8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
Size

184KB
MD5

6a3193ec4e4342e1b6741f5bcaf6b91f
SHA1

313ba2ec118e6af0d99215df2b1a32f111095680
SHA256

8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9
SHA512

2b51283a778936b69e38125aaa8c011503bac9b8ae34dda43a8ad0ecb0f9b345084e00e38106d6888c1600fce0efbeb6375bb308cd13ca96c5203e118fcf8644
SSDEEP

3072:EUK6rkoTo4hCdoJWeryLRdlWhlnVLFFn3:EUsotuoJELDlWhlnVLFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-60639.exeUnicorn-28939.exeUnicorn-48805.exeUnicorn-4233.exeUnicorn-58006.exeUnicorn-60097.exeUnicorn-59171.exeUnicorn-38528.exeUnicorn-37480.exeUnicorn-17614.exeUnicorn-37480.exeUnicorn-57602.exeUnicorn-47841.exeUnicorn-1468.exeUnicorn-50389.exeUnicorn-3920.exeUnicorn-20190.exeUnicorn-60677.exeUnicorn-324.exeUnicorn-21360.exeUnicorn-1494.exeUnicorn-24199.exeUnicorn-7499.exeUnicorn-57582.exeUnicorn-670.exeUnicorn-11910.exeUnicorn-14001.exeUnicorn-52647.exeUnicorn-6975.exeUnicorn-11386.exeUnicorn-56534.exeUnicorn-4289.exeUnicorn-38720.exeUnicorn-58586.exeUnicorn-57538.exeUnicorn-25887.exeUnicorn-62110.exeUnicorn-13599.exeUnicorn-14144.exeUnicorn-26797.exeUnicorn-19649.exeUnicorn-48844.exeUnicorn-3172.exeUnicorn-37603.exeUnicorn-57469.exeUnicorn-43223.exeUnicorn-19125.exeUnicorn-19125.exeUnicorn-34989.exeUnicorn-51849.exeUnicorn-15123.exeUnicorn-33545.exeUnicorn-48973.exeUnicorn-29107.exeUnicorn-28059.exeUnicorn-64785.exeUnicorn-21257.exeUnicorn-16819.exeUnicorn-42305.exeUnicorn-30017.exeUnicorn-64897.exeUnicorn-51545.exeUnicorn-7440.exeUnicorn-13605.exe

pid	process
1708	Unicorn-60639.exe
2980	Unicorn-28939.exe
2572	Unicorn-48805.exe
2988	Unicorn-4233.exe
2456	Unicorn-58006.exe
2416	Unicorn-60097.exe
2644	Unicorn-59171.exe
308	Unicorn-38528.exe
1996	Unicorn-37480.exe
2008	Unicorn-17614.exe
1768	Unicorn-37480.exe
1604	Unicorn-57602.exe
288	Unicorn-47841.exe
2092	Unicorn-1468.exe
1916	Unicorn-50389.exe
2396	Unicorn-3920.exe
1104	Unicorn-20190.exe
1920	Unicorn-60677.exe
1296	Unicorn-324.exe
2064	Unicorn-21360.exe
3020	Unicorn-1494.exe
1576	Unicorn-24199.exe
1340	Unicorn-7499.exe
2044	Unicorn-57582.exe
900	Unicorn-670.exe
2180	Unicorn-11910.exe
2812	Unicorn-14001.exe
1516	Unicorn-52647.exe
2120	Unicorn-6975.exe
988	Unicorn-11386.exe
2336	Unicorn-56534.exe
2960	Unicorn-4289.exe
2520	Unicorn-38720.exe
2680	Unicorn-58586.exe
2528	Unicorn-57538.exe
2436	Unicorn-25887.exe
2876	Unicorn-62110.exe
2252	Unicorn-13599.exe
2728	Unicorn-14144.exe
2172	Unicorn-26797.exe
2304	Unicorn-19649.exe
1640	Unicorn-48844.exe
2196	Unicorn-3172.exe
320	Unicorn-37603.exe
1832	Unicorn-57469.exe
348	Unicorn-43223.exe
2880	Unicorn-19125.exe
1796	Unicorn-19125.exe
3012	Unicorn-34989.exe
560	Unicorn-51849.exe
2260	Unicorn-15123.exe
2112	Unicorn-33545.exe
2016	Unicorn-48973.exe
1740	Unicorn-29107.exe
1552	Unicorn-28059.exe
1372	Unicorn-64785.exe
2824	Unicorn-21257.exe
1808	Unicorn-16819.exe
2056	Unicorn-42305.exe
2568	Unicorn-30017.exe
2576	Unicorn-64897.exe
2444	Unicorn-51545.exe
1716	Unicorn-7440.exe
472	Unicorn-13605.exe

Loads dropped DLL 64 IoCs

Processes:

8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exeUnicorn-60639.exeUnicorn-28939.exeUnicorn-48805.exeWerFault.exeUnicorn-4233.exeUnicorn-58006.exeUnicorn-60097.exeWerFault.exeWerFault.exeUnicorn-59171.exeUnicorn-38528.exeUnicorn-37480.exeUnicorn-37480.exeUnicorn-17614.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
1708	Unicorn-60639.exe
1708	Unicorn-60639.exe
2980	Unicorn-28939.exe
2980	Unicorn-28939.exe
2572	Unicorn-48805.exe
2572	Unicorn-48805.exe
1708	Unicorn-60639.exe
1708	Unicorn-60639.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2676	WerFault.exe
2988	Unicorn-4233.exe
2980	Unicorn-28939.exe
2988	Unicorn-4233.exe
2980	Unicorn-28939.exe
2572	Unicorn-48805.exe
2572	Unicorn-48805.exe
2456	Unicorn-58006.exe
2416	Unicorn-60097.exe
2456	Unicorn-58006.exe
2416	Unicorn-60097.exe
1128	WerFault.exe
1128	WerFault.exe
1128	WerFault.exe
1128	WerFault.exe
1128	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2864	WerFault.exe
2644	Unicorn-59171.exe
2644	Unicorn-59171.exe
308	Unicorn-38528.exe
308	Unicorn-38528.exe
2988	Unicorn-4233.exe
2988	Unicorn-4233.exe
1996	Unicorn-37480.exe
1996	Unicorn-37480.exe
2456	Unicorn-58006.exe
2456	Unicorn-58006.exe
1768	Unicorn-37480.exe
1768	Unicorn-37480.exe
2416	Unicorn-60097.exe
2008	Unicorn-17614.exe
2416	Unicorn-60097.exe
2008	Unicorn-17614.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
1840	WerFault.exe
640	WerFault.exe
640	WerFault.exe
640	WerFault.exe
640	WerFault.exe
640	WerFault.exe
1056	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2524	1924	WerFault.exe	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
2676	1708	WerFault.exe	Unicorn-60639.exe
1128	2980	WerFault.exe	Unicorn-28939.exe
2864	2572	WerFault.exe	Unicorn-48805.exe
1840	2988	WerFault.exe	Unicorn-4233.exe
640	2456	WerFault.exe	Unicorn-58006.exe
1056	2416	WerFault.exe	Unicorn-60097.exe
1936	2644	WerFault.exe	Unicorn-59171.exe
2696	308	WerFault.exe	Unicorn-38528.exe
2084	1996	WerFault.exe	Unicorn-37480.exe
2508	1768	WerFault.exe	Unicorn-37480.exe
2556	2008	WerFault.exe	Unicorn-17614.exe
1484	1604	WerFault.exe	Unicorn-57602.exe
984	2092	WerFault.exe	Unicorn-1468.exe
1980	1916	WerFault.exe	Unicorn-50389.exe
1300	288	WerFault.exe	Unicorn-47841.exe
872	1104	WerFault.exe	Unicorn-20190.exe
1020	2396	WerFault.exe	Unicorn-3920.exe
2924	1920	WerFault.exe	Unicorn-60677.exe
2920	1296	WerFault.exe	Unicorn-324.exe
2580	3020	WerFault.exe	Unicorn-1494.exe
2472	2064	WerFault.exe	Unicorn-21360.exe
2488	1576	WerFault.exe	Unicorn-24199.exe
2404	1340	WerFault.exe	Unicorn-7499.exe
2160	2044	WerFault.exe	Unicorn-57582.exe
2836	2180	WerFault.exe	Unicorn-11910.exe
1204	988	WerFault.exe	Unicorn-11386.exe
2352	900	WerFault.exe	Unicorn-670.exe
1820	2812	WerFault.exe	Unicorn-14001.exe
488	2336	WerFault.exe	Unicorn-56534.exe
2648	2120	WerFault.exe	Unicorn-6975.exe
2068	1516	WerFault.exe	Unicorn-52647.exe
3604	2960	WerFault.exe	Unicorn-4289.exe
3612	2520	WerFault.exe	Unicorn-38720.exe
3636	2680	WerFault.exe	Unicorn-58586.exe
3652	2528	WerFault.exe	Unicorn-57538.exe
3756	2252	WerFault.exe	Unicorn-13599.exe
3832	320	WerFault.exe	Unicorn-37603.exe
3848	2172	WerFault.exe	Unicorn-26797.exe
3856	1832	WerFault.exe	Unicorn-57469.exe
3920	560	WerFault.exe	Unicorn-51849.exe
3928	348	WerFault.exe	Unicorn-43223.exe
3936	2260	WerFault.exe	Unicorn-15123.exe
3984	2880	WerFault.exe	Unicorn-19125.exe
3316	1796	WerFault.exe	Unicorn-19125.exe
3324	2196	WerFault.exe	Unicorn-3172.exe
3520	3716	WerFault.exe	Unicorn-33809.exe
3668	2304	WerFault.exe	Unicorn-19649.exe
3740	1640	WerFault.exe	Unicorn-48844.exe
3796	2876	WerFault.exe	Unicorn-62110.exe
4004	3012	WerFault.exe	Unicorn-34989.exe
3468	2728	WerFault.exe	Unicorn-14144.exe
3540	2436	WerFault.exe	Unicorn-25887.exe
3904	2016	WerFault.exe	Unicorn-48973.exe
3388	1808	WerFault.exe	Unicorn-16819.exe
3360	1372	WerFault.exe	Unicorn-64785.exe
3820	1552	WerFault.exe	Unicorn-28059.exe
3800	2056	WerFault.exe	Unicorn-42305.exe
4040	2576	WerFault.exe	Unicorn-64897.exe
4084	1740	WerFault.exe	Unicorn-29107.exe
3504	1248	WerFault.exe	Unicorn-58090.exe
3084	2720	WerFault.exe	Unicorn-25011.exe
3696	2568	WerFault.exe	Unicorn-30017.exe
3292	1860	WerFault.exe	Unicorn-28370.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exeUnicorn-60639.exeUnicorn-28939.exeUnicorn-48805.exeUnicorn-4233.exeUnicorn-58006.exeUnicorn-60097.exeUnicorn-38528.exeUnicorn-59171.exeUnicorn-37480.exeUnicorn-17614.exeUnicorn-37480.exeUnicorn-57602.exeUnicorn-47841.exeUnicorn-50389.exeUnicorn-1468.exeUnicorn-3920.exeUnicorn-20190.exeUnicorn-60677.exeUnicorn-324.exeUnicorn-1494.exeUnicorn-21360.exeUnicorn-24199.exeUnicorn-7499.exeUnicorn-57582.exeUnicorn-11910.exeUnicorn-670.exeUnicorn-14001.exeUnicorn-52647.exeUnicorn-56534.exeUnicorn-6975.exeUnicorn-11386.exeUnicorn-4289.exeUnicorn-38720.exeUnicorn-58586.exeUnicorn-57538.exeUnicorn-25887.exeUnicorn-62110.exeUnicorn-13599.exeUnicorn-14144.exeUnicorn-26797.exeUnicorn-19649.exeUnicorn-48844.exeUnicorn-3172.exeUnicorn-37603.exeUnicorn-19125.exeUnicorn-43223.exeUnicorn-57469.exeUnicorn-19125.exeUnicorn-15123.exeUnicorn-51849.exeUnicorn-34989.exeUnicorn-33545.exeUnicorn-48973.exeUnicorn-29107.exeUnicorn-28059.exeUnicorn-64785.exeUnicorn-21257.exeUnicorn-16819.exeUnicorn-42305.exeUnicorn-30017.exeUnicorn-51545.exeUnicorn-64897.exeUnicorn-7440.exe

pid	process
1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
1708	Unicorn-60639.exe
2980	Unicorn-28939.exe
2572	Unicorn-48805.exe
2988	Unicorn-4233.exe
2456	Unicorn-58006.exe
2416	Unicorn-60097.exe
308	Unicorn-38528.exe
2644	Unicorn-59171.exe
1996	Unicorn-37480.exe
2008	Unicorn-17614.exe
1768	Unicorn-37480.exe
1604	Unicorn-57602.exe
288	Unicorn-47841.exe
1916	Unicorn-50389.exe
2092	Unicorn-1468.exe
2396	Unicorn-3920.exe
1104	Unicorn-20190.exe
1920	Unicorn-60677.exe
1296	Unicorn-324.exe
3020	Unicorn-1494.exe
2064	Unicorn-21360.exe
1576	Unicorn-24199.exe
1340	Unicorn-7499.exe
2044	Unicorn-57582.exe
2180	Unicorn-11910.exe
900	Unicorn-670.exe
2812	Unicorn-14001.exe
1516	Unicorn-52647.exe
2336	Unicorn-56534.exe
2120	Unicorn-6975.exe
988	Unicorn-11386.exe
2960	Unicorn-4289.exe
2520	Unicorn-38720.exe
2680	Unicorn-58586.exe
2528	Unicorn-57538.exe
2436	Unicorn-25887.exe
2876	Unicorn-62110.exe
2252	Unicorn-13599.exe
2728	Unicorn-14144.exe
2172	Unicorn-26797.exe
2304	Unicorn-19649.exe
1640	Unicorn-48844.exe
2196	Unicorn-3172.exe
320	Unicorn-37603.exe
1796	Unicorn-19125.exe
348	Unicorn-43223.exe
1832	Unicorn-57469.exe
2880	Unicorn-19125.exe
2260	Unicorn-15123.exe
560	Unicorn-51849.exe
3012	Unicorn-34989.exe
2112	Unicorn-33545.exe
2016	Unicorn-48973.exe
1740	Unicorn-29107.exe
1552	Unicorn-28059.exe
1372	Unicorn-64785.exe
2824	Unicorn-21257.exe
1808	Unicorn-16819.exe
2056	Unicorn-42305.exe
2568	Unicorn-30017.exe
2444	Unicorn-51545.exe
2576	Unicorn-64897.exe
1716	Unicorn-7440.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exeUnicorn-60639.exeUnicorn-28939.exeUnicorn-48805.exeUnicorn-4233.exeUnicorn-58006.exeUnicorn-60097.exeUnicorn-59171.exe

description	pid	process	target process
PID 1924 wrote to memory of 1708	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-60639.exe
PID 1924 wrote to memory of 1708	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-60639.exe
PID 1924 wrote to memory of 1708	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-60639.exe
PID 1924 wrote to memory of 1708	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-60639.exe
PID 1924 wrote to memory of 2980	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-28939.exe
PID 1924 wrote to memory of 2980	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-28939.exe
PID 1924 wrote to memory of 2980	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-28939.exe
PID 1924 wrote to memory of 2980	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	Unicorn-28939.exe
PID 1708 wrote to memory of 2572	1708	Unicorn-60639.exe	Unicorn-48805.exe
PID 1708 wrote to memory of 2572	1708	Unicorn-60639.exe	Unicorn-48805.exe
PID 1708 wrote to memory of 2572	1708	Unicorn-60639.exe	Unicorn-48805.exe
PID 1708 wrote to memory of 2572	1708	Unicorn-60639.exe	Unicorn-48805.exe
PID 1924 wrote to memory of 2524	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	WerFault.exe
PID 1924 wrote to memory of 2524	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	WerFault.exe
PID 1924 wrote to memory of 2524	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	WerFault.exe
PID 1924 wrote to memory of 2524	1924	8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe	WerFault.exe
PID 2980 wrote to memory of 2988	2980	Unicorn-28939.exe	Unicorn-4233.exe
PID 2980 wrote to memory of 2988	2980	Unicorn-28939.exe	Unicorn-4233.exe
PID 2980 wrote to memory of 2988	2980	Unicorn-28939.exe	Unicorn-4233.exe
PID 2980 wrote to memory of 2988	2980	Unicorn-28939.exe	Unicorn-4233.exe
PID 2572 wrote to memory of 2456	2572	Unicorn-48805.exe	Unicorn-58006.exe
PID 2572 wrote to memory of 2456	2572	Unicorn-48805.exe	Unicorn-58006.exe
PID 2572 wrote to memory of 2456	2572	Unicorn-48805.exe	Unicorn-58006.exe
PID 2572 wrote to memory of 2456	2572	Unicorn-48805.exe	Unicorn-58006.exe
PID 1708 wrote to memory of 2416	1708	Unicorn-60639.exe	Unicorn-60097.exe
PID 1708 wrote to memory of 2416	1708	Unicorn-60639.exe	Unicorn-60097.exe
PID 1708 wrote to memory of 2416	1708	Unicorn-60639.exe	Unicorn-60097.exe
PID 1708 wrote to memory of 2416	1708	Unicorn-60639.exe	Unicorn-60097.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-60639.exe	WerFault.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-60639.exe	WerFault.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-60639.exe	WerFault.exe
PID 1708 wrote to memory of 2676	1708	Unicorn-60639.exe	WerFault.exe
PID 2988 wrote to memory of 308	2988	Unicorn-4233.exe	Unicorn-38528.exe
PID 2988 wrote to memory of 308	2988	Unicorn-4233.exe	Unicorn-38528.exe
PID 2988 wrote to memory of 308	2988	Unicorn-4233.exe	Unicorn-38528.exe
PID 2988 wrote to memory of 308	2988	Unicorn-4233.exe	Unicorn-38528.exe
PID 2980 wrote to memory of 2644	2980	Unicorn-28939.exe	Unicorn-59171.exe
PID 2980 wrote to memory of 2644	2980	Unicorn-28939.exe	Unicorn-59171.exe
PID 2980 wrote to memory of 2644	2980	Unicorn-28939.exe	Unicorn-59171.exe
PID 2980 wrote to memory of 2644	2980	Unicorn-28939.exe	Unicorn-59171.exe
PID 2572 wrote to memory of 2008	2572	Unicorn-48805.exe	Unicorn-17614.exe
PID 2572 wrote to memory of 2008	2572	Unicorn-48805.exe	Unicorn-17614.exe
PID 2572 wrote to memory of 2008	2572	Unicorn-48805.exe	Unicorn-17614.exe
PID 2572 wrote to memory of 2008	2572	Unicorn-48805.exe	Unicorn-17614.exe
PID 2456 wrote to memory of 1996	2456	Unicorn-58006.exe	Unicorn-37480.exe
PID 2456 wrote to memory of 1996	2456	Unicorn-58006.exe	Unicorn-37480.exe
PID 2456 wrote to memory of 1996	2456	Unicorn-58006.exe	Unicorn-37480.exe
PID 2456 wrote to memory of 1996	2456	Unicorn-58006.exe	Unicorn-37480.exe
PID 2416 wrote to memory of 1768	2416	Unicorn-60097.exe	Unicorn-37480.exe
PID 2416 wrote to memory of 1768	2416	Unicorn-60097.exe	Unicorn-37480.exe
PID 2416 wrote to memory of 1768	2416	Unicorn-60097.exe	Unicorn-37480.exe
PID 2416 wrote to memory of 1768	2416	Unicorn-60097.exe	Unicorn-37480.exe
PID 2980 wrote to memory of 1128	2980	Unicorn-28939.exe	WerFault.exe
PID 2980 wrote to memory of 1128	2980	Unicorn-28939.exe	WerFault.exe
PID 2980 wrote to memory of 1128	2980	Unicorn-28939.exe	WerFault.exe
PID 2980 wrote to memory of 1128	2980	Unicorn-28939.exe	WerFault.exe
PID 2572 wrote to memory of 2864	2572	Unicorn-48805.exe	WerFault.exe
PID 2572 wrote to memory of 2864	2572	Unicorn-48805.exe	WerFault.exe
PID 2572 wrote to memory of 2864	2572	Unicorn-48805.exe	WerFault.exe
PID 2572 wrote to memory of 2864	2572	Unicorn-48805.exe	WerFault.exe
PID 2644 wrote to memory of 1604	2644	Unicorn-59171.exe	Unicorn-57602.exe
PID 2644 wrote to memory of 1604	2644	Unicorn-59171.exe	Unicorn-57602.exe
PID 2644 wrote to memory of 1604	2644	Unicorn-59171.exe	Unicorn-57602.exe
PID 2644 wrote to memory of 1604	2644	Unicorn-59171.exe	Unicorn-57602.exe

C:\Users\Admin\AppData\Local\Temp\8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe
"C:\Users\Admin\AppData\Local\Temp\8a3e049af1961a14bbbb3183c334f0fd86aaf062e2220f0fc0e08d91510308d9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7499.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62110.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51545.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
10⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57722.exe
11⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2444.exe
12⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11951.exe
13⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53555.exe
14⤵
PID:13408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
14⤵
PID:14084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
13⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
12⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 216
11⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 216
10⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
9⤵
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
11⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
12⤵
PID:11896

C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
13⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
9⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64897.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41520.exe
9⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50530.exe
10⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
11⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14680.exe
12⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 236
13⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
11⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 236
10⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
9⤵
- Program crash
PID:4040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
8⤵
- Program crash
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13599.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30017.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-2044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2044.exe
9⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10093.exe
10⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
11⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
12⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32465.exe
13⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10264 -s 236
13⤵
PID:13808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
10⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
9⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
8⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
7⤵
- Program crash
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57582.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26797.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13605.exe
8⤵
- Executes dropped EXE
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
9⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63958.exe
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-302.exe
11⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
12⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
13⤵
PID:12248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
14⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 220
12⤵
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
11⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
10⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
9⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35954.exe
8⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46404.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
10⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8374.exe
11⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
11⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
9⤵
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
8⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25011.exe
7⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51670.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60944.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
11⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 220
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
9⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
8⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
7⤵
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
6⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51849.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
8⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
9⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56722.exe
10⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43776.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63392.exe
12⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56822.exe
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 220
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 216
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28245.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
11⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
12⤵
PID:11508

C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51004.exe
13⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:9576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-833.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
8⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27448.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15339.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16127.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 220
11⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
9⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25945.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25352.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10907.exe
10⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
11⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:9840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
8⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
7⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15123.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
7⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52024.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21681.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49674.exe
11⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58087.exe
12⤵
PID:12224

C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11344.exe
13⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
12⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26538.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38868.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-807.exe
10⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-33141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33141.exe
11⤵
PID:12044

C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
12⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
8⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39001.exe
7⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64536.exe
10⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41575.exe
11⤵
PID:12120

C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42389.exe
12⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
11⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
8⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 220
7⤵
- Program crash
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
6⤵
- Program crash
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20190.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-670.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43179.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20235.exe
10⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60093.exe
11⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
12⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12965.exe
13⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 220
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
11⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31041.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38592.exe
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
11⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39237.exe
12⤵
PID:12088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51107.exe
13⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
11⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
9⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26282.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30045.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4168.exe
10⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
11⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-43874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43874.exe
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
12⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
9⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
8⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
7⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
8⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57378.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17623.exe
11⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11215.exe
12⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10324 -s 216
12⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
8⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
7⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43223.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31254.exe
7⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6166.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16116.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
11⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
12⤵
PID:11348

C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
13⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
12⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 236
11⤵
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-962.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61345.exe
9⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25688.exe
10⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 216
11⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 220
10⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 220
8⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45404.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 220
10⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
8⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 220
7⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
6⤵
- Program crash
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52647.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34989.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23247.exe
7⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2639.exe
8⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44212.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25968.exe
11⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12744.exe
12⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
12⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
11⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
9⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58503.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11362.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-5570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5570.exe
9⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
10⤵
PID:11968

C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15264.exe
11⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 236
10⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
9⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
7⤵
- Program crash
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
6⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44178.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53445.exe
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59749.exe
9⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45767.exe
10⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
10⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
9⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
8⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
7⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
6⤵
- Program crash
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
5⤵
- Program crash
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60677.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11386.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3172.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
8⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
9⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
10⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
11⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62652.exe
12⤵
PID:10124

C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47935.exe
13⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 216
13⤵
PID:14092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
12⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
11⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
10⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45811.exe
9⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50587.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
12⤵
PID:11964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
13⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
12⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
11⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
9⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
8⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18217.exe
7⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63788.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
11⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54258.exe
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19849.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33224.exe
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37960.exe
10⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
11⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
10⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
8⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
7⤵
- Program crash
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32987.exe
7⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-21024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21024.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10786.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28646.exe
10⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
11⤵
PID:12012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
12⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 236
11⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29521.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4068.exe
11⤵
PID:11892

C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10542.exe
12⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 216
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
9⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
8⤵
PID:4884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
7⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
6⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56534.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32754.exe
7⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58436.exe
8⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47279.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61536.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36783.exe
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
12⤵
PID:6840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
11⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
10⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 216
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62904.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56986.exe
9⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37484.exe
10⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-56380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56380.exe
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
11⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
10⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 220
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23832.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36008.exe
9⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35393.exe
10⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22772.exe
11⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 236
11⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
10⤵
PID:10996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12888.exe
6⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
7⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22329.exe
8⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60585.exe
9⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8720.exe
10⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 220
11⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 216
10⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
8⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16254.exe
7⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
8⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-43028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43028.exe
9⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44296.exe
10⤵
PID:11808

C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
11⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
10⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
9⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
8⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
7⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
6⤵
- Program crash
PID:488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
5⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-324.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7440.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12379.exe
7⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
9⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64346.exe
9⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32957.exe
10⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39477.exe
11⤵
PID:13864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 236
11⤵
PID:14236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
10⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 220
9⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
8⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
7⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-158.exe
6⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33699.exe
7⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43236.exe
8⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
9⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17127.exe
10⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 220
9⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
8⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
7⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
6⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
5⤵
- Program crash
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-4233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4233.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19649.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28370.exe
8⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47649.exe
9⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
11⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39815.exe
12⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26012.exe
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
13⤵
PID:13576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 220
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
11⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
9⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62620.exe
8⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47033.exe
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33060.exe
10⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15788.exe
11⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3573.exe
12⤵
PID:12468

C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
13⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
12⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
10⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
8⤵
- Program crash
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46989.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57024.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4364.exe
10⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35427.exe
11⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58890.exe
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 236
12⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 236
11⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
10⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
7⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48844.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58090.exe
7⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4592.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31846.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36750.exe
11⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
12⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 236
11⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 236
10⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
9⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
8⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32879.exe
7⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8467.exe
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
10⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39724.exe
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
11⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
10⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
9⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
8⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
7⤵
- Program crash
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
6⤵
- Program crash
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14001.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19125.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13054.exe
7⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-522.exe
8⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49574.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42964.exe
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45676.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24112.exe
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 220
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 220
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 216
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 216
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46215.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25331.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63689.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12724.exe
10⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39959.exe
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 220
11⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
10⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
9⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
8⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
7⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63822.exe
6⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-21024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21024.exe
7⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9718.exe
7⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27931.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36047.exe
9⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29586.exe
10⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
10⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
9⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
8⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
7⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
6⤵
- Program crash
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
5⤵
- Program crash
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57538.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21257.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26621.exe
8⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11989.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45958.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
11⤵
PID:7008

C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43151.exe
12⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14176.exe
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
13⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7008 -s 216
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
10⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44093.exe
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28400.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2436.exe
11⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 220
12⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
11⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
10⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27889.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58413.exe
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34909.exe
10⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12466.exe
11⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23667.exe
12⤵
PID:14060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 236
12⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
11⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 236
10⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
8⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52360.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-4797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4797.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40688.exe
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20734.exe
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 220
11⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46997.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24012.exe
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 220
10⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
8⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
7⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16819.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28828.exe
7⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20066.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2993.exe
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
12⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 220
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 220
11⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
10⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27475.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32414.exe
10⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37022.exe
11⤵
PID:12240

C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
12⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 220
11⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
10⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 220
9⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
8⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4912.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10168.exe
8⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61474.exe
9⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
10⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40219.exe
11⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 236
11⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
10⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
9⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
8⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
6⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42305.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
7⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30125.exe
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23251.exe
9⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 220
10⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
9⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
8⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
7⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
6⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51146.exe
7⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24304.exe
8⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
9⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50358.exe
10⤵
PID:11532

C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30996.exe
11⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 220
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 220
9⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
8⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
7⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
6⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
5⤵
- Program crash
PID:984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21360.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-58586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58586.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64785.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21636.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53382.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
11⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30292.exe
12⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41970.exe
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
13⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 220
12⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
11⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26427.exe
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22458.exe
11⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4142.exe
12⤵
PID:12328

C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63545.exe
13⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
11⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
9⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63257.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-325.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-652.exe
10⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 188
11⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
8⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37538.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15970.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2454.exe
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16660.exe
10⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53990.exe
11⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
12⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 204
11⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65477.exe
8⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
9⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
10⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16138.exe
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
11⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
9⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
8⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
7⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28059.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16881.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63434.exe
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41985.exe
9⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48030.exe
10⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5656.exe
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
11⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
10⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
9⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
8⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
7⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
6⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38720.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41116.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7325.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37286.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27352.exe
10⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64156.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36692.exe
12⤵
PID:12148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20957.exe
13⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 236
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
11⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33043.exe
7⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49530.exe
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
9⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18336.exe
10⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-307.exe
11⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
11⤵
PID:13800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 236
10⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
9⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
8⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
7⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26346.exe
6⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9873.exe
7⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59475.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41852.exe
10⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23504.exe
11⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
11⤵
PID:13784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
10⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
9⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
8⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4163.exe
7⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
8⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
9⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
10⤵
PID:12160

C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
11⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 216
8⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
7⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
6⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
5⤵
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4289.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33545.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7538.exe
7⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10029.exe
10⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 188
11⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11037.exe
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8871.exe
9⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7104.exe
10⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
11⤵
PID:11660

C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27553.exe
12⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 216
11⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
10⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
9⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
8⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33809.exe
7⤵
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 200
8⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
7⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35825.exe
6⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50930.exe
7⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41937.exe
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47187.exe
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
10⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
11⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
11⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6260 -s 216
10⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
9⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
8⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-9783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9783.exe
7⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44300.exe
8⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
9⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50250.exe
10⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
10⤵
PID:13960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
9⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
8⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
7⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
6⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29107.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
6⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51054.exe
7⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
8⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4738.exe
9⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9584 -s 200
10⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
9⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
8⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
7⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
6⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
5⤵
- Program crash
PID:2580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
4⤵
- Program crash
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
2⤵
- Program crash
PID:2524

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16911.exe
Filesize
184KB

MD5
220ed59ea40c700c12d4def69b21ff7d

SHA1
feed7c27ab7cbe4b7cb68ecd9d1a6fb1d7b04412

SHA256
282532e12bedff5c404514fee35862bf2b1f3ac84f2cbba04f46cbd331a006e9

SHA512
3c98f4a7dd437ca1e494a75230a7d073521eda5fd4bdb4a412ca61f84c7f5ec856538e7745ee3c18ebb92d7299b3fc1531ae0d5dd4784c0995c3ab9ee226ec2a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-17277.exe
Filesize
184KB

MD5
9e0a597bb9832ce698eda7a5402478f9

SHA1
958062b31bab2a565a14dd3c18a20fb42bb1e2b8

SHA256
be84b5a79c6365b99b629b61cbeca02fe094471a189db294eb0b09e084f130fb

SHA512
fbc98d0b752fe3a6fc3ed518ee028b3e0e00540030ff94c80ade3aaccd4e566386f0c5cc39cc223eccae7d27e19aa2c7815b28989d51876100f030439748dc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28661.exe
Filesize
184KB

MD5
850b76b8153844a1a5bc0aae01660a7c

SHA1
af571b02b46a67db459d1df48ea1842d6cb056a7

SHA256
2489e3c5cfa842af3b14bb44bd3c8bd60f74ebe6c500c3a5ef2ae4b64bb35314

SHA512
9cafa7e6af14da2e790220f6d5e88fbfee9d5537e4a29bf7559cc81eb6bcbb4532d84fb899020f39f98280fc63c0b423ce7d70b5f79261baa3ccee123d8638e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33141.exe
Filesize
184KB

MD5
eb7764aee806f307fc4f17cf7ff406bd

SHA1
2d18a6e318582002bb06232f51ce3d44df554bd0

SHA256
d88aff12d68aa064cd4e0f1debfc8cc084a4556a4a94ff899480327cc4df044e

SHA512
c72b41c922bf5152c1dbb6fa0d35fe987d22433d15b0be6d50b79d936f665c9957b5eea05a51a4991a6aeb35f8b912c232a4293b3b285966b454ba35878204c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-368.exe
Filesize
184KB

MD5
95b40fb878500de9624387f7ac8520de

SHA1
74add7532a96147ff410c1db2faf9631c67072e5

SHA256
4e18d6398a8b9c51e13c8cef67765b5ee8da3c84d2e3c622bcd684ce33190014

SHA512
fff2b5c965821fdc65b3ab01be757be3446858fbbbae650a2bb162ac76d970d733ce94e9ed66cd4461b76724fc4822b47a44036842920e0392fa05dfb75e6958

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
Filesize
184KB

MD5
d27a4c681baeb910a4f1fbbbdeb5ab29

SHA1
6d893cbf41665575d21d658a13c520ec59364d54

SHA256
7eaf6c7c4015ebb16a17e848c952715d8c9baa145cbfec6618bf5b721c87d756

SHA512
e88104f1cddd911b15ac913e09d5bdb5d10711dc793761fdba57dca7f2c5867471586152466fa5f136a0ca29597aefa9e8055c11f7f9557a54860b94f8d69266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38528.exe
Filesize
184KB

MD5
d0a84f836827ca4586291b77f0c42a3b

SHA1
1724a88683ade0b4b6bec36214fef002ed91746f

SHA256
5ec0b2e32df45bfc31bf45827aac96a50a494127478ca3b3eccf661427a77125

SHA512
a5055f18fe6d9499294a93b2389552eb514a6b9144aff86255a25dedfc776f0e136ff27f40b1fc7c8410f2ac19af9d0ed10beaceef285d9da37eb9fa2427d0d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43874.exe
Filesize
184KB

MD5
517a0a91c6d54bcd8d57277dd8ab0816

SHA1
1d0bd05f5b1d44c4e7a897cfd0277710f063e247

SHA256
953b1c2e34ea9b37d027b89e4d590faf897a95744d92569f137c507109e3fd1c

SHA512
0b2abf951797bf78282ece76ecdcf8dfdb24aa25c1ff93c2ad033e069ea74844f9f1dd51be027eaaddc13dedf608feacf5829037513fc87e900ae945c1ff8e1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48805.exe
Filesize
184KB

MD5
22c29f9f35bfa58827d5f4d5ec00fe7b

SHA1
d22b55c320642ed9ad673ad44e3f2276ea392fa0

SHA256
7e7a64a12bbad2617e85f219fa9a3f59780030fe0bad676632ee2803e583765d

SHA512
62841cf6652553189deb285f14c50fb4cb8ffa8a3c2fa8a956922ac73e94c4cf4b8e06aade2ca140eca272c33271e95ce44d3b71add62519162169d28f519e34

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49469.exe
Filesize
184KB

MD5
b69838392f729669503d311f007ccb18

SHA1
a5612c924c6f1f52fdfa2bf6db56245af42d49c9

SHA256
bed2795429f8de513195d31178fb7b0cc8edb9ae9fb0f5b951deeea554a8f17c

SHA512
1b547533d66725eaa7db55f67f67bbf63c363c11323f396990b4aa28a3247d3fa71ddb0e2daecc0368a2c596fd73b73065acabbbce354daaab6574749ead3f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58006.exe
Filesize
184KB

MD5
8589701688687ec0026d88fe998aef12

SHA1
a27abd39e0ec7a6ef1d35cf8412166cc0c9206ff

SHA256
5ff765bd5e7cc25a0e3243e8b46a25e36171a5456f1579ef3a754e0025000a5c

SHA512
b6724d862929f8463f65a3d593b2a6178b489415b2cd2198b7a5bb2f9fb8218f9237ae840469896ef6b9c00bcc37e6d794c2d986c8897a05446138b06482e521

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59171.exe
Filesize
184KB

MD5
296b222e180c157afe90bb97dfc4dbfd

SHA1
7cbd4fd9cfa9e3d4235319a1c638b82c1d4b6df5

SHA256
12d0273eb932f1bb24bb0874123a1d933d973381c6e7b81427c88d19c35cd544

SHA512
b9f06648588f8a981d9ce7640d0c91bd424d4feb5d72100a1649d9aa67389e0a9c853aa887ebd9899e6cb74ae48e34780eb581d26992febe76de7d17591bf325

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
Filesize
184KB

MD5
ccbe0bd54581d948d1108425f77bdf6f

SHA1
ff53990c906a01be0a64dba4d02363e5ef70fbdf

SHA256
569678c6918f88d18a739717e4c97c59ea1063a85e59eb6b48c680a5c473bc22

SHA512
8b1d8afec7aa9cebec84048dd34b6a85f867e450b4a8620c7dda1af11035fe9d22d2d340fa2ff0cfab262bec3b913cbe71d85dda8c5dc1e10956beef2018197e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17614.exe
Filesize
184KB

MD5
de825e054f2cea4a0e1fba1d6c203a40

SHA1
a6b915409213d2bc7dad5f82f0e422e6f8ed9311

SHA256
eb880d47005086952501ccafe5aa57143c7633482912262fe6a47aeedbf78df1

SHA512
2e212a337d54880f7bac7c70aa29fd83d43f7ef97783787578fc40b26de08e554d60a5cbf0b24d4524095b03376773359650e012cdd095f3395205afafed496f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28939.exe
Filesize
184KB

MD5
6b23e34c3acd6ff72553201ab9316b63

SHA1
d201f848098b1c247bc32686771ac6c840951727

SHA256
44016d310aef078e60499fa0551ef18586d29b6964841fd91279c523f6b56140

SHA512
49339881363aecc1594db7f3d64d09d901a3369b64c9a2a8539cb1d313068204fc52905a8a39919fd0772c4aae6eb942af6fe6884d3d818d37351f6591cdc6ee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4233.exe
Filesize
184KB

MD5
8f7487bb2ec09f6bd35228ee40a82fc5

SHA1
8959e8d32572b4292f6c099f46119204058960c7

SHA256
f77384f874555e87444cf6f0355cd9c90dc5910fcd4795049734e2ab69af6e9f

SHA512
0645d6ac6ccd43ea6cf4dc32068afa43251d0493b7a8c9004c15db26bfc6bdae1d3e6d0fc64a882ab50466257090400b85377b0082bb7e9e49099e4a408a65e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47841.exe
Filesize
184KB

MD5
d0b8977a1e007724d0b1257ff04b980b

SHA1
13d9f5b04df9b15fad4f27a700af3f81a80326c8

SHA256
9d258dc693dcf78a88a04be4854de92e233768e59e5a59067202dd60cc98e104

SHA512
cba365f79114a47a89c53266426ddae8e52944cbaa9b135c5f69fd898bd7137cb8456ef8440606f6e62f6a53a59198e7a1bcfaa433bd560305a1adee1f290016

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
Filesize
184KB

MD5
03a4e3a32f7cc577f10e1bef4139d5b3

SHA1
a7d3ddd2faea4301d79d3c4a6871a7a3dc30bf95

SHA256
2cdc329ed792ae646f8649c889a9df501e7e0439aecc1293d24775ea5ffae8a1

SHA512
c09cfee377e7ae87e16e218e35afccbd3583ec72d3cd54aa6a774875225f7611f4e904f2c8f9398dc72922a57366aedeb38de68d078da651fe3df60c813f8bc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60097.exe
Filesize
184KB

MD5
7ac4eaf0df751f7e03ae3d9e02fc86da

SHA1
b2cdf1d78d4070ab85a66be1514ec5137c4c09f9

SHA256
a03aa0421d4892aa65f927b74df8435246d0627482840ae20595edbcf9a7e88c

SHA512
c8a022b50e0f921d0490dd987cab26da3167469ac14cd282c5f1b506a4d86aaa7b9d645f47b5c8e1e00639ba2d4ecd1a90085809cc65bcea0826ea5ff4adf7e7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60639.exe
Filesize
184KB

MD5
48af86669dcadb3e482043021edff204

SHA1
6b6a57e61997fb211e5c7fc36df83a04e199f5b9

SHA256
8aca6b72a9b9728d0886234bb78b3dcc9fd6391da7a12db1877279cb73a1fe85

SHA512
064da3709580e2874004139d54c56839bb535ab6fff8e179e17bf6748c0855d13a460e3ebd9a3b1a6041ee2174c48ab2bf9935eec2b1fc411804320c992b86e7

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads