unicorn-36121.exe
PID 2608 wrote to memory of 1452	2608	Unicorn-29479.exe	Unicorn-36121.exe
PID 2608 wrote to memory of 1452	2608	Unicorn-29479.exe	Unicorn-36121.exe
PID 2608 wrote to memory of 1452	2608	Unicorn-29479.exe	Unicorn-36121.exe
PID 2476 wrote to memory of 1664	2476	Unicorn-13100.exe	Unicorn-55987.exe
PID 2476 wrote to memory of 1664	2476	Unicorn-13100.exe	Unicorn-55987.exe
PID 2476 wrote to memory of 1664	2476	Unicorn-13100.exe	Unicorn-55987.exe
PID 2476 wrote to memory of 1664	2476	Unicorn-13100.exe	Unicorn-55987.exe
PID 2608 wrote to memory of 1796	2608	Unicorn-29479.exe	WerFault.exe
PID 2608 wrote to memory of 1796	2608	Unicorn-29479.exe	WerFault.exe
PID 2608 wrote to memory of 1796	2608	Unicorn-29479.exe	WerFault.exe
PID 2608 wrote to memory of 1796	2608	Unicorn-29479.exe	WerFault.exe
PID 2592 wrote to memory of 1816	2592	Unicorn-4145.exe	WerFault.exe
PID 2592 wrote to memory of 1816	2592	Unicorn-4145.exe	WerFault.exe
PID 2592 wrote to memory of 1816	2592	Unicorn-4145.exe	WerFault.exe
PID 2592 wrote to memory of 1816	2592	Unicorn-4145.exe	WerFault.exe
PID 324 wrote to memory of 2644	324	Unicorn-63667.exe	Unicorn-30459.exe
PID 324 wrote to memory of 2644	324	Unicorn-63667.exe	Unicorn-30459.exe
PID 324 wrote to memory of 2644	324	Unicorn-63667.exe	Unicorn-30459.exe
PID 324 wrote to memory of 2644	324	Unicorn-63667.exe	Unicorn-30459.exe

C:\Users\Admin\AppData\Local\Temp\9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe
"C:\Users\Admin\AppData\Local\Temp\9761d66044022f43bbe7fe02e2f61b036a38bcbdf8f42b311f2a88255fee15be.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8651.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54737.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4730.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63313.exe
10⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-526.exe
11⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4188.exe
11⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54436.exe
12⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
13⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe
14⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
13⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 236
12⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 220
11⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
10⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
9⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20443.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
9⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14226.exe
11⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57155.exe
12⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4155.exe
13⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
13⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
12⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 216
10⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
9⤵
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
8⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50549.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42591.exe
10⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28210.exe
11⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-871.exe
12⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17309.exe
13⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 236
13⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
11⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
9⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
8⤵
- Program crash
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
7⤵
- Program crash
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55283.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39444.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7247.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1169.exe
9⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30037.exe
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57338.exe
11⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43620.exe
12⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7169.exe
13⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
13⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 236
12⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 236
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
10⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56867.exe
8⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45861.exe
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19633.exe
11⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
12⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
13⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
13⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
12⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
11⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 216
9⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
8⤵
- Program crash
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2047.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63551.exe
8⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27354.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19499.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
11⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20078.exe
12⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51224.exe
13⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
13⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
12⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
11⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
10⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54276.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23325.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36450.exe
11⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15689.exe
12⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
12⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
- Program crash
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
7⤵
- Program crash
PID:2020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
6⤵
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31293.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17815.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13514.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65516.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48402.exe
10⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23061.exe
11⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38726.exe
12⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19101.exe
13⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5148 -s 236
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
11⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
9⤵
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 236
8⤵
- Program crash
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59904.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
8⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51949.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34406.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63276.exe
12⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 236
12⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
10⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
8⤵
- Program crash
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 240
7⤵
- Program crash
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37419.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
7⤵
- Executes dropped EXE
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
8⤵
- Program crash
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14526.exe
7⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5133.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63147.exe
11⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
12⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 236
11⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 236
10⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
8⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
7⤵
- Program crash
PID:1380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
6⤵
- Program crash
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2943.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45060.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
10⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43670.exe
12⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
13⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 216
13⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
12⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
11⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
9⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
8⤵
- Program crash
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48072.exe
8⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39302.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59700.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37511.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27989.exe
12⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
9⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 236
8⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
7⤵
- Program crash
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53097.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63568.exe
7⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56289.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17254.exe
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56367.exe
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40436.exe
11⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10442.exe
12⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 236
11⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 236
10⤵
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
8⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
7⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
6⤵
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53223.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8929.exe
7⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17559.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18025.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31172.exe
10⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29191.exe
11⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
9⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 216
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 236
7⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
6⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35320.exe
7⤵
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 220
8⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
7⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
6⤵
- Program crash
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 564 -s 240
5⤵
- Program crash
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41912.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-5055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5055.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19372.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58737.exe
8⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62286.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31745.exe
11⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35460.exe
12⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
12⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
9⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36375.exe
7⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-23259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23259.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
10⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
11⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
8⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
7⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9453.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55297.exe
10⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61209.exe
11⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
11⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
9⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
8⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
7⤵
- Program crash
PID:4072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
6⤵
- Program crash
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7940.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11115.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48680.exe
7⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61681.exe
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
10⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55976.exe
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 236
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
10⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46335.exe
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52499.exe
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58079.exe
11⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
11⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
10⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
9⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
10⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
10⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59361.exe
9⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56673.exe
10⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 220
10⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58531.exe
9⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51152.exe
9⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51740.exe
9⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36106.exe
9⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
8⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
7⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
6⤵
PID:436

C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
7⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25220.exe
8⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-394.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31200.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16486.exe
11⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 236
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 436 -s 236
7⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
6⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
5⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4449.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3104.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37353.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47144.exe
7⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7657.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
10⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19378.exe
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 216
11⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 216
8⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 236
7⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27278.exe
6⤵
PID:392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23239.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60572.exe
8⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38617.exe
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46242.exe
10⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55787.exe
11⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
10⤵
PID:2208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
9⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
8⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 392 -s 236
7⤵
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
6⤵
- Program crash
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45910.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
6⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18218.exe
7⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
8⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10429.exe
9⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40644.exe
10⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
10⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
9⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
8⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
7⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
6⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
5⤵
- Program crash
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-37304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37304.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54531.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27976.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-40948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40948.exe
8⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32520.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61164.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20041.exe
11⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57899.exe
12⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 220
12⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
9⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
8⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3293.exe
7⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28485.exe
8⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38736.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43896.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41692.exe
12⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
11⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
10⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 236
9⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
8⤵
- Program crash
PID:3840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 240
7⤵
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65043.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29355.exe
7⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11962.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53423.exe
9⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10655.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62715.exe
11⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
12⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
12⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
10⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
8⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
6⤵
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51687.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6433.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1515.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
9⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65304.exe
10⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39623.exe
11⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27853.exe
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
12⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
11⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
9⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53264.exe
7⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31210.exe
8⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64986.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21485.exe
10⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19094.exe
11⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 236
10⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
8⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
7⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34315.exe
6⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-19643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19643.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53904.exe
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21788.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34551.exe
10⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe
11⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
11⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
8⤵
PID:4992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
7⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
6⤵
- Program crash
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
5⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-238.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38888.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13446.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16017.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7103.exe
11⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7847.exe
12⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
12⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
9⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
8⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54601.exe
6⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe
7⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5296.exe
8⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51559.exe
9⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19874.exe
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
10⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
9⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
8⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
7⤵
PID:4968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
6⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55827.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55141.exe
6⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12200.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8777.exe
9⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
10⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61443.exe
11⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
11⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
10⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
8⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 216
7⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57296.exe
6⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31895.exe
7⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45661.exe
8⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59237.exe
9⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5834.exe
10⤵
PID:10048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
9⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
8⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
7⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
6⤵
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
5⤵
- Program crash
PID:1552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53983.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
8⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26592.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-699.exe
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56769.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62880.exe
11⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
12⤵
PID:10212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 240
11⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
9⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
8⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3380.exe
7⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40959.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1584.exe
10⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
11⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
9⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 236
8⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
7⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34071.exe
7⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10890.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40910.exe
9⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
10⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60620.exe
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 236
11⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 236
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
8⤵
PID:4732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 216
7⤵
- Program crash
PID:3448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
6⤵
- Program crash
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58878.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
6⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58443.exe
7⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-417.exe
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61355.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8292.exe
11⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
11⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
8⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
7⤵
- Program crash
PID:3308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
6⤵
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
5⤵
- Program crash
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62703.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30839.exe
6⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49263.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12056.exe
8⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32016.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
10⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58947.exe
11⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
11⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
9⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
8⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
7⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
6⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34593.exe
7⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40791.exe
8⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60876.exe
9⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3247.exe
10⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
10⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 236
8⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
7⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 240
6⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46552.exe
5⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57249.exe
6⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22629.exe
7⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53023.exe
8⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37654.exe
9⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
9⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 236
8⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
7⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
6⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
5⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
4⤵
- Program crash
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
2⤵
- Program crash
PID:2652

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1172.exe

Filesize
184KB

MD5
35832ea19c8518c0611c252df27acf78

SHA1
5f60fba7224b858bfcde4561d55a3be579619ec6

SHA256
af82ae86235b8580d5ff5fa0b8b85bd756c92d438b86eb0b7e9d08ae499b894d

SHA512
5d66a7401bb29d75e3c64ba21d53ba8a09d7f86f08f9c969a769b4fd753843e9e23f7e007f5aac5d464a582b02f89445e3db80f49db1fc15e8de29aa3a381431

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-13100.exe

Filesize
184KB

MD5
5ba589f9dba8aaf1cc98c5e917c39cb9

SHA1
4971fc08d41a18ee52572473bcfc621f4d0301e0

SHA256
e72133fb178dd7a494ae085f42c2b9d7e750f9468663fb107cad9cb335fd6fe7

SHA512
b676cf1ef3166c0c2017bf0fab3b854dbe3eb387f9a9ee0d20da21acef3790d419b02bd685054fb973e46976b15b015b53ecceffa664d2895dd53fae906f3bb8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-30798.exe

Filesize
184KB

MD5
9388376e7384ede4ee7e1bc19c7bef6c

SHA1
3cf1c6d5dcd2d895e851286f60247b78c37102e7

SHA256
60591bacb896dbee59fbf67fee806591cc0fc36263ef9316e7a1ed35c912ef00

SHA512
0f2a5381898915ad65392becc6b0ae44e546a9b40da987c950f18e21ef94c8e4c90b753edbedb553de13526902af89a7c1e0a0a76ef5ed937d213ebc2cafbc6f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32031.exe

Filesize
184KB

MD5
78f5f35d184e504ebe20fd9f5da93d09

SHA1
e1698622445d37c4bbb2bb5165612ece4f606a8d

SHA256
eedd620636cb1b693ac39900ba2067970db3d18b30b53181b44ca42696acf551

SHA512
2f4631b7abb9f176f5b6759746afc0e314fa3631c645c6281fdbbb13a883784106fb374be0a72d4858f31c890fb2849ea7035ce74044417d574e8a4002ba9e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6289.exe

Filesize
184KB

MD5
d0be9c510df20162153b6a60fcc60fb5

SHA1
34c214578bea07987c3112df0c9daf8e4408dc7f

SHA256
1fe7619d2d380f7f7cc3673d23b0826cac120865d4c6e550fe847214f7780458

SHA512
ccc59e17330f65899c1da2de8dbacc5f4d0388b89226e686c96ae512d138d647973098e136c9931dcd3c0b5c6ca40bd140b1fa33571d217e86ec7a5f07417d2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10593.exe

Filesize
184KB

MD5
b73842ae315812727ae1b0e28f8629d9

SHA1
fa5def3bc65043c9508970e2d414b36efcb5c471

SHA256
ef5b690015a0a1831ca24040f204591016f128e66ad56976313e1da414f9bd70

SHA512
5d2dffa64dc0818bac6295d7359eb6046b6fb8e02e5f3e341d9670a55e7e9e9a73578bc9cf47b23d40c6ce4d95a5fea5fd47cfec96932fb12bd78ae8d984057e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12913.exe

Filesize
184KB

MD5
1e3495a8df8d1fe474c2e22245a83a8e

SHA1
4f3a7fd3793ccc3ae475475dab8543ef1719d740

SHA256
1787e9c4308773cd5ce35a32d87002200c76d2254335500824a6aad5919d5d35

SHA512
3978cb4a4fc443fcb40539ae3d9b0b577c03db9094c373439ee8ed7dc35d81fd4e5d28d59093063caa8973193e01764012559cd95ade88c3b6188ec68818fe61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29479.exe

Filesize
184KB

MD5
fe536ae3c903a8a90b3e33818ee287ef

SHA1
ee20c0f4ff3934fe2f80111a97f60e6a885c6fce

SHA256
1d920dfa1630a582b6d40dfee4e88ac2225667818044556302fdff1be709a6f4

SHA512
79b912c6b4c2f619a12fa91aa6ad1cbb33ef66bc47572dde3e208a4792708e9ec8f1144bd2afb721a6dfe3acc191ecc9c4bf6a145f956ed3d57d77d7507baf47

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30459.exe

Filesize
184KB

MD5
1b1a7ed7a32b60827e2c147a22d38e1d

SHA1
fab3e87158027bbfb4eaf7556d802275fc0c10d6

SHA256
98b60dc04080fb1e5220a2f09623cf4e747d7b59570e137c5779ac6ea0f02094

SHA512
8be523a4655104308a9e7ffda48eb9aa95831d3c7288cb47c3337886abdd1c187c4b4dd55aa2efc06e011e4a34724523266cc9a2d86f7ea24d7ae5cf1c1cd36b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe

Filesize
184KB

MD5
32864f425e76ee149af5ba3b747f8a94

SHA1
59aead6062fd3a1b9e3906c69ea23f0609c47092

SHA256
e66d0cc0a8ec951ece1978b197f12847ce4e1f811a347bcd0335e1081cc5f013

SHA512
23fc0d79a36b9abc38d57f1a6880a5677210035fba8a97acae226c2fbc8a1b0ba86203849468976e6d86202d3b9da95ba7aea9ffa846ba41fc024bcf629dbc1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe

Filesize
184KB

MD5
43ec86cf26e649d7b466ad11ecb51bdf

SHA1
b1b8bd13769da6068b39260fc8f7fa473ac53440

SHA256
78e2a06857b9202c7c07d6951da189d17790ca60739dbce811cfe6b1b23bef3a

SHA512
e28e2f5a4c68a2485e1db5fef444fffde3eafb06ebf50b5f1bc5aa4866441c88998e59619ed0a077bdc404fd28716ac688c6431c2caad69ff5aa47bc0b3aca5b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe

Filesize
184KB

MD5
55ac365304e38c73bc7135389b7c4633

SHA1
5526037e82bd6cdca68ec5008b0667e41640a4ce

SHA256
e9a009d12f120ffa226ab32a2f4c1b3ade6d141e53444dab4415d1e4f73a2095

SHA512
480f164ccee506ad1d43736dc8305de85f9c5a9c5549f883692c1d788851b5b3ebe7b62347cea196031aa7578563932d5e503b79e5aabd430e9e8da5e2040c62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4145.exe

Filesize
184KB

MD5
ec4b350eb679bbf5c47539d7c2a7ed36

SHA1
095779c4ceb01303743dd79134273142ee456087

SHA256
800ac55d8cbfc65ad4dfd0959e121d85f88fd570774302c19f441ea8d7ab4fc2

SHA512
dc1f2dafb1c33a46b25d39d89d34b4762269d6b222a549a384f5864c91f68b01ace3df9a19d4c4e2cf6d0e99768982b9412ce0e48aa3dc7f0a79a4af8bebc35e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45903.exe

Filesize
184KB

MD5
20c2e5776c0bd6f046357a150ad307ba

SHA1
23d995b0f0dd2efc3a14ad86c51c77f1b4c46d67

SHA256
6c93da85c668146126f41eae444d033a9ae693155b187c116814cbcbfcc61269

SHA512
991b1c640f93a17f72250932e0399b481799702dbc59b15ede716c627235e37a7b9f7a84871c85f37e7f030a86dcffc4a761cb0b1718b67313d037dd127fe73d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe

Filesize
184KB

MD5
6a7daed1730eab4c0c07b9ebe7ae86ec

SHA1
fda7f7fff8aca3daf7b924901c911f441d7ccd9e

SHA256
f73d5c6475434eba051d8afa2877c955fe7d4d0330db5e792f484b9e9ee734e6

SHA512
84157ae49b77c26f8e9aaca17621c7d87e4c163a2ec5df1269e9531bb8a466511d9f715933fea729a41f9f440b1acba23729ec5a0dcfe4d680a4af0c281bc459

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56627.exe

Filesize
184KB

MD5
4b5b348eea817072cc0d7cfa9e846d37

SHA1
bd807ff00b86243df31842880ddcad9a22891464

SHA256
cfd1c8558ae61cfbba0c1f45ca3c15c8deaa6bcb2ab7c97e507caf43db58c052

SHA512
d8b3b907e33f34e59bb9029d8ad7d2424c897d3bf18bd716c277caf1249229c5b87cbee32e5c849876c01384ffd39a33cef4bcc55655de3b526288f15187fb9c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63667.exe

Filesize
184KB

MD5
b36df0895683ac724b2eaab2e869b30b

SHA1
ff1767c54611224a7e90846640d6636e18058db1

SHA256
60f2fb21a20384e4c2dd2684d4c03db3d1cd6262b16315ee5efcb93cabd41c4c

SHA512
309df58aa1be9915cc9c2687dfe9526c8735dea9f7c632d4905c7e585661abc94e5cfc591fa1a28a4648507d10df4e11cc3afe717575ff139ffb5f2f95f54110

Download Submit