a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
Size

184KB
MD5

356186edf1726beaa5e0d88c87721b33
SHA1

9ea1fd52a65e17e761b3dd24b6ad579aaa593640
SHA256

a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671
SHA512

d585948e75d0203f2796d243ecf86e5dcbd08172f8b9d9fd497dc81870b40b4ab7eb685dd764169fd765e0ad8c1679a8733e4c469240dc6ff82ee6042da6e5fe
SSDEEP

1536:X7Ss6jAAb3kxotx1t1HAlrwMH2IyvZclXmd8O7LR2m1itPHl5hj5nizpvq:LsR3kxoT71HidHtWem7LRvgPHlnViFS

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-44487.exeUnicorn-37622.exeUnicorn-17756.exeUnicorn-59005.exeUnicorn-8735.exeUnicorn-54407.exeUnicorn-17714.exeUnicorn-13115.exeUnicorn-7661.exeUnicorn-27527.exeUnicorn-27335.exeUnicorn-35449.exeUnicorn-28546.exeUnicorn-664.exeUnicorn-49180.exeUnicorn-31068.exeUnicorn-50934.exeUnicorn-47104.exeUnicorn-65475.exeUnicorn-24142.exeUnicorn-4276.exeUnicorn-898.exeUnicorn-4468.exeUnicorn-46378.exeUnicorn-706.exeUnicorn-5044.exeUnicorn-57987.exeUnicorn-38121.exeUnicorn-42528.exeUnicorn-9108.exeUnicorn-4510.exeUnicorn-54588.exeUnicorn-8916.exeUnicorn-8916.exeUnicorn-61599.exeUnicorn-468.exeUnicorn-51698.exeUnicorn-47100.exeUnicorn-34677.exeUnicorn-34485.exeUnicorn-34485.exeUnicorn-64697.exeUnicorn-19026.exeUnicorn-64697.exeUnicorn-49394.exeUnicorn-44796.exeUnicorn-64661.exeUnicorn-9438.exeUnicorn-37232.exeUnicorn-24618.exeUnicorn-16668.exeUnicorn-45318.exeUnicorn-65183.exeUnicorn-50492.exeUnicorn-47840.exeUnicorn-5816.exeUnicorn-5816.exeUnicorn-54332.exeUnicorn-38873.exeUnicorn-6008.exeUnicorn-2178.exeUnicorn-2178.exeUnicorn-2178.exeUnicorn-23798.exe

pid	process
1984	Unicorn-44487.exe
3016	Unicorn-37622.exe
2560	Unicorn-17756.exe
2668	Unicorn-59005.exe
2200	Unicorn-8735.exe
2420	Unicorn-54407.exe
780	Unicorn-17714.exe
1552	Unicorn-13115.exe
2316	Unicorn-7661.exe
2320	Unicorn-27527.exe
2380	Unicorn-27335.exe
1320	Unicorn-35449.exe
2608	Unicorn-28546.exe
1848	Unicorn-664.exe
2364	Unicorn-49180.exe
788	Unicorn-31068.exe
1408	Unicorn-50934.exe
1400	Unicorn-47104.exe
452	Unicorn-65475.exe
2768	Unicorn-24142.exe
988	Unicorn-4276.exe
1544	Unicorn-898.exe
1912	Unicorn-4468.exe
916	Unicorn-46378.exe
2780	Unicorn-706.exe
1668	Unicorn-5044.exe
1612	Unicorn-57987.exe
2232	Unicorn-38121.exe
2376	Unicorn-42528.exe
2508	Unicorn-9108.exe
2188	Unicorn-4510.exe
2144	Unicorn-54588.exe
2616	Unicorn-8916.exe
2548	Unicorn-8916.exe
2436	Unicorn-61599.exe
2356	Unicorn-468.exe
2424	Unicorn-51698.exe
2848	Unicorn-47100.exe
1564	Unicorn-34677.exe
2308	Unicorn-34485.exe
1808	Unicorn-34485.exe
776	Unicorn-64697.exe
2372	Unicorn-19026.exe
1512	Unicorn-64697.exe
2040	Unicorn-49394.exe
1868	Unicorn-44796.exe
2332	Unicorn-64661.exe
2028	Unicorn-9438.exe
584	Unicorn-37232.exe
2592	Unicorn-24618.exe
1480	Unicorn-16668.exe
1804	Unicorn-45318.exe
804	Unicorn-65183.exe
2952	Unicorn-50492.exe
2288	Unicorn-47840.exe
1784	Unicorn-5816.exe
2292	Unicorn-5816.exe
2016	Unicorn-54332.exe
2224	Unicorn-38873.exe
1536	Unicorn-6008.exe
2904	Unicorn-2178.exe
2612	Unicorn-2178.exe
2624	Unicorn-2178.exe
2540	Unicorn-23798.exe

Loads dropped DLL 64 IoCs

Processes:

a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exeUnicorn-44487.exeUnicorn-37622.exeUnicorn-17756.exeWerFault.exeUnicorn-59005.exeUnicorn-8735.exeUnicorn-54407.exeWerFault.exeWerFault.exeUnicorn-17714.exeUnicorn-13115.exeUnicorn-7661.exeUnicorn-27527.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
1984	Unicorn-44487.exe
2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
1984	Unicorn-44487.exe
2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
3016	Unicorn-37622.exe
3016	Unicorn-37622.exe
2560	Unicorn-17756.exe
2560	Unicorn-17756.exe
1984	Unicorn-44487.exe
1984	Unicorn-44487.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
2668	Unicorn-59005.exe
2668	Unicorn-59005.exe
3016	Unicorn-37622.exe
3016	Unicorn-37622.exe
2560	Unicorn-17756.exe
2560	Unicorn-17756.exe
2200	Unicorn-8735.exe
2200	Unicorn-8735.exe
2420	Unicorn-54407.exe
2420	Unicorn-54407.exe
1876	WerFault.exe
1876	WerFault.exe
1876	WerFault.exe
1876	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
1876	WerFault.exe
780	Unicorn-17714.exe
780	Unicorn-17714.exe
2668	Unicorn-59005.exe
2668	Unicorn-59005.exe
1552	Unicorn-13115.exe
1552	Unicorn-13115.exe
2316	Unicorn-7661.exe
2316	Unicorn-7661.exe
2200	Unicorn-8735.exe
2200	Unicorn-8735.exe
2320	Unicorn-27527.exe
2320	Unicorn-27527.exe
2420	Unicorn-54407.exe
2420	Unicorn-54407.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
548	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2120	2080	WerFault.exe	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
1556	1984	WerFault.exe	Unicorn-44487.exe
1876	3016	WerFault.exe	Unicorn-37622.exe
2160	2560	WerFault.exe	Unicorn-17756.exe
548	2668	WerFault.exe	Unicorn-59005.exe
1484	2200	WerFault.exe	Unicorn-8735.exe
2956	2420	WerFault.exe	Unicorn-54407.exe
2004	780	WerFault.exe	Unicorn-17714.exe
1508	1552	WerFault.exe	Unicorn-13115.exe
1532	2316	WerFault.exe	Unicorn-7661.exe
2352	2320	WerFault.exe	Unicorn-27527.exe
2036	2380	WerFault.exe	Unicorn-27335.exe
1632	1320	WerFault.exe	Unicorn-35449.exe
2008	2608	WerFault.exe	Unicorn-28546.exe
1260	1848	WerFault.exe	Unicorn-664.exe
1048	2364	WerFault.exe	Unicorn-49180.exe
1560	788	WerFault.exe	Unicorn-31068.exe
2728	1408	WerFault.exe	Unicorn-50934.exe
1792	1400	WerFault.exe	Unicorn-47104.exe
1992	452	WerFault.exe	Unicorn-65475.exe
540	2768	WerFault.exe	Unicorn-24142.exe
580	988	WerFault.exe	Unicorn-4276.exe
2776	1912	WerFault.exe	Unicorn-4468.exe
572	1544	WerFault.exe	Unicorn-898.exe
1688	916	WerFault.exe	Unicorn-46378.exe
576	2780	WerFault.exe	Unicorn-706.exe
2284	2376	WerFault.exe	Unicorn-42528.exe
2096	1668	WerFault.exe	Unicorn-5044.exe
2172	1612	WerFault.exe	Unicorn-57987.exe
2632	2232	WerFault.exe	Unicorn-38121.exe
1004	2508	WerFault.exe	Unicorn-9108.exe
1012	2188	WerFault.exe	Unicorn-4510.exe
1660	2616	WerFault.exe	Unicorn-8916.exe
3080	2144	WerFault.exe	Unicorn-54588.exe
3144	2548	WerFault.exe	Unicorn-8916.exe
3180	2848	WerFault.exe	Unicorn-47100.exe
3172	2436	WerFault.exe	Unicorn-61599.exe
3212	2308	WerFault.exe	Unicorn-34485.exe
3204	2356	WerFault.exe	Unicorn-468.exe
3224	2332	WerFault.exe	Unicorn-64661.exe
3288	2424	WerFault.exe	Unicorn-51698.exe
3280	2372	WerFault.exe	Unicorn-19026.exe
3296	1808	WerFault.exe	Unicorn-34485.exe
3348	776	WerFault.exe	Unicorn-64697.exe
3464	1564	WerFault.exe	Unicorn-34677.exe
4076	1512	WerFault.exe	Unicorn-64697.exe
4084	1868	WerFault.exe	Unicorn-44796.exe
3816	2040	WerFault.exe	Unicorn-49394.exe
3976	2028	WerFault.exe	Unicorn-9438.exe
3420	2592	WerFault.exe	Unicorn-24618.exe
4000	2324	WerFault.exe	Unicorn-65219.exe
3912	2488	WerFault.exe	Unicorn-19775.exe
3340	1348	WerFault.exe	Unicorn-6776.exe
3536	2840	WerFault.exe	Unicorn-19775.exe
1368	2292	WerFault.exe	Unicorn-5816.exe
3728	2904	WerFault.exe	Unicorn-2178.exe
3656	2224	WerFault.exe	Unicorn-38873.exe
3756	1804	WerFault.exe	Unicorn-45318.exe
3380	2288	WerFault.exe	Unicorn-47840.exe
3560	584	WerFault.exe	Unicorn-37232.exe
4184	804	WerFault.exe	Unicorn-65183.exe
4376	1784	WerFault.exe	Unicorn-5816.exe
4440	2952	WerFault.exe	Unicorn-50492.exe
4512	2196	WerFault.exe	Unicorn-52448.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exeUnicorn-44487.exeUnicorn-37622.exeUnicorn-17756.exeUnicorn-59005.exeUnicorn-8735.exeUnicorn-54407.exeUnicorn-17714.exeUnicorn-13115.exeUnicorn-7661.exeUnicorn-27527.exeUnicorn-27335.exeUnicorn-35449.exeUnicorn-28546.exeUnicorn-664.exeUnicorn-49180.exeUnicorn-50934.exeUnicorn-31068.exeUnicorn-47104.exeUnicorn-65475.exeUnicorn-4276.exeUnicorn-24142.exeUnicorn-4468.exeUnicorn-898.exeUnicorn-706.exeUnicorn-46378.exeUnicorn-5044.exeUnicorn-38121.exeUnicorn-57987.exeUnicorn-42528.exeUnicorn-9108.exeUnicorn-4510.exeUnicorn-54588.exeUnicorn-8916.exeUnicorn-8916.exeUnicorn-61599.exeUnicorn-468.exeUnicorn-51698.exeUnicorn-47100.exeUnicorn-34677.exeUnicorn-34485.exeUnicorn-34485.exeUnicorn-64697.exeUnicorn-64697.exeUnicorn-44796.exeUnicorn-49394.exeUnicorn-19026.exeUnicorn-64661.exeUnicorn-9438.exeUnicorn-37232.exeUnicorn-24618.exeUnicorn-16668.exeUnicorn-45318.exeUnicorn-65183.exeUnicorn-50492.exeUnicorn-47840.exeUnicorn-5816.exeUnicorn-5816.exeUnicorn-54332.exeUnicorn-38873.exeUnicorn-6008.exeUnicorn-2178.exeUnicorn-2178.exeUnicorn-2178.exe

pid	process
2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
1984	Unicorn-44487.exe
3016	Unicorn-37622.exe
2560	Unicorn-17756.exe
2668	Unicorn-59005.exe
2200	Unicorn-8735.exe
2420	Unicorn-54407.exe
780	Unicorn-17714.exe
1552	Unicorn-13115.exe
2316	Unicorn-7661.exe
2320	Unicorn-27527.exe
2380	Unicorn-27335.exe
1320	Unicorn-35449.exe
2608	Unicorn-28546.exe
1848	Unicorn-664.exe
2364	Unicorn-49180.exe
1408	Unicorn-50934.exe
788	Unicorn-31068.exe
1400	Unicorn-47104.exe
452	Unicorn-65475.exe
988	Unicorn-4276.exe
2768	Unicorn-24142.exe
1912	Unicorn-4468.exe
1544	Unicorn-898.exe
2780	Unicorn-706.exe
916	Unicorn-46378.exe
1668	Unicorn-5044.exe
2232	Unicorn-38121.exe
1612	Unicorn-57987.exe
2376	Unicorn-42528.exe
2508	Unicorn-9108.exe
2188	Unicorn-4510.exe
2144	Unicorn-54588.exe
2616	Unicorn-8916.exe
2548	Unicorn-8916.exe
2436	Unicorn-61599.exe
2356	Unicorn-468.exe
2424	Unicorn-51698.exe
2848	Unicorn-47100.exe
1564	Unicorn-34677.exe
1808	Unicorn-34485.exe
2308	Unicorn-34485.exe
1512	Unicorn-64697.exe
776	Unicorn-64697.exe
1868	Unicorn-44796.exe
2040	Unicorn-49394.exe
2372	Unicorn-19026.exe
2332	Unicorn-64661.exe
2028	Unicorn-9438.exe
584	Unicorn-37232.exe
2592	Unicorn-24618.exe
1480	Unicorn-16668.exe
1804	Unicorn-45318.exe
804	Unicorn-65183.exe
2952	Unicorn-50492.exe
2288	Unicorn-47840.exe
1784	Unicorn-5816.exe
2292	Unicorn-5816.exe
2016	Unicorn-54332.exe
2224	Unicorn-38873.exe
1536	Unicorn-6008.exe
2612	Unicorn-2178.exe
2904	Unicorn-2178.exe
2624	Unicorn-2178.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exeUnicorn-44487.exeUnicorn-37622.exeUnicorn-17756.exeUnicorn-59005.exeUnicorn-8735.exeUnicorn-54407.exeUnicorn-17714.exe

description	pid	process	target process
PID 2080 wrote to memory of 1984	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-44487.exe
PID 2080 wrote to memory of 1984	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-44487.exe
PID 2080 wrote to memory of 1984	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-44487.exe
PID 2080 wrote to memory of 1984	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-44487.exe
PID 1984 wrote to memory of 3016	1984	Unicorn-44487.exe	Unicorn-37622.exe
PID 1984 wrote to memory of 3016	1984	Unicorn-44487.exe	Unicorn-37622.exe
PID 1984 wrote to memory of 3016	1984	Unicorn-44487.exe	Unicorn-37622.exe
PID 1984 wrote to memory of 3016	1984	Unicorn-44487.exe	Unicorn-37622.exe
PID 2080 wrote to memory of 2560	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-17756.exe
PID 2080 wrote to memory of 2560	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-17756.exe
PID 2080 wrote to memory of 2560	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-17756.exe
PID 2080 wrote to memory of 2560	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	Unicorn-17756.exe
PID 2080 wrote to memory of 2120	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	WerFault.exe
PID 2080 wrote to memory of 2120	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	WerFault.exe
PID 2080 wrote to memory of 2120	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	WerFault.exe
PID 2080 wrote to memory of 2120	2080	a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe	WerFault.exe
PID 3016 wrote to memory of 2668	3016	Unicorn-37622.exe	Unicorn-59005.exe
PID 3016 wrote to memory of 2668	3016	Unicorn-37622.exe	Unicorn-59005.exe
PID 3016 wrote to memory of 2668	3016	Unicorn-37622.exe	Unicorn-59005.exe
PID 3016 wrote to memory of 2668	3016	Unicorn-37622.exe	Unicorn-59005.exe
PID 2560 wrote to memory of 2200	2560	Unicorn-17756.exe	Unicorn-8735.exe
PID 2560 wrote to memory of 2200	2560	Unicorn-17756.exe	Unicorn-8735.exe
PID 2560 wrote to memory of 2200	2560	Unicorn-17756.exe	Unicorn-8735.exe
PID 2560 wrote to memory of 2200	2560	Unicorn-17756.exe	Unicorn-8735.exe
PID 1984 wrote to memory of 2420	1984	Unicorn-44487.exe	Unicorn-54407.exe
PID 1984 wrote to memory of 2420	1984	Unicorn-44487.exe	Unicorn-54407.exe
PID 1984 wrote to memory of 2420	1984	Unicorn-44487.exe	Unicorn-54407.exe
PID 1984 wrote to memory of 2420	1984	Unicorn-44487.exe	Unicorn-54407.exe
PID 1984 wrote to memory of 1556	1984	Unicorn-44487.exe	WerFault.exe
PID 1984 wrote to memory of 1556	1984	Unicorn-44487.exe	WerFault.exe
PID 1984 wrote to memory of 1556	1984	Unicorn-44487.exe	WerFault.exe
PID 1984 wrote to memory of 1556	1984	Unicorn-44487.exe	WerFault.exe
PID 2668 wrote to memory of 780	2668	Unicorn-59005.exe	Unicorn-17714.exe
PID 2668 wrote to memory of 780	2668	Unicorn-59005.exe	Unicorn-17714.exe
PID 2668 wrote to memory of 780	2668	Unicorn-59005.exe	Unicorn-17714.exe
PID 2668 wrote to memory of 780	2668	Unicorn-59005.exe	Unicorn-17714.exe
PID 3016 wrote to memory of 1552	3016	Unicorn-37622.exe	Unicorn-13115.exe
PID 3016 wrote to memory of 1552	3016	Unicorn-37622.exe	Unicorn-13115.exe
PID 3016 wrote to memory of 1552	3016	Unicorn-37622.exe	Unicorn-13115.exe
PID 3016 wrote to memory of 1552	3016	Unicorn-37622.exe	Unicorn-13115.exe
PID 2560 wrote to memory of 2316	2560	Unicorn-17756.exe	Unicorn-7661.exe
PID 2560 wrote to memory of 2316	2560	Unicorn-17756.exe	Unicorn-7661.exe
PID 2560 wrote to memory of 2316	2560	Unicorn-17756.exe	Unicorn-7661.exe
PID 2560 wrote to memory of 2316	2560	Unicorn-17756.exe	Unicorn-7661.exe
PID 2200 wrote to memory of 2320	2200	Unicorn-8735.exe	Unicorn-27527.exe
PID 2200 wrote to memory of 2320	2200	Unicorn-8735.exe	Unicorn-27527.exe
PID 2200 wrote to memory of 2320	2200	Unicorn-8735.exe	Unicorn-27527.exe
PID 2200 wrote to memory of 2320	2200	Unicorn-8735.exe	Unicorn-27527.exe
PID 2420 wrote to memory of 2380	2420	Unicorn-54407.exe	Unicorn-27335.exe
PID 2420 wrote to memory of 2380	2420	Unicorn-54407.exe	Unicorn-27335.exe
PID 2420 wrote to memory of 2380	2420	Unicorn-54407.exe	Unicorn-27335.exe
PID 2420 wrote to memory of 2380	2420	Unicorn-54407.exe	Unicorn-27335.exe
PID 3016 wrote to memory of 1876	3016	Unicorn-37622.exe	WerFault.exe
PID 3016 wrote to memory of 1876	3016	Unicorn-37622.exe	WerFault.exe
PID 3016 wrote to memory of 1876	3016	Unicorn-37622.exe	WerFault.exe
PID 3016 wrote to memory of 1876	3016	Unicorn-37622.exe	WerFault.exe
PID 2560 wrote to memory of 2160	2560	Unicorn-17756.exe	WerFault.exe
PID 2560 wrote to memory of 2160	2560	Unicorn-17756.exe	WerFault.exe
PID 2560 wrote to memory of 2160	2560	Unicorn-17756.exe	WerFault.exe
PID 2560 wrote to memory of 2160	2560	Unicorn-17756.exe	WerFault.exe
PID 780 wrote to memory of 1320	780	Unicorn-17714.exe	Unicorn-35449.exe
PID 780 wrote to memory of 1320	780	Unicorn-17714.exe	Unicorn-35449.exe
PID 780 wrote to memory of 1320	780	Unicorn-17714.exe	Unicorn-35449.exe
PID 780 wrote to memory of 1320	780	Unicorn-17714.exe	Unicorn-35449.exe

C:\Users\Admin\AppData\Local\Temp\a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe
"C:\Users\Admin\AppData\Local\Temp\a0774096bf50423707e59e5d39bddfb3abe039a178f2b283d78f504c1e33a671.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65475.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9108.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8816.exe
10⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
11⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
12⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
13⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2821.exe
14⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15128.exe
15⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
15⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 236
14⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
13⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
12⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
11⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18636.exe
12⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48509.exe
13⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
14⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
14⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
13⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
12⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
11⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5124.exe
10⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41934.exe
11⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
12⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
13⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40074.exe
14⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
14⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 216
13⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
11⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
10⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54296.exe
9⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55934.exe
10⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
11⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
12⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
13⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16276.exe
14⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
14⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6340 -s 216
13⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
11⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
10⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56186.exe
11⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64762.exe
12⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
13⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
12⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
11⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
10⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
9⤵
- Program crash
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37232.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
9⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58596.exe
10⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
11⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60447.exe
12⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
13⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
14⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 220
14⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
13⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
12⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
11⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 216
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-36426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36426.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
10⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14259.exe
11⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43425.exe
12⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 220
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
12⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
11⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
9⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
8⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4510.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24618.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25428.exe
9⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31783.exe
10⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21626.exe
11⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-24706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24706.exe
12⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
13⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58714.exe
14⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
14⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
13⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10963.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31983.exe
11⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44643.exe
12⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47028.exe
13⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
10⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
8⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6982.exe
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28175.exe
10⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-528.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59997.exe
12⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64640.exe
13⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 220
13⤵
PID:14132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 216
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 236
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 220
8⤵
- Program crash
PID:1012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
7⤵
- Program crash
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16668.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25070.exe
9⤵
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48612.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16107.exe
11⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
12⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-12394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12394.exe
13⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
14⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
14⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
13⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
12⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 236
10⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24550.exe
10⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49812.exe
11⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
12⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14370.exe
13⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
13⤵
PID:14160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
8⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40231.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65263.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14451.exe
11⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3295.exe
12⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
13⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
13⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
9⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
- Program crash
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7856.exe
8⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
10⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28302.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
12⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
13⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
13⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
12⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
11⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
10⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
8⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60590.exe
10⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28153.exe
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
12⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
11⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
9⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
8⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
7⤵
- Program crash
PID:580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
6⤵
- Program crash
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8916.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50492.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38531.exe
9⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
10⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
11⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
12⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
13⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17775.exe
14⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
14⤵
PID:14172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 220
13⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
12⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
11⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 216
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11725.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32783.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16066.exe
11⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
12⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45533.exe
13⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
13⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
9⤵
- Program crash
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42676.exe
8⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64071.exe
9⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51275.exe
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
11⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22504.exe
12⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
13⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
12⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
11⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
10⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
9⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
8⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47840.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
8⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53594.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12231.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35660.exe
11⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
9⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54700.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24436.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23080.exe
11⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11764.exe
12⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
12⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
11⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
8⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
7⤵
- Program crash
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54588.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65183.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58702.exe
8⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56178.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41737.exe
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
11⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14117.exe
12⤵
PID:9508

C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9508 -s 216
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
12⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
11⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42861.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14251.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2614.exe
10⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
11⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39939.exe
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 204
12⤵
PID:14324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
9⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
8⤵
- Program crash
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-38836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38836.exe
7⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24772.exe
8⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37129.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
10⤵
PID:7380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44901.exe
11⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13920.exe
12⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 236
12⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 216
11⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
8⤵
PID:4624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
6⤵
- Program crash
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-898.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51698.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39833.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
9⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54009.exe
10⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2594.exe
12⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
13⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7552.exe
14⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 236
14⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
12⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
11⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34719.exe
9⤵
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 220
10⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56121.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63172.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38479.exe
11⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65371.exe
12⤵
PID:10768

C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
13⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10768 -s 216
13⤵
PID:13980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
12⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 216
9⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
8⤵
- Program crash
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
7⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
10⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34276.exe
11⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
12⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25274.exe
13⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
13⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 236
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
10⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
8⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
- Program crash
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47100.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47872.exe
8⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21394.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65071.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46984.exe
11⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50851.exe
12⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
13⤵
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
13⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
12⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38616.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45004.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26050.exe
10⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8640.exe
11⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3275.exe
12⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
12⤵
PID:14064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
11⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
8⤵
- Program crash
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27814.exe
7⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25316.exe
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63398.exe
10⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
10⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 236
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
7⤵
- Program crash
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
6⤵
- Program crash
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4468.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-468.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38873.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62127.exe
8⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51342.exe
9⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
11⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49524.exe
12⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
12⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
11⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 216
9⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30528.exe
7⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42529.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-62298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62298.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51184.exe
11⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4990.exe
12⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
12⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 220
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
8⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 220
7⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
7⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38602.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
10⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
11⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
10⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
8⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32083.exe
7⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9083.exe
8⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-49403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49403.exe
9⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55614.exe
10⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
10⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
9⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
8⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
7⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
6⤵
- Program crash
PID:2776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
5⤵
- Program crash
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-27335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27335.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46378.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34677.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39641.exe
7⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63357.exe
8⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51181.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41398.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15578.exe
11⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33149.exe
12⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 236
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
9⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61777.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21768.exe
10⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
11⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
11⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 236
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 220
8⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14590.exe
8⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57433.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37517.exe
10⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 236
11⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 236
10⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
9⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
8⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52448.exe
6⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
7⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59000.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41048.exe
10⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49978.exe
11⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53566.exe
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
11⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
10⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe
7⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43712.exe
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38598.exe
9⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17214.exe
10⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42718.exe
11⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 220
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 220
10⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
9⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
8⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 220
7⤵
- Program crash
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 240
6⤵
- Program crash
PID:1688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
5⤵
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42528.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54332.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62397.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3189.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
10⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13725.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26408.exe
12⤵
PID:10280

C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32066.exe
13⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
11⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34418.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
10⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62901.exe
11⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
12⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 204
12⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
8⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58567.exe
7⤵
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13080.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65212.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
10⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
11⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
8⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
7⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13663.exe
7⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-78.exe
9⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64570.exe
10⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
11⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
11⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
10⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 236
9⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
6⤵
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49994.exe
6⤵
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49380.exe
7⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21478.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-27534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27534.exe
9⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11481.exe
10⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-234.exe
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
11⤵
PID:13956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
10⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
8⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
7⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
6⤵
- Program crash
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
5⤵
- Program crash
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-8735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8735.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50934.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61599.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5816.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
8⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46091.exe
10⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26893.exe
11⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30018.exe
12⤵
PID:10108

C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63422.exe
13⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10108 -s 216
13⤵
PID:13632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
12⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4884 -s 216
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55865.exe
11⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60401.exe
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
11⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36286.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14378.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42993.exe
10⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7179.exe
11⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9326.exe
12⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
11⤵
PID:2216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
9⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
8⤵
- Program crash
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45028.exe
7⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53257.exe
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23680.exe
9⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-34560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34560.exe
10⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
11⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 236
10⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
9⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 216
8⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
7⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
6⤵
- Program crash
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64661.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19258.exe
8⤵
PID:1288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 240
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6946.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36478.exe
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
10⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
11⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20815.exe
12⤵
PID:13868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
12⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 220
11⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
10⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 220
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
7⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
7⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2178.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20026.exe
7⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43470.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10280.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36428.exe
10⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21299.exe
11⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
11⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
10⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
9⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
8⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
7⤵
- Program crash
PID:3728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
6⤵
- Program crash
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
5⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49394.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4280.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26767.exe
8⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42337.exe
10⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31499.exe
11⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35731.exe
12⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39582.exe
13⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
13⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
12⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
11⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
9⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7138.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47744.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-554.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10275.exe
11⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9661.exe
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 220
12⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65338.exe
10⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
11⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
10⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
8⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
7⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65219.exe
6⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47898.exe
7⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21529.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
9⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49494.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
11⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
11⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
10⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
8⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
7⤵
- Program crash
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44796.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6776.exe
6⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61551.exe
7⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58201.exe
9⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15145.exe
10⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16922.exe
11⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11108 -s 220
12⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 236
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
10⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
8⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
7⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64929.exe
6⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26449.exe
7⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
8⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-569.exe
9⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63146.exe
10⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
10⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
9⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
8⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
7⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
6⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
5⤵
- Program crash
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49180.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34485.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51738.exe
8⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40854.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27812.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10492.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11666.exe
12⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7735.exe
13⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 216
13⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 216
9⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33951.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43105.exe
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
10⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26622.exe
11⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14851.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39126.exe
8⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42908.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15644.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34568.exe
11⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37364.exe
12⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
11⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
9⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 236
8⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
6⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15417.exe
7⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26615.exe
8⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-1614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1614.exe
9⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33382.exe
10⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15705.exe
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 236
11⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 236
10⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
9⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
8⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
7⤵
- Program crash
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 220
6⤵
- Program crash
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64697.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
6⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29071.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45561.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
9⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64140.exe
10⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8407.exe
11⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
12⤵
PID:13684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
12⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
11⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
10⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
9⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
8⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9442.exe
7⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26738.exe
8⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9724.exe
9⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36275.exe
10⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36594.exe
11⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10620 -s 236
11⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 220
10⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
9⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
8⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
7⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42453.exe
6⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
7⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33519.exe
8⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15566.exe
9⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1231.exe
10⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
10⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
9⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
8⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
7⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
6⤵
- Program crash
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
5⤵
- Program crash
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5044.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19026.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
6⤵
- Executes dropped EXE
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37204.exe
11⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20952.exe
12⤵
PID:14236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
9⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18492.exe
7⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
8⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31660.exe
9⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20572.exe
10⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46334.exe
11⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
11⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 220
10⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
9⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
8⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 220
7⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42261.exe
6⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55545.exe
7⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44807.exe
8⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4441.exe
9⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43405.exe
10⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27585.exe
11⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
11⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
10⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
9⤵
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
8⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
7⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220
6⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
5⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2236.exe
6⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
7⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
8⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63206.exe
9⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47001.exe
10⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
11⤵
PID:13768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
11⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 220
10⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
9⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
8⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
7⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46801.exe
6⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10048.exe
7⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42013.exe
8⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17982.exe
9⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16431.exe
10⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 216
10⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
9⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
8⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
7⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
6⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
5⤵
- Program crash
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
4⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
2⤵
- Program crash
PID:2120

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-27335.exe
Filesize
184KB

MD5
ac14ef1b3a34cde5c782ddea5dfa14d2

SHA1
5a0bc1438536596bb1341b8e80c43a8105c77c64

SHA256
4c12793cbc4945d7e95557c6a7b87bca28590724a695e27da4df6654be6d48f6

SHA512
39a6d0a8f4363c1dbecfa26b33b10863ef8dc468ae634a2ce09d11faefd21eec0bda0d57636eaac1919c9e50ed4eb49495b04e7f1b01708ca4a1846503f41039

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
Filesize
184KB

MD5
ea62af9a9cdb6fb9a1e408f59accad3d

SHA1
81a39e6ed723b16c091a765f9449455a92f334ee

SHA256
ce0d2d116f4107bb307c513302f75c0da655a98c8171b70e152e6f2938b0ba90

SHA512
6681bb0cbc9a3839a06282394659fced42905b6c2f22b36bab6243e525a9fa3d83fc46fe52ee0ee58da1f3edafc00345eb36caa9709c5f68cf46a805ea26f6c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40194.exe
Filesize
184KB

MD5
77394fa6d54cf23fe354baeb3213b743

SHA1
8db72818d1d3618c62dd5179fd064c5b482f3e07

SHA256
3fd8d37817331067dfa2e1725c224f621058535d6b47ad7315afa821e85d586b

SHA512
efc95d23ec83e1964acfd9463187565b4af7b2258171b11fa2474d694df145a7b619c94e3e3771282c41384f18ab5b217ea0948dc2b23fcd8d8913441b48b908

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-46912.exe
Filesize
184KB

MD5
d06c78afc542a0a0f8a894bf8ea4221d

SHA1
e52b1e75101d0925a16062a38ab06b88d255a7c8

SHA256
9041f7a453551cdc6b6078471386c66a95f3df1eb1332284be3895b522c725e6

SHA512
ff539ac94c7f94bafc35c7f0d2083c4ca89092bba3983615abd3931df5f8d8a6bff29d5ae410cf779c2c4190a830b4da1174f0635226821a01cef2fd5d061a79

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4757.exe
Filesize
184KB

MD5
66b511d8420a462fafcd813146f9d89a

SHA1
8a5cab54a238db996658750ac1b1fe14e92dce9a

SHA256
94b376c70910f61f0072a069d32b3bb4f3753f85e6d8eb0f79926ce2524bcaf7

SHA512
b624f8c9b5c8a4d2071210d6c909423862f60ccb2947534687908c05c60ae3ed32223ebfdfb3b96b63c54e31cb937b1fb75f6c877c11bd3f0aa7a443fb348451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51855.exe
Filesize
184KB

MD5
f3deac6d23c0bdc6354962e5b1dd789b

SHA1
9249dc72ab61c8af923df783023cf56ec93d6389

SHA256
72cf846bf72b7b03575586ffd71cfcb69b419913db44ac946f689178dfe33fe4

SHA512
9db7888d3a8f2ec4a179062dd76fd9d19a2261981a34d0476c0ae3f77d7f01801838cc6a79d01756c8c7556fe9c4d253bab8b47381ed27bf716aec82245e963d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6008.exe
Filesize
184KB

MD5
12d00a9d889b7d46dd6e508677709a27

SHA1
a58a600ae910f5de2ed5afbca7d1e508a5ce3f85

SHA256
c97d3e44e4bc02299d5f684142758c4b18e6e3a1781416027ad518588299e937

SHA512
c1fbed5b4738018bb5528b7225c94280c238ba56e3bfed5fec0fd101d8de4568d1f73ec85d25f5174d726837ff1df4769e820eaa0f539a116b1bfaf494fe0037

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
Filesize
184KB

MD5
0742ceaca6f7f060ea075ee04a26e783

SHA1
87217b7e84f294ac854750e0f71a6848df48a020

SHA256
7d0d6f2d33f77783050694081f7e0842c20a779fbe168ccb29e372de4a3a29d6

SHA512
bd8b26b4cf6d968f55d788eb930d03bcfa2028248d79e19ecb8921ea650af2f6509703a5ae677819950f111431d36163b97727efe6930c7deb11118f74d01b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7661.exe
Filesize
184KB

MD5
187173189c9ca0b1fea1db94104c5525

SHA1
814c9a16ec417af20fcf7c333c3b57fe860e93bd

SHA256
442e0319489d55e98e0a1f659645203f218bd271d08cd8edb48c092cf3033544

SHA512
96e4fb58fb56bf0df034ae4a38275b230f3ab027405ca6db4e142ec7d34b77e3641930a1badb92ecc007b7a4c186d5de6f152c9255f1294d0c1c61665979c721

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13115.exe
Filesize
184KB

MD5
50e19336572b9aa6e148c47f0aa89d49

SHA1
01ee22bd4d785d0898f3c8327e0db064821eb1b5

SHA256
1b996105958c7ba9e8e9357ed9b8f6ec552950b2db92a47cf074150abd8c12d7

SHA512
f7e1a704765a4ce80b27fda82234cf58723c40c77e17824fa584a473258cfe0ecf98a51aef69dc2e506bf1c590774b19c882ba4f3bf55be28503e5dab5773f92

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17714.exe
Filesize
184KB

MD5
e6ed7aa02db1198c877547b15ffcf6e0

SHA1
a332a3af21595949068cc829321fb388b99d2bb9

SHA256
457d694f0502dfaf7714739bd51dcf38e68f7dda2e84054927eb5e6f0d8dbbe9

SHA512
9a1be600ca74593b4c6d75b42f131284b692f40caad1ac9b87e0f4e0581640f792860162ae59c1f25fa03535ce7fe445dea844519d5f01e62d760bb0e3b3f510

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17756.exe
Filesize
184KB

MD5
bfc8d810b373d6735ec8768f8ab1532a

SHA1
ef9a72ee7a91399ad458398e81de72d95037653b

SHA256
209943bac825dcce9a1d748a2255a0ad0c054b3ff2705ee3620057b26315a60b

SHA512
b8cd11debec21ca265357245ddac881dc5d8bd3b835390e5f67f752d9460c5cb478508aed35f24f081647a29886792aa559bdbc81c58169eff6a119c19527b9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27527.exe
Filesize
184KB

MD5
d5361bdca2b239713244715701c4882b

SHA1
47614533ab8ac8909c03f2024d2e5833d3f406c3

SHA256
4a31199ac1c971684109a1a35c8973f4303ec6ed5590e0769f99f2d98d02f008

SHA512
95de4053b3ac5ea54033402f384a0511e2f5a4640d5d57156a7d8d6c116fcc495bf8c140c1d570cc67b4e5d611859fdb9ba119eda5026a5f3a0c0c3ced8ef14f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
Filesize
184KB

MD5
6f7d09468e59e700db8438e0b5534d9e

SHA1
76f10aeabb57f6dd9c3a78240843881366c06997

SHA256
fd9d9cab7ada03d3296fd151de719aa537f355abda9e3c62df683f8efef97ce1

SHA512
491ea8aead32d64a40aa1d1ec906524823cf69f8f01227cad6a5a6f0cb75b88c7a1178c45106c8a5830983b5f023666a2dfebc4905e58c581a3e71fcae066ad7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37622.exe
Filesize
184KB

MD5
605b07c8689a5dcf071b08b654908fef

SHA1
c9c63eace83606425e27293524ddb086b462c0d2

SHA256
90ade3d135c8c7306637e694e7eb91c946721e5701e806dc38ba5503da102da3

SHA512
4e3163c4b8573f813077a74d81620986967a2a43f2b263db0a989671552429edb11dbc0d3ef96aaa5ceaf56a9f2617156319303760b12f1f11e64f42b4ae9531

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
Filesize
184KB

MD5
ff8b8bfe1b48cb1ed9ea1dfcc679afb6

SHA1
26f316e4d22f16ed452d710504bf9b3e48a96fbe

SHA256
3e2b639c48129d80723ea357256337f71521ca715faeb501ce129ba7c68d1222

SHA512
09e675862d96b3723752e475d58b4ceee222a5e3b9cde9fdb5ac74df3d0e13d80222b597af9ff4d14b3fbfa5f8e3da9aa5456d543a03bcd889539a7e7b495bdc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54407.exe
Filesize
184KB

MD5
8e4720434c395379d70c80182b62d3d7

SHA1
b722291d3c6a67928cd82b7c0f508463fbbfba85

SHA256
511203b8ea94da692e8691abb429744a0bf9ddcb4db90b4d55abba3497e03b6d

SHA512
93639c7b93b5f923dc32d15270242a1ebbbdeb89470d551be9e2a4eebbac3c6e745a811a186b7101fca46431f86f3724257a7fcf69d130d59105d96a0eaecfa3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59005.exe
Filesize
184KB

MD5
e223b93c3e4903e47390e44ea406fa9a

SHA1
8df2b99e15d6e46f80bd87b93f40f26631e15c43

SHA256
dbeee73dabdaa5c1da17f1c37c2877701b98055a61d0d01f56bde6f6dbc58d86

SHA512
3155e94c198bca4a06f1903df174c12cee2b02012b5b65a530bd024dc87f68ee121c42c9a6db4edcf7417becadf90f0d4abdb97874ea2f02c4ec6f12c7dcbd62

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
Filesize
184KB

MD5
e43eeba440e5f1771c158d7eaafefd86

SHA1
8c6c26cc9404e4dce338173a3f75f180d73dea8e

SHA256
f1a1df1a15a67ed1b1308227cf1243c46a7c3a17f6fffa3cb88fa8dd28dd0229

SHA512
dd6c57ed0707472d6a65f657aef3fc1fd882d3ef52902647e1410917b7c26044f82bfc97f1ea372a19df6bd5dfd4e58527f9e6b36e9e6dfb974ae8ce309cb2a8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8735.exe
Filesize
184KB

MD5
b1e0f7ad59fc158ca25de4e0af0ac633

SHA1
051d659ebd05eea6dedea4309bb48bef66442b62

SHA256
ccf463cee16a88320152b1e1c2c68862e698ae7a39d9a2bfa0a60c1d2f85a72d

SHA512
0c3327543ceb853a0f89a457580503a03a06e8103db4272654d01d49160c4be80066ddbaf2591a08e07d4a41dcbe376030d3ef9360fce6c2d073c2c9dc370e53

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads