a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
Size

184KB
MD5

2ab0e04ba89c58e8d0c6eec976c590c0
SHA1

fc70adcd1e30e8c948f869d09ceec07b152baec3
SHA256

a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336
SHA512

a1558998e8923af22a81ac3b8e00b82e056d9ef0dffd75173ae39ec4842c6baa8ba398856feae6cf56dc662d63377d2b5d5af343c8f4f7dcbe3da8a097840d92
SSDEEP

1536:w79j0Z9lrX2xo7xQV4wAlawGB2IyC1cl6md8VPLu2TzetXhl5hj5nizpvd:+yRX2xola4wTTBtLqUPLuEsXhlnViFV

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47982.exeUnicorn-15543.exeUnicorn-49840.exeUnicorn-60362.exeUnicorn-7632.exeUnicorn-43533.exeUnicorn-40922.exeUnicorn-28116.exeUnicorn-43575.exeUnicorn-27758.exeUnicorn-53886.exeUnicorn-1253.exeUnicorn-34310.exeUnicorn-47501.exeUnicorn-57314.exeUnicorn-11642.exeUnicorn-35078.exeUnicorn-57122.exeUnicorn-34886.exeUnicorn-34352.exeUnicorn-29753.exeUnicorn-1871.exeUnicorn-14678.exeUnicorn-50387.exeUnicorn-59920.exeUnicorn-59920.exeUnicorn-39862.exeUnicorn-59728.exeUnicorn-7574.exeUnicorn-27440.exeUnicorn-11980.exeUnicorn-57652.exeUnicorn-42754.exeUnicorn-58021.exeUnicorn-56137.exeUnicorn-34306.exeUnicorn-34306.exeUnicorn-56350.exeUnicorn-47689.exeUnicorn-2017.exeUnicorn-2593.exeUnicorn-22525.exeUnicorn-22525.exeUnicorn-9910.exeUnicorn-60756.exeUnicorn-8026.exeUnicorn-43159.exeUnicorn-43159.exeUnicorn-26941.exeUnicorn-46807.exeUnicorn-28887.exeUnicorn-58543.exeUnicorn-23218.exeUnicorn-15180.exeUnicorn-17833.exeUnicorn-15756.exeUnicorn-35055.exeUnicorn-7941.exeUnicorn-49851.exeUnicorn-60162.exeUnicorn-60162.exeUnicorn-47739.exeUnicorn-47547.exeUnicorn-65528.exe

pid	process
3068	Unicorn-47982.exe
3036	Unicorn-15543.exe
1736	Unicorn-49840.exe
2648	Unicorn-60362.exe
2548	Unicorn-7632.exe
2576	Unicorn-43533.exe
1576	Unicorn-40922.exe
1704	Unicorn-28116.exe
1988	Unicorn-43575.exe
2452	Unicorn-27758.exe
1232	Unicorn-53886.exe
328	Unicorn-1253.exe
2856	Unicorn-34310.exe
644	Unicorn-47501.exe
2360	Unicorn-57314.exe
2708	Unicorn-11642.exe
2312	Unicorn-35078.exe
2696	Unicorn-57122.exe
964	Unicorn-34886.exe
2336	Unicorn-34352.exe
300	Unicorn-29753.exe
2244	Unicorn-1871.exe
1880	Unicorn-14678.exe
2920	Unicorn-50387.exe
752	Unicorn-59920.exe
576	Unicorn-59920.exe
1412	Unicorn-39862.exe
552	Unicorn-59728.exe
2208	Unicorn-7574.exe
2420	Unicorn-27440.exe
1724	Unicorn-11980.exe
2092	Unicorn-57652.exe
2344	Unicorn-42754.exe
2800	Unicorn-58021.exe
2556	Unicorn-56137.exe
2564	Unicorn-34306.exe
2644	Unicorn-34306.exe
2444	Unicorn-56350.exe
2284	Unicorn-47689.exe
1804	Unicorn-2017.exe
2508	Unicorn-2593.exe
1284	Unicorn-22525.exe
2232	Unicorn-22525.exe
1832	Unicorn-9910.exe
1140	Unicorn-60756.exe
1764	Unicorn-8026.exe
2200	Unicorn-43159.exe
2272	Unicorn-43159.exe
1676	Unicorn-26941.exe
1036	Unicorn-46807.exe
1004	Unicorn-28887.exe
3056	Unicorn-58543.exe
1760	Unicorn-23218.exe
1644	Unicorn-15180.exe
2064	Unicorn-17833.exe
2080	Unicorn-15756.exe
1980	Unicorn-35055.exe
2436	Unicorn-7941.exe
3040	Unicorn-49851.exe
2604	Unicorn-60162.exe
2600	Unicorn-60162.exe
2612	Unicorn-47739.exe
2828	Unicorn-47547.exe
2840	Unicorn-65528.exe

Loads dropped DLL 64 IoCs

Processes:

a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exeUnicorn-47982.exeUnicorn-15543.exeUnicorn-49840.exeWerFault.exeUnicorn-60362.exeUnicorn-7632.exeUnicorn-43533.exeWerFault.exeWerFault.exeUnicorn-40922.exeUnicorn-28116.exeUnicorn-43575.exeUnicorn-27758.exeUnicorn-53886.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
3068	Unicorn-47982.exe
3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
3068	Unicorn-47982.exe
3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
3036	Unicorn-15543.exe
3036	Unicorn-15543.exe
3068	Unicorn-47982.exe
3068	Unicorn-47982.exe
1736	Unicorn-49840.exe
1736	Unicorn-49840.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2784	WerFault.exe
2648	Unicorn-60362.exe
3036	Unicorn-15543.exe
2648	Unicorn-60362.exe
3036	Unicorn-15543.exe
2548	Unicorn-7632.exe
2548	Unicorn-7632.exe
2576	Unicorn-43533.exe
2576	Unicorn-43533.exe
1736	Unicorn-49840.exe
1736	Unicorn-49840.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
2412	WerFault.exe
1576	Unicorn-40922.exe
1576	Unicorn-40922.exe
1704	Unicorn-28116.exe
1704	Unicorn-28116.exe
2648	Unicorn-60362.exe
2648	Unicorn-60362.exe
2548	Unicorn-7632.exe
2548	Unicorn-7632.exe
1988	Unicorn-43575.exe
1988	Unicorn-43575.exe
2452	Unicorn-27758.exe
2452	Unicorn-27758.exe
2576	Unicorn-43533.exe
2576	Unicorn-43533.exe
1232	Unicorn-53886.exe
1232	Unicorn-53886.exe
1828	WerFault.exe
1828	WerFault.exe
1828	WerFault.exe
1828	WerFault.exe
1828	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
1796	WerFault.exe
704	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2672	3008	WerFault.exe	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
2784	3068	WerFault.exe	Unicorn-47982.exe
1992	3036	WerFault.exe	Unicorn-15543.exe
2412	1736	WerFault.exe	Unicorn-49840.exe
1828	2648	WerFault.exe	Unicorn-60362.exe
1796	2548	WerFault.exe	Unicorn-7632.exe
704	2576	WerFault.exe	Unicorn-43533.exe
2884	1576	WerFault.exe	Unicorn-40922.exe
2104	1704	WerFault.exe	Unicorn-28116.exe
2624	1988	WerFault.exe	Unicorn-43575.exe
2400	2452	WerFault.exe	Unicorn-27758.exe
2684	1232	WerFault.exe	Unicorn-53886.exe
2408	328	WerFault.exe	Unicorn-1253.exe
2504	2856	WerFault.exe	Unicorn-34310.exe
2052	644	WerFault.exe	Unicorn-47501.exe
2752	2360	WerFault.exe	Unicorn-57314.exe
656	2708	WerFault.exe	Unicorn-11642.exe
1388	2696	WerFault.exe	Unicorn-57122.exe
1372	2312	WerFault.exe	Unicorn-35078.exe
1364	964	WerFault.exe	Unicorn-34886.exe
2124	300	WerFault.exe	Unicorn-29753.exe
1772	2336	WerFault.exe	Unicorn-34352.exe
1700	1880	WerFault.exe	Unicorn-14678.exe
1572	2244	WerFault.exe	Unicorn-1871.exe
2304	2920	WerFault.exe	Unicorn-50387.exe
2204	576	WerFault.exe	Unicorn-59920.exe
780	752	WerFault.exe	Unicorn-59920.exe
584	1412	WerFault.exe	Unicorn-39862.exe
2440	2420	WerFault.exe	Unicorn-27440.exe
1616	2208	WerFault.exe	Unicorn-7574.exe
1192	1724	WerFault.exe	Unicorn-11980.exe
1868	552	WerFault.exe	Unicorn-59728.exe
588	2092	WerFault.exe	Unicorn-57652.exe
3476	2344	WerFault.exe	Unicorn-42754.exe
3556	2800	WerFault.exe	Unicorn-58021.exe
3656	2564	WerFault.exe	Unicorn-34306.exe
3648	2644	WerFault.exe	Unicorn-34306.exe
3772	1140	WerFault.exe	Unicorn-60756.exe
3796	1832	WerFault.exe	Unicorn-9910.exe
3600	2556	WerFault.exe	Unicorn-56137.exe
3640	2284	WerFault.exe	Unicorn-47689.exe
3692	2232	WerFault.exe	Unicorn-22525.exe
3708	2444	WerFault.exe	Unicorn-56350.exe
3716	1760	WerFault.exe	Unicorn-23218.exe
3520	1764	WerFault.exe	Unicorn-8026.exe
3824	2508	WerFault.exe	Unicorn-2593.exe
3236	2780	WerFault.exe	Unicorn-48507.exe
3260	1284	WerFault.exe	Unicorn-22525.exe
3288	1004	WerFault.exe	Unicorn-28887.exe
3292	2748	WerFault.exe	Unicorn-57080.exe
3360	776	WerFault.exe	Unicorn-20193.exe
3356	1968	WerFault.exe	Unicorn-57656.exe
3380	2772	WerFault.exe	Unicorn-6810.exe
3460	1804	WerFault.exe	Unicorn-2017.exe
3508	2332	WerFault.exe	Unicorn-40635.exe
3540	1440	WerFault.exe	Unicorn-5502.exe
3596	1520	WerFault.exe	Unicorn-10100.exe
3612	676	WerFault.exe	Unicorn-24600.exe
3724	2368	WerFault.exe	Unicorn-10100.exe
3812	1636	WerFault.exe	Unicorn-6810.exe
3224	2588	WerFault.exe	Unicorn-57080.exe
4120	2200	WerFault.exe	Unicorn-43159.exe
4220	1036	WerFault.exe	Unicorn-46807.exe
4236	1812	WerFault.exe	Unicorn-28449.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exeUnicorn-47982.exeUnicorn-15543.exeUnicorn-49840.exeUnicorn-60362.exeUnicorn-7632.exeUnicorn-43533.exeUnicorn-40922.exeUnicorn-28116.exeUnicorn-43575.exeUnicorn-27758.exeUnicorn-53886.exeUnicorn-1253.exeUnicorn-34310.exeUnicorn-47501.exeUnicorn-11642.exeUnicorn-35078.exeUnicorn-57122.exeUnicorn-57314.exeUnicorn-34886.exeUnicorn-34352.exeUnicorn-29753.exeUnicorn-1871.exeUnicorn-14678.exeUnicorn-50387.exeUnicorn-59920.exeUnicorn-59920.exeUnicorn-39862.exeUnicorn-59728.exeUnicorn-7574.exeUnicorn-27440.exeUnicorn-11980.exeUnicorn-57652.exeUnicorn-42754.exeUnicorn-58021.exeUnicorn-56137.exeUnicorn-34306.exeUnicorn-34306.exeUnicorn-56350.exeUnicorn-47689.exeUnicorn-2017.exeUnicorn-2593.exeUnicorn-22525.exeUnicorn-22525.exeUnicorn-60756.exeUnicorn-9910.exeUnicorn-8026.exeUnicorn-43159.exeUnicorn-43159.exeUnicorn-26941.exeUnicorn-46807.exeUnicorn-28887.exeUnicorn-23218.exeUnicorn-58543.exeUnicorn-15180.exeUnicorn-17833.exeUnicorn-15756.exeUnicorn-35055.exeUnicorn-7941.exeUnicorn-49851.exeUnicorn-60162.exeUnicorn-60162.exeUnicorn-47739.exeUnicorn-47547.exe

pid	process
3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
3068	Unicorn-47982.exe
3036	Unicorn-15543.exe
1736	Unicorn-49840.exe
2648	Unicorn-60362.exe
2548	Unicorn-7632.exe
2576	Unicorn-43533.exe
1576	Unicorn-40922.exe
1704	Unicorn-28116.exe
1988	Unicorn-43575.exe
2452	Unicorn-27758.exe
1232	Unicorn-53886.exe
328	Unicorn-1253.exe
2856	Unicorn-34310.exe
644	Unicorn-47501.exe
2708	Unicorn-11642.exe
2312	Unicorn-35078.exe
2696	Unicorn-57122.exe
2360	Unicorn-57314.exe
964	Unicorn-34886.exe
2336	Unicorn-34352.exe
300	Unicorn-29753.exe
2244	Unicorn-1871.exe
1880	Unicorn-14678.exe
2920	Unicorn-50387.exe
752	Unicorn-59920.exe
576	Unicorn-59920.exe
1412	Unicorn-39862.exe
552	Unicorn-59728.exe
2208	Unicorn-7574.exe
2420	Unicorn-27440.exe
1724	Unicorn-11980.exe
2092	Unicorn-57652.exe
2344	Unicorn-42754.exe
2800	Unicorn-58021.exe
2556	Unicorn-56137.exe
2564	Unicorn-34306.exe
2644	Unicorn-34306.exe
2444	Unicorn-56350.exe
2284	Unicorn-47689.exe
1804	Unicorn-2017.exe
2508	Unicorn-2593.exe
1284	Unicorn-22525.exe
2232	Unicorn-22525.exe
1140	Unicorn-60756.exe
1832	Unicorn-9910.exe
1764	Unicorn-8026.exe
2200	Unicorn-43159.exe
2272	Unicorn-43159.exe
1676	Unicorn-26941.exe
1036	Unicorn-46807.exe
1004	Unicorn-28887.exe
1760	Unicorn-23218.exe
3056	Unicorn-58543.exe
1644	Unicorn-15180.exe
2064	Unicorn-17833.exe
2080	Unicorn-15756.exe
1980	Unicorn-35055.exe
2436	Unicorn-7941.exe
3040	Unicorn-49851.exe
2600	Unicorn-60162.exe
2604	Unicorn-60162.exe
2612	Unicorn-47739.exe
2828	Unicorn-47547.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exeUnicorn-47982.exeUnicorn-15543.exeUnicorn-49840.exeUnicorn-60362.exeUnicorn-7632.exeUnicorn-43533.exeUnicorn-40922.exe

description	pid	process	target process
PID 3008 wrote to memory of 3068	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-47982.exe
PID 3008 wrote to memory of 3068	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-47982.exe
PID 3008 wrote to memory of 3068	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-47982.exe
PID 3008 wrote to memory of 3068	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-47982.exe
PID 3068 wrote to memory of 3036	3068	Unicorn-47982.exe	Unicorn-15543.exe
PID 3068 wrote to memory of 3036	3068	Unicorn-47982.exe	Unicorn-15543.exe
PID 3068 wrote to memory of 3036	3068	Unicorn-47982.exe	Unicorn-15543.exe
PID 3068 wrote to memory of 3036	3068	Unicorn-47982.exe	Unicorn-15543.exe
PID 3008 wrote to memory of 1736	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-49840.exe
PID 3008 wrote to memory of 1736	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-49840.exe
PID 3008 wrote to memory of 1736	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-49840.exe
PID 3008 wrote to memory of 1736	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	Unicorn-49840.exe
PID 3008 wrote to memory of 2672	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	WerFault.exe
PID 3008 wrote to memory of 2672	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	WerFault.exe
PID 3008 wrote to memory of 2672	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	WerFault.exe
PID 3008 wrote to memory of 2672	3008	a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe	WerFault.exe
PID 3036 wrote to memory of 2648	3036	Unicorn-15543.exe	Unicorn-60362.exe
PID 3036 wrote to memory of 2648	3036	Unicorn-15543.exe	Unicorn-60362.exe
PID 3036 wrote to memory of 2648	3036	Unicorn-15543.exe	Unicorn-60362.exe
PID 3036 wrote to memory of 2648	3036	Unicorn-15543.exe	Unicorn-60362.exe
PID 3068 wrote to memory of 2548	3068	Unicorn-47982.exe	Unicorn-7632.exe
PID 3068 wrote to memory of 2548	3068	Unicorn-47982.exe	Unicorn-7632.exe
PID 3068 wrote to memory of 2548	3068	Unicorn-47982.exe	Unicorn-7632.exe
PID 3068 wrote to memory of 2548	3068	Unicorn-47982.exe	Unicorn-7632.exe
PID 1736 wrote to memory of 2576	1736	Unicorn-49840.exe	Unicorn-43533.exe
PID 1736 wrote to memory of 2576	1736	Unicorn-49840.exe	Unicorn-43533.exe
PID 1736 wrote to memory of 2576	1736	Unicorn-49840.exe	Unicorn-43533.exe
PID 1736 wrote to memory of 2576	1736	Unicorn-49840.exe	Unicorn-43533.exe
PID 3068 wrote to memory of 2784	3068	Unicorn-47982.exe	WerFault.exe
PID 3068 wrote to memory of 2784	3068	Unicorn-47982.exe	WerFault.exe
PID 3068 wrote to memory of 2784	3068	Unicorn-47982.exe	WerFault.exe
PID 3068 wrote to memory of 2784	3068	Unicorn-47982.exe	WerFault.exe
PID 2648 wrote to memory of 1704	2648	Unicorn-60362.exe	Unicorn-28116.exe
PID 2648 wrote to memory of 1704	2648	Unicorn-60362.exe	Unicorn-28116.exe
PID 2648 wrote to memory of 1704	2648	Unicorn-60362.exe	Unicorn-28116.exe
PID 2648 wrote to memory of 1704	2648	Unicorn-60362.exe	Unicorn-28116.exe
PID 3036 wrote to memory of 1576	3036	Unicorn-15543.exe	Unicorn-40922.exe
PID 3036 wrote to memory of 1576	3036	Unicorn-15543.exe	Unicorn-40922.exe
PID 3036 wrote to memory of 1576	3036	Unicorn-15543.exe	Unicorn-40922.exe
PID 3036 wrote to memory of 1576	3036	Unicorn-15543.exe	Unicorn-40922.exe
PID 2548 wrote to memory of 1988	2548	Unicorn-7632.exe	Unicorn-43575.exe
PID 2548 wrote to memory of 1988	2548	Unicorn-7632.exe	Unicorn-43575.exe
PID 2548 wrote to memory of 1988	2548	Unicorn-7632.exe	Unicorn-43575.exe
PID 2548 wrote to memory of 1988	2548	Unicorn-7632.exe	Unicorn-43575.exe
PID 2576 wrote to memory of 2452	2576	Unicorn-43533.exe	Unicorn-27758.exe
PID 2576 wrote to memory of 2452	2576	Unicorn-43533.exe	Unicorn-27758.exe
PID 2576 wrote to memory of 2452	2576	Unicorn-43533.exe	Unicorn-27758.exe
PID 2576 wrote to memory of 2452	2576	Unicorn-43533.exe	Unicorn-27758.exe
PID 1736 wrote to memory of 1232	1736	Unicorn-49840.exe	Unicorn-53886.exe
PID 1736 wrote to memory of 1232	1736	Unicorn-49840.exe	Unicorn-53886.exe
PID 1736 wrote to memory of 1232	1736	Unicorn-49840.exe	Unicorn-53886.exe
PID 1736 wrote to memory of 1232	1736	Unicorn-49840.exe	Unicorn-53886.exe
PID 3036 wrote to memory of 1992	3036	Unicorn-15543.exe	WerFault.exe
PID 3036 wrote to memory of 1992	3036	Unicorn-15543.exe	WerFault.exe
PID 3036 wrote to memory of 1992	3036	Unicorn-15543.exe	WerFault.exe
PID 3036 wrote to memory of 1992	3036	Unicorn-15543.exe	WerFault.exe
PID 1736 wrote to memory of 2412	1736	Unicorn-49840.exe	WerFault.exe
PID 1736 wrote to memory of 2412	1736	Unicorn-49840.exe	WerFault.exe
PID 1736 wrote to memory of 2412	1736	Unicorn-49840.exe	WerFault.exe
PID 1736 wrote to memory of 2412	1736	Unicorn-49840.exe	WerFault.exe
PID 1576 wrote to memory of 328	1576	Unicorn-40922.exe	Unicorn-1253.exe
PID 1576 wrote to memory of 328	1576	Unicorn-40922.exe	Unicorn-1253.exe
PID 1576 wrote to memory of 328	1576	Unicorn-40922.exe	Unicorn-1253.exe
PID 1576 wrote to memory of 328	1576	Unicorn-40922.exe	Unicorn-1253.exe

C:\Users\Admin\AppData\Local\Temp\a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe
"C:\Users\Admin\AppData\Local\Temp\a0568071fbc3980ca0cb995bb7afa3c2b27101a62ce551ae832c4053d7897336.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1871.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7941.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5103.exe
10⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48817.exe
11⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4353.exe
12⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25595.exe
13⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50452.exe
14⤵
PID:11372

C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21099.exe
15⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
14⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
13⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
12⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44987.exe
10⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
11⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61941.exe
12⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28823.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11316 -s 200
14⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
13⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
12⤵
PID:9412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
11⤵
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35891.exe
9⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
10⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9293.exe
11⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25218.exe
12⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
13⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45408.exe
14⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
14⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 236
13⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
11⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
10⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 220
9⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27932.exe
9⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25369.exe
11⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47095.exe
12⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39176.exe
13⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
13⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
12⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34831.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
12⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
9⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 240
8⤵
- Program crash
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65528.exe
8⤵
- Executes dropped EXE
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27740.exe
9⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63695.exe
10⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47047.exe
11⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
12⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-8179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8179.exe
13⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
13⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44240.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7418.exe
10⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
11⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
12⤵
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58336.exe
8⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54560.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48699.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17970.exe
11⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4324.exe
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
12⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
11⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
8⤵
- Program crash
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
7⤵
- Program crash
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14678.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34306.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49851.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48845.exe
9⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52849.exe
10⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36948.exe
11⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60723.exe
12⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62736.exe
13⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
14⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
14⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
12⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
11⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32791.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
10⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
11⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26982.exe
12⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20847.exe
13⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
13⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
11⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24753.exe
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39691.exe
11⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36930.exe
12⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60846.exe
13⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
13⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
9⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60162.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13214.exe
8⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51121.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37934.exe
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60116.exe
11⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
12⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
13⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 236
13⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
12⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
11⤵
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 236
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9890.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-21277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21277.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44022.exe
11⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51660.exe
12⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
8⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 240
7⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
6⤵
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50387.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2017.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
8⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38041.exe
9⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
10⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
11⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
11⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
9⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51232.exe
8⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11241.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11368.exe
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
11⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10596.exe
12⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
12⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 216
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 220
8⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37081.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48853.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32575.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13633.exe
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
8⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38194.exe
9⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30463.exe
10⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8624 -s 244
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
10⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
9⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47689.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47547.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
8⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16410.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48277.exe
10⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-24988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24988.exe
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 188
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29792.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33778.exe
9⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31807.exe
10⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45346.exe
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
10⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
8⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
7⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64562.exe
8⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19106.exe
9⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30747.exe
10⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
11⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
11⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
10⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
9⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
7⤵
- Program crash
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 240
6⤵
- Program crash
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34352.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17833.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9021.exe
9⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31028.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7695.exe
11⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
12⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62673.exe
13⤵
PID:11284

C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57138.exe
14⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 236
13⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
12⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
11⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29143.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
10⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41559.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3873.exe
12⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64136.exe
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 236
13⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
11⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
9⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48471.exe
8⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48791.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
10⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9327.exe
11⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
12⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48248.exe
13⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
13⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
11⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
9⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
8⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-15756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15756.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
8⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13238.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11571.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
11⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29706.exe
12⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64283.exe
13⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
13⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
12⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11354.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24782.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11501.exe
11⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
12⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
11⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
10⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
7⤵
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56137.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-47739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47739.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
8⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25976.exe
10⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37806.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
12⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
11⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 236
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11759.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28564.exe
10⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13960.exe
11⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
10⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220
8⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
7⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62258.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54414.exe
9⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
10⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22195.exe
11⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
11⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
8⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
6⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42754.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58543.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
8⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15137.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61088.exe
11⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
12⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11310.exe
13⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
13⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
12⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 216
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38141.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52949.exe
10⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2079.exe
11⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 236
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 236
11⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32217.exe
7⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48241.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24727.exe
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45212.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58073.exe
11⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45897.exe
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 236
12⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
10⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
8⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
7⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23218.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43038.exe
7⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63077.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27277.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
10⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13718.exe
11⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50153.exe
12⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 216
12⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
11⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61769.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18180.exe
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41648.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48131.exe
10⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
11⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 236
10⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
9⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
8⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
7⤵
- Program crash
PID:3716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
6⤵
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
5⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11642.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15180.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18067.exe
8⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29185.exe
9⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28249.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
11⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20204.exe
12⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 220
12⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 236
11⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
10⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2355.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33879.exe
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58886.exe
11⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40997.exe
12⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
12⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
11⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
8⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
7⤵
- Program crash
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
7⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
8⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34386.exe
9⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 200
10⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
9⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
8⤵
- Program crash
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
7⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9414.exe
8⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-11975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11975.exe
9⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
10⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
11⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
10⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
9⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
8⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 220
7⤵
- Program crash
PID:3692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
6⤵
- Program crash
PID:656

C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9910.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-10100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10100.exe
7⤵
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20828.exe
8⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11466.exe
11⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59463.exe
12⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 216
12⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
9⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 236
8⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
7⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
6⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
7⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41776.exe
8⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34394.exe
9⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27338.exe
10⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21780.exe
11⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
10⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
9⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
8⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
7⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
6⤵
- Program crash
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
5⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57314.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59920.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2593.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13432.exe
8⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52004.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58379.exe
10⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28630.exe
11⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20270.exe
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
9⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
8⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-194.exe
7⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26859.exe
9⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9496.exe
10⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31671.exe
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
11⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6704 -s 216
10⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
8⤵
PID:5720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
6⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25292.exe
9⤵
PID:7024

C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3326.exe
10⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
11⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7024 -s 216
10⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
7⤵
- Program crash
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
6⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22525.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57080.exe
6⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
7⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
8⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29158.exe
9⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47161.exe
10⤵
PID:9276

C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-150.exe
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9276 -s 220
11⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
10⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
8⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
7⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17407.exe
6⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
7⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9256.exe
8⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47929.exe
9⤵
PID:9324

C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4566.exe
10⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9324 -s 216
10⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
9⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
8⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
7⤵
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 220
6⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
5⤵
- Program crash
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35078.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27440.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60756.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
8⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
9⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6311.exe
11⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
12⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61747.exe
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 236
13⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
12⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
10⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
9⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
8⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
7⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
8⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23582.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4741.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
11⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1686.exe
12⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
12⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 216
9⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 216
8⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
7⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8026.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
7⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
8⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49466.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32269.exe
11⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 216
12⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 236
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7125.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33587.exe
10⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27910.exe
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:6956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 220
8⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 236
9⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
7⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
6⤵
- Program crash
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7574.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-10100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10100.exe
7⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
8⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43431.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16056.exe
11⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55251.exe
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
12⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
9⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
8⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32028.exe
8⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49054.exe
9⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43947.exe
10⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
11⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
11⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
10⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
9⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
7⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
6⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16201.exe
7⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16876.exe
8⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28423.exe
9⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
10⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
11⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
10⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
9⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
8⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 216
7⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
6⤵
- Program crash
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
5⤵
- Program crash
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57122.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46807.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40635.exe
7⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53526.exe
8⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17988.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12743.exe
10⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
11⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
12⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
12⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
11⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
10⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
9⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
8⤵
- Program crash
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49120.exe
7⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46719.exe
8⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59425.exe
9⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
10⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
11⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
10⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
9⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
8⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
7⤵
- Program crash
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5310.exe
6⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
7⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26799.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34356.exe
9⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29429.exe
10⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36938.exe
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
11⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 236
8⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61043.exe
7⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40475.exe
8⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35694.exe
9⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9928.exe
10⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 216
10⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
9⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
8⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
7⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 240
6⤵
- Program crash
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28887.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
6⤵
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
7⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59736.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
9⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61909.exe
10⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
11⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
9⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
8⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 216
7⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18943.exe
6⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
7⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27840.exe
8⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-563.exe
9⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30636.exe
10⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
10⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
9⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
6⤵
- Program crash
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
5⤵
- Program crash
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34886.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11980.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43159.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6810.exe
7⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3448.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29778.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8176.exe
10⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
11⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
11⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
9⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 236
8⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43473.exe
7⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36330.exe
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15998.exe
9⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40226.exe
10⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7932.exe
11⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
11⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 220
10⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
9⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
8⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
7⤵
- Program crash
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20193.exe
6⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21814.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15179.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47239.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30271.exe
10⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63659.exe
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
11⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10991.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46279.exe
8⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31501.exe
9⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21387.exe
10⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
10⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
9⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
8⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
7⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 220
6⤵
- Program crash
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39867.exe
6⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4024.exe
7⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12794.exe
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45393.exe
10⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63846.exe
11⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
10⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
9⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
8⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3311.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20086.exe
8⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
9⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31750.exe
10⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
10⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
9⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
8⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1372.exe
6⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62204.exe
7⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
8⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43994.exe
9⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10486.exe
10⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 236
10⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
9⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
8⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
7⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
6⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
5⤵
- Program crash
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35055.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7215.exe
6⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16529.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58390.exe
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19836.exe
9⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
10⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53359.exe
11⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 216
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
10⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
9⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
8⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
7⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32983.exe
6⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21873.exe
7⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1133.exe
8⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29680.exe
9⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21243.exe
10⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
9⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
8⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
7⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
6⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
5⤵
- Program crash
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
4⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
2⤵
- Program crash
PID:2672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
Filesize
184KB

MD5
0528b0fd95285909170e192c671d84a9

SHA1
c00d8ff08f19c4704f247ab32e7ad774a33b10b5

SHA256
ac878df17409e0df04d871514e89e6d9bb3f04857fd8fbdaffdc19420d5cc4c9

SHA512
76279bdd4abc26820f7a07123ef2cc9589770bd66f637109ae65a6225e37ba08ab6f9214faffd51f510e4328d3cc50cfa26032a589eae1ec0e8c5f6bb15137c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21277.exe
Filesize
184KB

MD5
476ff4f02c60d76b1a6222fd6d48a678

SHA1
8ce7397388e366209edad37eae7458661dec2f3d

SHA256
b2a56bfc67c251ec1bd74f789ae443214d8cb8c913139461ebdf0e4e203cce5c

SHA512
6df06fb7566bbff85f5d2b9e0c5d00a06117415d172bd79ce28d21229511929d8f76eda14125f58d46012fc92bb318f1fab742cb8d89ea11256b758b1aeb77c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24085.exe
Filesize
184KB

MD5
92b09b1d1300188bdca51a0c5174043e

SHA1
41f54ff9286fe63bd986c7c1083b0ebbb9ef0bda

SHA256
16e7de608f782a622902817f962334129ae8a0c9a6cde0ea7bf1813d4d688f87

SHA512
1111fe81e218eb4c98aeacc87b0adf938b30470380d288e7d16e4043b640e2698cee55ac298a6f620ee584e996d25f8ef527fd72c4ada814e9fc3840fd45230e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37849.exe
Filesize
184KB

MD5
f30547d91a81af9dd2d0d8ab6643470d

SHA1
f15fc7fbac200553c59fad87db36a528cd6adb42

SHA256
034dd0b5dffe98c3347ff0088c1e86fe07b49a67883abff210642f250ed92664

SHA512
82554013ce440e3c96b7cd001642704d23b9b6c12fc0edc213840eb69efca16397256ffbc6f4558c3a5d4350505f271bba402b34ed365c470efe066e6e81f3ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39862.exe
Filesize
184KB

MD5
761cdea9af8e297c1403ae741b901629

SHA1
9507119bf17121a4ad8de9755431ded7a5f4209e

SHA256
3ae663d49c0098701e129fd80cfc20e9a66d6de75f9f41f9adcee992ec6e243e

SHA512
190a0235d93ad202ebfa522daf7faea24e38cc801be8e827655b4cfce59f1ded68a8612a26ff522c8518c4e1eff0cde2375c188b9e639988a65d2dc17712d993

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43533.exe
Filesize
184KB

MD5
d63903ccd185051e7ef6410bcec69fe0

SHA1
78e91ba76520af520e53c440cede02b4da4e28d3

SHA256
3b0f4a9825516a7b462ec1acfecb12a373d6d1b5186d01a302e2c7af13acc1c7

SHA512
9e118838ca296ff7413546fda469c484575a7bd40c52768b6dea3f3ab6db002bb72c40462a9d6d5ee438116f4bbbfab21531b2d4d7acd42c6ec7bd7c66ab7517

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49840.exe
Filesize
184KB

MD5
d8e519d8f3ef3b152dfa5d33ae293258

SHA1
3bbf722bd1548b13e3a0328404afaba9e198b10d

SHA256
3e90f600752df587997fcaa2e00555fcc1fdd5437ebfcde7e5dfb1ec981c5696

SHA512
f443b9c29e2144487a12679e24b6ba20079abd1681c35faad634bd02ca35417c677469ddb52d72f93fea0a7a1e6513c5d101109b9c3cdedf83fe832882f316e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53886.exe
Filesize
184KB

MD5
85d57832283ecf3eac06a69cf6da9266

SHA1
a4de35abff37bb109a31cbb3fcbb7e10808f1fde

SHA256
c32621b05dfb424b040e16b27ab4d933fc0d307e84cff8279cb7006fee5babc5

SHA512
bba3a129c289b20e6e2d214249463d9e25ed741e4c119c58b23536b4dcdb8c4b274d5b351c59c26cfe28fedb757ba6b3732252ec507663656945f183783af524

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5609.exe
Filesize
184KB

MD5
9a653f055483bf13c8062a47532c9aed

SHA1
97fcc6b2eddcc995a7d9a0394058e0c3a9d47369

SHA256
84ae7bfa75d67897176bf84db1c67988577ce3b11718fa1cc81993ca94a69fba

SHA512
5a5c6b6c47543aee2f3ebfabdac67c7a0468dffa718ec43bd8d291207f5ea689458a730cd2c84196107194ed86594516fb9371d4d150bb706acda0c89018f883

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56962.exe
Filesize
184KB

MD5
28d6deea52d743f389dac66836056857

SHA1
e43fe1aaac367803963e44d62a5bf5926ab3e803

SHA256
16244d92cfd2045f1f8e898f64629ebd6ea53699ad164f2465a2651d10eceab3

SHA512
a78a7a0d6c4a56b107eb7635004ccbc36ae38f078539ea5a9e390175456e1e1620b58fded0ccd3ad3a3c12052f963646e3652a963aa6ef46a1735d3fb92af0d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5792.exe
Filesize
184KB

MD5
b9a2951b4f13ecb24475e3817cbc804b

SHA1
e4ac8dee363370a215f15dd88663418c3d27bb77

SHA256
aecb98b618974cb32d5770310e6641bdd863683b605f09ee1f01c6d498eae024

SHA512
3c2cf6b900a98ac76c2705d07dbcf6af387cd4a2dca0c929cf94ba381d9790b9657471bca77676df3c97ec95f39b3042f565bd117a213c12dbd3a3ce07003418

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
Filesize
184KB

MD5
96680bbced4ae120e28319d097697038

SHA1
a2a66349c1c0beba231ada1394ba7410ee592ade

SHA256
414e81b66e69f8bbde5eeb0cb894f6d0a697a4cda182f36d8a673648d0bc2a69

SHA512
2a8e386f9610687d91bffda12a5b3daef6f8fbcda715d143a6283333c893fca2c2c90f3dbcfd72def4ea7d013d62b9fda8102f9bd5124d16cb666c65c707efb9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15543.exe
Filesize
184KB

MD5
a1cf95ab4c8fe6b914c2d4b1cdc7c895

SHA1
9473cb27067e31658dd8b9b55662bd8ba8e56d35

SHA256
72a40fa5f2faf4af87637752f4719afcc64b3c43a622d20528f85a6870fc39a6

SHA512
d8a574180f3acc6a3fc2e7ff502dede5c705ee7ce4792171da65b7f0e7d3a169772667dd8e48039adaf63535ac47692818420b47cf483a799130fdefb603e55a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27758.exe
Filesize
184KB

MD5
f16d9b1b0eb55c520d2b41b753cd0e8e

SHA1
ceb20df46d88d84b2540793bf7783317ffc7ed84

SHA256
144caa862727ea0c62bdb3f4fe0debdd28fb8cf783d58739322e65f1df40a7a8

SHA512
c459b1f81e9ee9b76a56746057d7cc1d5f3e5434d6c99458ee0fcac959b0ad22619e89a1856cd58d847594f77d6ab64e0ad21ab66241ffc23c73bc1f70e49227

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28116.exe
Filesize
184KB

MD5
43b4ff0757f9c52be9bfac48efd9add4

SHA1
2c7331b183bb3d8b8fc343f8fb938324247c78b7

SHA256
ef20ee0acb2d6929dfff8896280f927cae7bedade5f6caa9ece36ed3d80ff7ea

SHA512
aab9a0d75ccfa38da4b89e28ae48a852ab308e00016126625f3feb454dc2143767314b597e4d0320f47516546fe8e6c951e6bad91cb5db18150e8d403bde245f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
Filesize
184KB

MD5
a4f990180477c124826bfb2093a6ad7b

SHA1
203e52bb4f9cbf838e29bff4368b744b4d327a85

SHA256
480d91eae4b197c3255a3370918abc4b5f078c2a5f621fdb91ba05a18c8b1524

SHA512
0e52af845d16c312bd021dc0f903ba753e04ee3d5bcf8ca454ad76cf1cb411170153f4d35d5c620e0b9521d7113007b13acecb68116410b1b506927868956b70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40922.exe
Filesize
184KB

MD5
a42a739693e6dae7997cd1d70db0f3e4

SHA1
9076700575268c5b9a2fbd16469fad7e49ce0499

SHA256
3d185534162395951d9c536d2a9d54fcf1ecfc2dc8d16df46f7c0c6ce29073fa

SHA512
1fcae4a3a1062615d0136422d9dc3a171eaa36340b9ae77e73004261b69e03fe2653ec947a29388eba7676c334a5486cac9dd332cdcec3acd5e7352aabdfe087

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43575.exe
Filesize
184KB

MD5
759f5c262dd4b863e4cded30bfdc4bce

SHA1
d6090e3c064a56f63019d7fcc65dc53d8a5e3aca

SHA256
e8b605c21668c8a024ba2c2dc7d5c1300f5921a402bac1cac60af402b672f045

SHA512
0774ee63bb88e4ddd2c0f86b25c6d4bacce9a961c8f782eb41cc64d620985a37f6cb6e6cae9014ee93a58d452f2495585e79deeadacad933fa8ebfaadd263f89

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47501.exe
Filesize
184KB

MD5
a2a8265a4548b6d8c6f7cd188b4194bb

SHA1
38bd9f3a30c2c58b37d164262b212c61d5622498

SHA256
603c291676ea6337a6afc6bb6b1c9cc8d7f68215e3a2c32d9ee8ddb8ba6fdc5a

SHA512
48267691886c5a894c85759abb6de41538bf37ef26ea286ea3176db0a0dbe28e9df39b2a649f13bc3dd2375cf928bc95c2a6bbeb4d05db3feb5547b6eb5374e6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47982.exe
Filesize
184KB

MD5
612d7cadb6fa82f17ba185959b70a23b

SHA1
f14eae3222de2c5b0f34c28a893c6fe35f01a548

SHA256
9321e0070af58de78e437962401d73092ef43b5c393e17b03c83ddcd174f2ffa

SHA512
bb88be30146bacb7b832343b6c376787decaa86997ed799b2d5ef76a05250c215b902263345e9cb137e55fbdbb3a77b557ad4456001d496a0e71bc5649500b91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60362.exe
Filesize
184KB

MD5
ba33bc50a36347eae861c15883730235

SHA1
8b249b7f59d85637f4df91941259e9331af5e40f

SHA256
a4af09e1177734b0f8ca5dcadcbcddd86013e88533e4103812ba0e4aa547aa4c

SHA512
d07735d82216426ac16b5ef028238d443402b7518cfd3a7d37077655ccdcd914a8fd953e1bb9f0d2cd2983e506b86c5e38b4402d000a1852caa45f0baade67a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7632.exe
Filesize
184KB

MD5
9377d0bd2fb9c2f38e60d3c106c6fd46

SHA1
6f624528161bb8ada7fc1cc3933e11e2e28dc99d

SHA256
577c01fde2b625c7911ec2b7f953e3225fc16d2cc7a937891b3441385e36e4ad

SHA512
864499547d83659276c2b1eab35f94277906f535de93d005641128bfba48abec9fa7e1a9eaffd8cd7770fa7cc971b9529b72a0944e17e86452359ea637a70a82

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads