a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
Size

184KB
MD5

1cbcb87413543edc9cabb7a25d72ee4f
SHA1

53c27edd533bc3131ba5e5eb7fc8147cc1a12644
SHA256

a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c
SHA512

6fdf4bf55a6fa1dc6a1535dc886e69703b3a8061a7b9974113764f103519094a50e5bfb8df4153cd299819047ed5423929b405c26390a1a92e3f2e5f29c6b0cc
SSDEEP

1536:2BSS6jtlPc7xo7xVl0OAl2wSGd9yvZc+9mddSfLR2lzetchl5hj5nizpvu:ai3c7xolD0O3jG3WeofLRaschlnViF2

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-29124.exeUnicorn-38294.exeUnicorn-2777.exeUnicorn-1732.exeUnicorn-31752.exeUnicorn-1540.exeUnicorn-58266.exeUnicorn-24586.exeUnicorn-44260.exeUnicorn-44260.exeUnicorn-7565.exeUnicorn-13178.exeUnicorn-43198.exeUnicorn-58814.exeUnicorn-28664.exeUnicorn-28664.exeUnicorn-8798.exeUnicorn-43739.exeUnicorn-56738.exeUnicorn-64009.exeUnicorn-64009.exeUnicorn-11471.exeUnicorn-48934.exeUnicorn-53485.exeUnicorn-23657.exeUnicorn-18866.exeUnicorn-38732.exeUnicorn-3599.exeUnicorn-39308.exeUnicorn-39308.exeUnicorn-52307.exeUnicorn-19127.exeUnicorn-49531.exeUnicorn-51498.exeUnicorn-3859.exeUnicorn-31632.exeUnicorn-52375.exeUnicorn-56542.exeUnicorn-60948.exeUnicorn-24061.exeUnicorn-10569.exeUnicorn-23952.exeUnicorn-8457.exeUnicorn-24493.exeUnicorn-24493.exeUnicorn-4435.exeUnicorn-24301.exeUnicorn-54705.exeUnicorn-31320.exeUnicorn-46229.exeUnicorn-46037.exeUnicorn-9342.exeUnicorn-59612.exeUnicorn-29016.exeUnicorn-57858.exeUnicorn-42590.exeUnicorn-62456.exeUnicorn-61698.exeUnicorn-15835.exeUnicorn-13950.exeUnicorn-33816.exeUnicorn-31678.exeUnicorn-16795.exeUnicorn-49467.exe

pid	process
2056	Unicorn-29124.exe
2208	Unicorn-38294.exe
2676	Unicorn-2777.exe
2540	Unicorn-1732.exe
2652	Unicorn-31752.exe
2640	Unicorn-1540.exe
2984	Unicorn-58266.exe
1992	Unicorn-24586.exe
1436	Unicorn-44260.exe
2180	Unicorn-44260.exe
1784	Unicorn-7565.exe
1588	Unicorn-13178.exe
1584	Unicorn-43198.exe
1528	Unicorn-58814.exe
1028	Unicorn-28664.exe
608	Unicorn-28664.exe
684	Unicorn-8798.exe
940	Unicorn-43739.exe
1416	Unicorn-56738.exe
1460	Unicorn-64009.exe
1052	Unicorn-64009.exe
1480	Unicorn-11471.exe
980	Unicorn-48934.exe
1856	Unicorn-53485.exe
1844	Unicorn-23657.exe
1536	Unicorn-18866.exe
3056	Unicorn-38732.exe
2252	Unicorn-3599.exe
2108	Unicorn-39308.exe
3040	Unicorn-39308.exe
2388	Unicorn-52307.exe
2824	Unicorn-19127.exe
1624	Unicorn-49531.exe
2680	Unicorn-51498.exe
2884	Unicorn-3859.exe
2564	Unicorn-31632.exe
2688	Unicorn-52375.exe
2408	Unicorn-56542.exe
1296	Unicorn-60948.exe
1036	Unicorn-24061.exe
1892	Unicorn-10569.exe
1832	Unicorn-23952.exe
2132	Unicorn-8457.exe
1916	Unicorn-24493.exe
2172	Unicorn-24493.exe
2440	Unicorn-4435.exe
2836	Unicorn-24301.exe
308	Unicorn-54705.exe
2972	Unicorn-31320.exe
1484	Unicorn-46229.exe
812	Unicorn-46037.exe
2988	Unicorn-9342.exe
1576	Unicorn-59612.exe
2232	Unicorn-29016.exe
836	Unicorn-57858.exe
2144	Unicorn-42590.exe
2752	Unicorn-62456.exe
2200	Unicorn-61698.exe
2932	Unicorn-15835.exe
2556	Unicorn-13950.exe
2660	Unicorn-33816.exe
2452	Unicorn-31678.exe
2436	Unicorn-16795.exe
2788	Unicorn-49467.exe

Loads dropped DLL 64 IoCs

Processes:

a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exeUnicorn-29124.exeUnicorn-38294.exeUnicorn-2777.exeWerFault.exeUnicorn-1732.exeUnicorn-31752.exeUnicorn-1540.exeWerFault.exeWerFault.exeUnicorn-58266.exeUnicorn-24586.exeUnicorn-7565.exeUnicorn-44260.exeUnicorn-44260.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
2056	Unicorn-29124.exe
2056	Unicorn-29124.exe
2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
2208	Unicorn-38294.exe
2056	Unicorn-29124.exe
2208	Unicorn-38294.exe
2056	Unicorn-29124.exe
2676	Unicorn-2777.exe
2676	Unicorn-2777.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2456	WerFault.exe
2540	Unicorn-1732.exe
2540	Unicorn-1732.exe
2208	Unicorn-38294.exe
2208	Unicorn-38294.exe
2652	Unicorn-31752.exe
2640	Unicorn-1540.exe
2652	Unicorn-31752.exe
2640	Unicorn-1540.exe
2676	Unicorn-2777.exe
2676	Unicorn-2777.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2008	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2008	WerFault.exe
2344	WerFault.exe
2984	Unicorn-58266.exe
2984	Unicorn-58266.exe
2540	Unicorn-1732.exe
2540	Unicorn-1732.exe
1992	Unicorn-24586.exe
1992	Unicorn-24586.exe
1784	Unicorn-7565.exe
1784	Unicorn-7565.exe
1436	Unicorn-44260.exe
1436	Unicorn-44260.exe
2652	Unicorn-31752.exe
2652	Unicorn-31752.exe
2180	Unicorn-44260.exe
2180	Unicorn-44260.exe
2640	Unicorn-1540.exe
2640	Unicorn-1540.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
1688	WerFault.exe
2348	WerFault.exe
2052	WerFault.exe
2052	WerFault.exe
2348	WerFault.exe
2052	WerFault.exe
2348	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2608	2276	WerFault.exe	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
2456	2056	WerFault.exe	Unicorn-29124.exe
2008	2208	WerFault.exe	Unicorn-38294.exe
2344	2676	WerFault.exe	Unicorn-2777.exe
1688	2540	WerFault.exe	Unicorn-1732.exe
2348	2652	WerFault.exe	Unicorn-31752.exe
2052	2640	WerFault.exe	Unicorn-1540.exe
2364	2984	WerFault.exe	Unicorn-58266.exe
2080	1992	WerFault.exe	Unicorn-24586.exe
1540	1436	WerFault.exe	Unicorn-44260.exe
2220	1784	WerFault.exe	Unicorn-7565.exe
2060	2180	WerFault.exe	Unicorn-44260.exe
300	1584	WerFault.exe	Unicorn-43198.exe
2704	1588	WerFault.exe	Unicorn-13178.exe
2396	1528	WerFault.exe	Unicorn-58814.exe
800	940	WerFault.exe	Unicorn-43739.exe
832	1416	WerFault.exe	Unicorn-56738.exe
532	608	WerFault.exe	Unicorn-28664.exe
1712	1028	WerFault.exe	Unicorn-28664.exe
472	684	WerFault.exe	Unicorn-8798.exe
3060	1052	WerFault.exe	Unicorn-64009.exe
2492	1460	WerFault.exe	Unicorn-64009.exe
572	1480	WerFault.exe	Unicorn-11471.exe
1444	980	WerFault.exe	Unicorn-48934.exe
1668	1856	WerFault.exe	Unicorn-53485.exe
1648	1844	WerFault.exe	Unicorn-23657.exe
1700	1536	WerFault.exe	Unicorn-18866.exe
2684	3040	WerFault.exe	Unicorn-39308.exe
2520	2108	WerFault.exe	Unicorn-39308.exe
2432	2252	WerFault.exe	Unicorn-3599.exe
2620	2388	WerFault.exe	Unicorn-52307.exe
2316	3056	WerFault.exe	Unicorn-38732.exe
2516	2460	WerFault.exe	Unicorn-65310.exe
2036	2824	WerFault.exe	Unicorn-19127.exe
1864	2680	WerFault.exe	Unicorn-51498.exe
1604	1624	WerFault.exe	Unicorn-49531.exe
3076	2884	WerFault.exe	Unicorn-3859.exe
3124	2688	WerFault.exe	Unicorn-52375.exe
3160	1296	WerFault.exe	Unicorn-60948.exe
3176	2408	WerFault.exe	Unicorn-56542.exe
3192	2564	WerFault.exe	Unicorn-31632.exe
3224	1036	WerFault.exe	Unicorn-24061.exe
3248	2132	WerFault.exe	Unicorn-8457.exe
3264	1892	WerFault.exe	Unicorn-10569.exe
3296	2440	WerFault.exe	Unicorn-4435.exe
3320	2836	WerFault.exe	Unicorn-24301.exe
3312	1916	WerFault.exe	Unicorn-24493.exe
3352	2172	WerFault.exe	Unicorn-24493.exe
3344	308	WerFault.exe	Unicorn-54705.exe
3368	2988	WerFault.exe	Unicorn-9342.exe
3444	1484	WerFault.exe	Unicorn-46229.exe
3564	836	WerFault.exe	Unicorn-57858.exe
3932	812	WerFault.exe	Unicorn-46037.exe
3896	1576	WerFault.exe	Unicorn-59612.exe
3892	2200	WerFault.exe	Unicorn-61698.exe
4036	2232	WerFault.exe	Unicorn-29016.exe
3488	2660	WerFault.exe	Unicorn-33816.exe
4056	652	WerFault.exe	Unicorn-14298.exe
4032	276	WerFault.exe	Unicorn-29950.exe
3728	2452	WerFault.exe	Unicorn-31678.exe
3720	1760	WerFault.exe	Unicorn-45445.exe
4220	2556	WerFault.exe	Unicorn-13950.exe
4244	2144	WerFault.exe	Unicorn-42590.exe
4316	2968	WerFault.exe	Unicorn-10084.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exeUnicorn-29124.exeUnicorn-38294.exeUnicorn-2777.exeUnicorn-1732.exeUnicorn-31752.exeUnicorn-1540.exeUnicorn-58266.exeUnicorn-24586.exeUnicorn-44260.exeUnicorn-44260.exeUnicorn-7565.exeUnicorn-13178.exeUnicorn-43198.exeUnicorn-58814.exeUnicorn-8798.exeUnicorn-56738.exeUnicorn-28664.exeUnicorn-28664.exeUnicorn-43739.exeUnicorn-64009.exeUnicorn-64009.exeUnicorn-11471.exeUnicorn-48934.exeUnicorn-53485.exeUnicorn-23657.exeUnicorn-18866.exeUnicorn-38732.exeUnicorn-39308.exeUnicorn-3599.exeUnicorn-39308.exeUnicorn-52307.exeUnicorn-19127.exeUnicorn-51498.exeUnicorn-49531.exeUnicorn-31632.exeUnicorn-3859.exeUnicorn-56542.exeUnicorn-52375.exeUnicorn-60948.exeUnicorn-24061.exeUnicorn-10569.exeUnicorn-23952.exeUnicorn-8457.exeUnicorn-24493.exeUnicorn-24493.exeUnicorn-4435.exeUnicorn-24301.exeUnicorn-54705.exeUnicorn-31320.exeUnicorn-46229.exeUnicorn-9342.exeUnicorn-46037.exeUnicorn-59612.exeUnicorn-29016.exeUnicorn-42590.exeUnicorn-57858.exeUnicorn-62456.exeUnicorn-61698.exeUnicorn-15835.exeUnicorn-33816.exeUnicorn-13950.exeUnicorn-31678.exeUnicorn-16795.exe

pid	process
2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
2056	Unicorn-29124.exe
2208	Unicorn-38294.exe
2676	Unicorn-2777.exe
2540	Unicorn-1732.exe
2652	Unicorn-31752.exe
2640	Unicorn-1540.exe
2984	Unicorn-58266.exe
1992	Unicorn-24586.exe
2180	Unicorn-44260.exe
1436	Unicorn-44260.exe
1784	Unicorn-7565.exe
1588	Unicorn-13178.exe
1584	Unicorn-43198.exe
1528	Unicorn-58814.exe
684	Unicorn-8798.exe
1416	Unicorn-56738.exe
1028	Unicorn-28664.exe
608	Unicorn-28664.exe
940	Unicorn-43739.exe
1460	Unicorn-64009.exe
1052	Unicorn-64009.exe
1480	Unicorn-11471.exe
980	Unicorn-48934.exe
1856	Unicorn-53485.exe
1844	Unicorn-23657.exe
1536	Unicorn-18866.exe
3056	Unicorn-38732.exe
3040	Unicorn-39308.exe
2252	Unicorn-3599.exe
2108	Unicorn-39308.exe
2388	Unicorn-52307.exe
2824	Unicorn-19127.exe
2680	Unicorn-51498.exe
1624	Unicorn-49531.exe
2564	Unicorn-31632.exe
2884	Unicorn-3859.exe
2408	Unicorn-56542.exe
2688	Unicorn-52375.exe
1296	Unicorn-60948.exe
1036	Unicorn-24061.exe
1892	Unicorn-10569.exe
1832	Unicorn-23952.exe
2132	Unicorn-8457.exe
1916	Unicorn-24493.exe
2172	Unicorn-24493.exe
2440	Unicorn-4435.exe
2836	Unicorn-24301.exe
308	Unicorn-54705.exe
2972	Unicorn-31320.exe
1484	Unicorn-46229.exe
2988	Unicorn-9342.exe
812	Unicorn-46037.exe
1576	Unicorn-59612.exe
2232	Unicorn-29016.exe
2144	Unicorn-42590.exe
836	Unicorn-57858.exe
2752	Unicorn-62456.exe
2200	Unicorn-61698.exe
2932	Unicorn-15835.exe
2660	Unicorn-33816.exe
2556	Unicorn-13950.exe
2452	Unicorn-31678.exe
2436	Unicorn-16795.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exeUnicorn-29124.exeUnicorn-38294.exeUnicorn-2777.exeUnicorn-1732.exeUnicorn-31752.exeUnicorn-1540.exeUnicorn-58266.exe

description	pid	process	target process
PID 2276 wrote to memory of 2056	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-29124.exe
PID 2276 wrote to memory of 2056	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-29124.exe
PID 2276 wrote to memory of 2056	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-29124.exe
PID 2276 wrote to memory of 2056	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-29124.exe
PID 2056 wrote to memory of 2208	2056	Unicorn-29124.exe	Unicorn-38294.exe
PID 2056 wrote to memory of 2208	2056	Unicorn-29124.exe	Unicorn-38294.exe
PID 2056 wrote to memory of 2208	2056	Unicorn-29124.exe	Unicorn-38294.exe
PID 2056 wrote to memory of 2208	2056	Unicorn-29124.exe	Unicorn-38294.exe
PID 2276 wrote to memory of 2676	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-2777.exe
PID 2276 wrote to memory of 2676	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-2777.exe
PID 2276 wrote to memory of 2676	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-2777.exe
PID 2276 wrote to memory of 2676	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	Unicorn-2777.exe
PID 2276 wrote to memory of 2608	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	WerFault.exe
PID 2276 wrote to memory of 2608	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	WerFault.exe
PID 2276 wrote to memory of 2608	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	WerFault.exe
PID 2276 wrote to memory of 2608	2276	a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe	WerFault.exe
PID 2208 wrote to memory of 2540	2208	Unicorn-38294.exe	Unicorn-1732.exe
PID 2208 wrote to memory of 2540	2208	Unicorn-38294.exe	Unicorn-1732.exe
PID 2208 wrote to memory of 2540	2208	Unicorn-38294.exe	Unicorn-1732.exe
PID 2208 wrote to memory of 2540	2208	Unicorn-38294.exe	Unicorn-1732.exe
PID 2056 wrote to memory of 2652	2056	Unicorn-29124.exe	Unicorn-31752.exe
PID 2056 wrote to memory of 2652	2056	Unicorn-29124.exe	Unicorn-31752.exe
PID 2056 wrote to memory of 2652	2056	Unicorn-29124.exe	Unicorn-31752.exe
PID 2056 wrote to memory of 2652	2056	Unicorn-29124.exe	Unicorn-31752.exe
PID 2676 wrote to memory of 2640	2676	Unicorn-2777.exe	Unicorn-1540.exe
PID 2676 wrote to memory of 2640	2676	Unicorn-2777.exe	Unicorn-1540.exe
PID 2676 wrote to memory of 2640	2676	Unicorn-2777.exe	Unicorn-1540.exe
PID 2676 wrote to memory of 2640	2676	Unicorn-2777.exe	Unicorn-1540.exe
PID 2056 wrote to memory of 2456	2056	Unicorn-29124.exe	WerFault.exe
PID 2056 wrote to memory of 2456	2056	Unicorn-29124.exe	WerFault.exe
PID 2056 wrote to memory of 2456	2056	Unicorn-29124.exe	WerFault.exe
PID 2056 wrote to memory of 2456	2056	Unicorn-29124.exe	WerFault.exe
PID 2540 wrote to memory of 2984	2540	Unicorn-1732.exe	Unicorn-58266.exe
PID 2540 wrote to memory of 2984	2540	Unicorn-1732.exe	Unicorn-58266.exe
PID 2540 wrote to memory of 2984	2540	Unicorn-1732.exe	Unicorn-58266.exe
PID 2540 wrote to memory of 2984	2540	Unicorn-1732.exe	Unicorn-58266.exe
PID 2208 wrote to memory of 1992	2208	Unicorn-38294.exe	Unicorn-24586.exe
PID 2208 wrote to memory of 1992	2208	Unicorn-38294.exe	Unicorn-24586.exe
PID 2208 wrote to memory of 1992	2208	Unicorn-38294.exe	Unicorn-24586.exe
PID 2208 wrote to memory of 1992	2208	Unicorn-38294.exe	Unicorn-24586.exe
PID 2652 wrote to memory of 1436	2652	Unicorn-31752.exe	Unicorn-44260.exe
PID 2652 wrote to memory of 1436	2652	Unicorn-31752.exe	Unicorn-44260.exe
PID 2652 wrote to memory of 1436	2652	Unicorn-31752.exe	Unicorn-44260.exe
PID 2652 wrote to memory of 1436	2652	Unicorn-31752.exe	Unicorn-44260.exe
PID 2640 wrote to memory of 2180	2640	Unicorn-1540.exe	Unicorn-44260.exe
PID 2640 wrote to memory of 2180	2640	Unicorn-1540.exe	Unicorn-44260.exe
PID 2640 wrote to memory of 2180	2640	Unicorn-1540.exe	Unicorn-44260.exe
PID 2640 wrote to memory of 2180	2640	Unicorn-1540.exe	Unicorn-44260.exe
PID 2676 wrote to memory of 1784	2676	Unicorn-2777.exe	Unicorn-7565.exe
PID 2676 wrote to memory of 1784	2676	Unicorn-2777.exe	Unicorn-7565.exe
PID 2676 wrote to memory of 1784	2676	Unicorn-2777.exe	Unicorn-7565.exe
PID 2676 wrote to memory of 1784	2676	Unicorn-2777.exe	Unicorn-7565.exe
PID 2208 wrote to memory of 2008	2208	Unicorn-38294.exe	WerFault.exe
PID 2208 wrote to memory of 2008	2208	Unicorn-38294.exe	WerFault.exe
PID 2208 wrote to memory of 2008	2208	Unicorn-38294.exe	WerFault.exe
PID 2208 wrote to memory of 2008	2208	Unicorn-38294.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-2777.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-2777.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-2777.exe	WerFault.exe
PID 2676 wrote to memory of 2344	2676	Unicorn-2777.exe	WerFault.exe
PID 2984 wrote to memory of 1588	2984	Unicorn-58266.exe	Unicorn-13178.exe
PID 2984 wrote to memory of 1588	2984	Unicorn-58266.exe	Unicorn-13178.exe
PID 2984 wrote to memory of 1588	2984	Unicorn-58266.exe	Unicorn-13178.exe
PID 2984 wrote to memory of 1588	2984	Unicorn-58266.exe	Unicorn-13178.exe

C:\Users\Admin\AppData\Local\Temp\a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe
"C:\Users\Admin\AppData\Local\Temp\a77bb4af0b504461551799ca6af3049a9819538e7d814a252845d3ef5a707e5c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-58266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58266.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3859.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29016.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8723.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52699.exe
11⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20955.exe
12⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14260.exe
13⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53147.exe
14⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
14⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
13⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
12⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
11⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 216
10⤵
- Program crash
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37749.exe
9⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
10⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
11⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47917.exe
12⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20657.exe
13⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55192.exe
14⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
14⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
13⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 236
12⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
11⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
10⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
9⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57858.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
9⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11567.exe
10⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53659.exe
11⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
12⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49398.exe
13⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20921.exe
14⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
14⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
13⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 220
12⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
11⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49253.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
11⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-44219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44219.exe
12⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27029.exe
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
13⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
12⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
11⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59543.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
10⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54706.exe
11⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48653.exe
12⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21393.exe
13⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
12⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
11⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
10⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
9⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
8⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31632.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31320.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43308.exe
9⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19871.exe
10⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
11⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44335.exe
12⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44285.exe
13⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21837.exe
14⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
13⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
12⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
11⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
11⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10113.exe
13⤵
PID:13932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
13⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6613.exe
8⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60981.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-29335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29335.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51576.exe
11⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20699.exe
12⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
13⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 204
13⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
11⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
9⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
8⤵
- Program crash
PID:3192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 220
7⤵
- Program crash
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11471.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51498.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-29420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29420.exe
8⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22097.exe
9⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28885.exe
10⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-1706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1706.exe
11⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
12⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42375.exe
13⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3949.exe
14⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
14⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 216
13⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
12⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
11⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1332.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43309.exe
11⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
12⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40117.exe
13⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
13⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
12⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 236
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 240
10⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41883.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-346.exe
11⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
10⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
9⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
8⤵
- Program crash
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59612.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 220
8⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
7⤵
- Program crash
PID:572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
6⤵
- Program crash
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64009.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19127.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
9⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12553.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15995.exe
11⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
12⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47667.exe
13⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34963.exe
14⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 236
14⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
13⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
12⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 236
11⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44069.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54395.exe
11⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
12⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19961.exe
13⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
13⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
12⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
11⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
10⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24182.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35678.exe
10⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
11⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38651.exe
12⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28612.exe
13⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 236
13⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
12⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
10⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 220
9⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
8⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55225.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
11⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64101.exe
12⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25593.exe
13⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
10⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 236
9⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
8⤵
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9342.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
8⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62605.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18299.exe
10⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19216.exe
11⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
12⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7580.exe
13⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13213.exe
14⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
14⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
12⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
11⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48319.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22081.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
11⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
11⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
10⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27088.exe
8⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35512.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
10⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35306.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15664.exe
12⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
9⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
- Program crash
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
7⤵
- Program crash
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49531.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46037.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25552.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35262.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53394.exe
11⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58741.exe
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 216
12⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
11⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 220
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 216
8⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3432.exe
7⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-19611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19611.exe
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12883.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
11⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
12⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
12⤵
PID:13492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 236
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
7⤵
- Program crash
PID:1604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
6⤵
- Program crash
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48934.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52375.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62456.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26287.exe
9⤵
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39798.exe
10⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6864.exe
11⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
12⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-781.exe
13⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
14⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
14⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
13⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
11⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43381.exe
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
11⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
12⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48124.exe
13⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
13⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 236
11⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1884 -s 240
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35775.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33741.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-42396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42396.exe
11⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49645.exe
12⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35556.exe
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
12⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
10⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36405.exe
8⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36611.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15306.exe
10⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2018.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11338.exe
12⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
10⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
9⤵
PID:5432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
8⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 240
8⤵
- Program crash
PID:3892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
7⤵
- Program crash
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56542.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33816.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12563.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3581.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20379.exe
10⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63295.exe
11⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38648.exe
12⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
11⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 220
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
7⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20473.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36182.exe
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7576 -s 300
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:9604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
9⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 216
8⤵
PID:4136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:3176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
6⤵
- Program crash
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53485.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15835.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43173.exe
8⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42282.exe
10⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60929.exe
11⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1533.exe
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 236
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
11⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 216
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15807.exe
9⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13676.exe
10⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46094.exe
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
11⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
10⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
9⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
8⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
7⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5471.exe
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40611.exe
11⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37643.exe
12⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 204
12⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
9⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
8⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
7⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24751.exe
7⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9310.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30907.exe
10⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55928.exe
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 204
12⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 216
11⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
8⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21624.exe
7⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38159.exe
8⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47004.exe
9⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62006.exe
10⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11103.exe
11⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 216
11⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
10⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
9⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
8⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
- Program crash
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
6⤵
- Program crash
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
5⤵
- Program crash
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24301.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32492.exe
8⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54826.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34744.exe
10⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22937.exe
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12795.exe
12⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
13⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
14⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 216
14⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
13⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
12⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
11⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30721.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46066.exe
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41175.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30085.exe
12⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
11⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
9⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 216
8⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
8⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36316.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
10⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37480.exe
11⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58377.exe
12⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-311.exe
13⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
11⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17026.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32885.exe
9⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21315.exe
10⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1503.exe
11⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62305.exe
12⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
12⤵
PID:9016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 236
10⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 240
8⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
7⤵
- Program crash
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14298.exe
7⤵
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41753.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34334.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13440.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
11⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
12⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 236
12⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
11⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 216
8⤵
- Program crash
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
7⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22969.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36465.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60733.exe
10⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
11⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65200.exe
12⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
12⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
8⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
7⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
6⤵
- Program crash
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 220
6⤵
- Program crash
PID:2432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
5⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8798.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
7⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58466.exe
8⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38620.exe
9⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19792.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18738.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9655.exe
12⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
13⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10460 -s 236
13⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33523.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17594.exe
10⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33600.exe
11⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5154.exe
12⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
12⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
11⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
7⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56217.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
10⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
11⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
12⤵
PID:14056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
8⤵
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
7⤵
- Program crash
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
6⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
7⤵
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19470.exe
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
10⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 236
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
7⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45541.exe
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-899.exe
9⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
10⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41168.exe
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 216
11⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
10⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
9⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
8⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
7⤵
- Program crash
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 220
6⤵
- Program crash
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
5⤵
- Program crash
PID:472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43739.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23657.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65310.exe
8⤵
PID:2460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
9⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
8⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11422.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2770.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43567.exe
11⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
12⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30638.exe
13⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
11⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
9⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 240
8⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30177.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22508.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42998.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38716.exe
12⤵
PID:10016

C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
13⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10016 -s 216
13⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
12⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
11⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10709.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41493.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44959.exe
11⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42302.exe
12⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
12⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 220
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22885.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5546.exe
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
10⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59053.exe
11⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
12⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
12⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
10⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
8⤵
PID:4424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
7⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23952.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31678.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61455.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62076.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34291.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
11⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-59194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59194.exe
12⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6698.exe
13⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 216
13⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
12⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56601.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36457.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62634.exe
10⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47984.exe
11⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50034.exe
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 236
12⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
11⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 236
10⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
8⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
7⤵
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44479.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1234.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59493.exe
10⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28616.exe
11⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
12⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
11⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 236
8⤵
PID:4912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
6⤵
- Program crash
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18866.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8457.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
7⤵
- Executes dropped EXE
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11076.exe
8⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
9⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58271.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
12⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31083.exe
13⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
12⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
11⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
10⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57862.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34187.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16058.exe
10⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49827.exe
11⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
12⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
12⤵
PID:13500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
8⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41096.exe
7⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28444.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52859.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51256.exe
10⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24699.exe
11⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
11⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
10⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
8⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
7⤵
- Program crash
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-45445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45445.exe
6⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23983.exe
7⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62154.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
9⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33477.exe
10⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38547.exe
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
11⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
10⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
9⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
8⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41691.exe
7⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
8⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64170.exe
9⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-257.exe
10⤵
PID:10604

C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8372.exe
11⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10604 -s 216
11⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
10⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
9⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
8⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
7⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
6⤵
- Program crash
PID:1700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
5⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56738.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16795.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
7⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37852.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36491.exe
9⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63613.exe
10⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62432.exe
11⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34599.exe
12⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
12⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
8⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51619.exe
7⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43476.exe
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14092.exe
9⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33838.exe
10⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22328.exe
11⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
11⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
10⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
9⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 220
7⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37173.exe
6⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-43711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43711.exe
7⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28079.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18546.exe
9⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
10⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
11⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11180 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
10⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
9⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
8⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
7⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54482.exe
8⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7761.exe
9⤵
PID:10772

C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55762.exe
10⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10772 -s 216
10⤵
PID:13696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
9⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4948 -s 216
8⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
7⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
6⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 236
5⤵
- Program crash
PID:832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28664.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39308.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42590.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23298.exe
7⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4411.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34483.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
12⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
8⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
7⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14980.exe
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33787.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54139.exe
10⤵
PID:10716

C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60967.exe
11⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10716 -s 204
11⤵
PID:13752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
10⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
9⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
8⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
6⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4435.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34392.exe
6⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28098.exe
7⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50954.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59820.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44477.exe
11⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-24691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24691.exe
12⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 236
9⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
8⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16450.exe
7⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
8⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
9⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3146.exe
10⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27206.exe
11⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
10⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
9⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
8⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 236
6⤵
- Program crash
PID:3296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
5⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52307.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24493.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29950.exe
6⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10929.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55372.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
12⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
12⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
11⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 236
10⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
9⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42120.exe
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30139.exe
9⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15514.exe
10⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 220
11⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
10⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
9⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
8⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54982.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
8⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4310.exe
9⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56183.exe
10⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18358.exe
11⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
11⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
10⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
9⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
8⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
7⤵
- Program crash
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8040.exe
6⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-4219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4219.exe
7⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23897.exe
8⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60261.exe
9⤵
PID:7476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28367.exe
10⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28690.exe
11⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7476 -s 216
10⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
9⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
8⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 216
7⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
6⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59970.exe
5⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
6⤵
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21152.exe
7⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34274.exe
8⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
9⤵
PID:10040

C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28962.exe
10⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10040 -s 216
10⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
9⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
8⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 216
7⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57094.exe
6⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9013.exe
7⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37506.exe
8⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33193.exe
9⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
10⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
9⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
8⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
7⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
6⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 220
5⤵
- Program crash
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
4⤵
- Program crash
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
2⤵
- Program crash
PID:2608

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1540.exe
Filesize
184KB

MD5
b989aa5afee4f1c226a68fcefc203add

SHA1
1829a88db9ce1d4722a3e1f66d380e3c0c6b8e3d

SHA256
460ab23fb51d2da4545ebfdc25b508bc5493c634dd28115ac532d2c9e90363ef

SHA512
16e4fdb0705bd351dcb2065bb9f2200477640405e4e8868fb5a346b0e33c898a775b7434a1ab275f4c7122a6a9224bf5b48ad3e3c7ce3568c65d834812430629

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1902.exe
Filesize
184KB

MD5
f0321a6249f7653e0f398721301e03a9

SHA1
f112cd916513f55b1c994671fa4aa1077243c094

SHA256
c9f3083c05df29cb8b64f645611608faec88223e90a33fd33742b8698c6c8ab0

SHA512
1f6144d1ee054dfb8836213c3c0ceb848775d7cfaa6f394847784db22b70d412c73beefdadf7402ed5ca6d574462c76989fe5139ec5c39227a066b326b6701c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-21289.exe
Filesize
184KB

MD5
458236ede529fb6625009010914e2af5

SHA1
b4e1035a36d6b5e5cfd20831cea5e5668a72d295

SHA256
a4d0b730232be69ce027544d6a0f9c0f55a352e65527440299dac0cdd156d30f

SHA512
8c306b42b34036d04cd737336139d94044abff7470e5b438dd97afe6cd92590436c56ad3e25dd54cc95b20a5447e8986a9e2045c629860381f548f1f5fd2a666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38056.exe
Filesize
184KB

MD5
81abe2fc382be5d833f18df3c270cf5f

SHA1
7e3183df889668920ced9b0acf1723853615dc8f

SHA256
97e3a48fd2f2bd851fbc72fb0873ca5a5bb8c526bd2c5d58f412d947f32b0330

SHA512
59c25570d727ca2eb2ebd61d54f642385228bb6cff1cd07e6fb41d69d9472edd725197bfd9ab432b816625594f05715ef14f5e4073712439d2b51283996e9328

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38294.exe
Filesize
184KB

MD5
e9a37e457e464ccf0f68c3ca0314b198

SHA1
4d09e3d4f056b03b338ccbb83da8ae9910948186

SHA256
3737acbfdc97ca75f08daaf61a37a6d11ef943274e2d2610201e54b762838506

SHA512
fb20579da41844dbf47e8e03f45d5168de73b31c3ac84c238ab683f8bc086e8228790e6d0c35cb9cc4cb76d3fe64ed78249d2a3e4f68eeb47c46f76f9c24cabb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
Filesize
184KB

MD5
4a1910de41260fc5795b277d94601ab0

SHA1
2984e759a7180fabc6791ac0ccaaa26b3b4980b0

SHA256
def1e2063b727f5bd160bd14d114e090b1a53ec8d67d6b28aafa1e7e94534a25

SHA512
ad929ed441d908a3e1c8876f26824b47724cac2b91101718cd4f60a897c783b1f93ba51029a5e2a12a84618149b24b53160c5818a0f4504ccaca9fda98cfb9d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44260.exe
Filesize
184KB

MD5
24767cc6b1efd0ff2eed318650ca1c6f

SHA1
f080c30fe9037bc46c00cc7ade4c5a8983ddb8f4

SHA256
e6441efe9554e8e05926d1561d890fa599fad7f27493c66f8b2c0a5dc477b4d4

SHA512
4d2c5784f316d9f1ed6f73bf6a8d58a0b58e5f64432126151433d09f5ec656abdb96d3acab7366a05e30b2dd4666feda8656c590c0295ea9c9817ce8dcb1bcda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56982.exe
Filesize
184KB

MD5
457891739331c0b33b94f8a039d29640

SHA1
5133ab4c26fca8a4970269b71a294c578322fd04

SHA256
7e8fe525b90fd01b49d237bef99a19599e292eb54b8fa54d9bf5ff30bf4781d0

SHA512
442ed3988a97770231f9ce41b89f81bc06db850d15654cbb19cd6c4926d324df84aea53c4ca3217eea4b60f118409910fe924a10f68a31e3d66681f5c1b699d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58030.exe
Filesize
184KB

MD5
882ab5ef232e739f79a586e2b18bd70a

SHA1
b57ffe8fa4f95d926054170088398572f452b5b6

SHA256
d90eb4135162c4ae8d5496d89f7338360f7919d7a41aef700eae475d4d8529a0

SHA512
069f37a87422f87746b96a233f973d5c44d2b606a89b3f022da203dcaa39f77241b16e2814440437583b9eaf3ae24904e7f03b8e0672e5dd2835f1454893d518

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5872.exe
Filesize
184KB

MD5
2c9f1912f81b9d491558e6ac2e10c1ca

SHA1
d87c15b0b2866a406f8fbeeb5ebf757adead5b81

SHA256
5d17ec0facc22b5e909dd063d166579756a6f11a398465df6363233cad093f76

SHA512
da3557e93f5eeeaaf8fff0313a136288c0f04bff81a176d654b53c5efcfe345715bc3befca0dab425bfdd64b859f0ab392598e1f0757ae3aab7c3a15acd6c1f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
Filesize
184KB

MD5
26bd97ef194c948bf048b5be20783f3d

SHA1
c03d3bc8078c86a3a726f4cba809edc7b4f8924c

SHA256
11dbed68753d74895c174a56e313c6d83e2192bbd5879432ab8fe78f5dedc15c

SHA512
9891df0d9537e3faa4572cda42c82972cfa07deaf296d60b5e6d6321e694bf7add586162b9eb48559d6d971f99a7f6b9312e0e5068c77b4edd8181f640cfad22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13178.exe
Filesize
184KB

MD5
778e68f6916ee36fd678e7ad9400a6b0

SHA1
bc74ac1f80841317699e4968a867cffe89486696

SHA256
37750ceb510f34d0072f419281802746a71a6419bde51011c6f5094e8efffe97

SHA512
00886e512bd3f9ebbca98a7281117ec2e4f9abaeb9933fdcc905dca6d2ca55b56aab63cb07bd60e6d39db5bb26df2b5dffea86f8f5513702dfe852824ecd52a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1732.exe
Filesize
184KB

MD5
99e003cb49466cf7f5708045f827b8bf

SHA1
72ced6fe66051f9612db73b6171c207a7bfbe91f

SHA256
e96f1eb95ad222b7ef71e906396174ac9f2efebf20ca4aec95977637faa13c6d

SHA512
1aa636549d7abaaef6724b4ee1a555fe9024d88c5da2216c6916c584296560b85b82b32bcebe9bcf8441c525eacaa2b701e31461d14a716dc4e59be2d1ec4c76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24586.exe
Filesize
184KB

MD5
6d0704c9d6a3a2a302463a74a6e06b03

SHA1
3314e8bdd19cf782b1d6051fdc5a65661e5fa64e

SHA256
e14837901f7694bd688314da6bb6df4c4ffedcaa3de8d8e3ae2010ca81879c7d

SHA512
be94e46c54b49c930d5d34c1dff0d926c64a2ebf1171367ff3f9ce3810c866711bbc4f9cb7001c5cafced5d136e98c936bdfc36a00cec55fe9a6f658aa8a3ff4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2777.exe
Filesize
184KB

MD5
843be098cbefe8b51a9c23716f976ae4

SHA1
0f431d25ea22246cbd4b88027c25a6dd5fe3958d

SHA256
34ffae6e948ce95b7b4922ecdd9bf38d516c23e980836e6a1d8601b148748246

SHA512
802800ae6f20efad2fa30519c6009cdf4379650bd5613cceb03dc8f02f0fc4f6a887d5aea3d6201a6108a66a4c73f5e275f63611b3dc5781ddb51fa3db64863b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29124.exe
Filesize
184KB

MD5
da9f092ab981d23b2d92edd83c951ef9

SHA1
f64e1c9ccd1d5a66f44667c47f8b03057790ce01

SHA256
9a2479b6af1d59bdaf2cc5566f1a6744dbe9c6df9f6a3bf0e169c7edf35e9ba9

SHA512
ae2441c28b0b8e944146c01d07af50675c8b77c7eac1508292b2479aa2aaceaaa84aedf12dfec36fda0f3a2e75a5034b7c48283fa1a3dc2a1c2245846afa67ef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
Filesize
184KB

MD5
c1b5dda51a37cc4b7d317e778a41e3fd

SHA1
75dc20ed21a2625ca571e6d92eb56b4883e82976

SHA256
cc01df61055e5f6e68e500f84a91e5a22ebcf4d4ffa0c63f1c040ce8f4496d8d

SHA512
1ede840b90e6106cec52bfe2f03d287706cadbfac72f5d8a82c8ba5197210be939f14970dd36d8daaa9dccc0eed20f9a17c36d53daaecfb993a37966d9907d70

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43198.exe
Filesize
184KB

MD5
905b21637791ded721ca904982e7052c

SHA1
361aa16902c526461d9edff7895c6012486cbdf8

SHA256
5e79fc95942beac9dfbbd8dac6c809a5f0a3f7cf1a120d8c58a2e47aff914553

SHA512
7fe7112309b3f70aec6363e56a1cfc9b775acbabddfbd21f4053a969c7e678813d7bc675af34978525cef548e208fe1391a81a92746901b6e351928212534ef3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58266.exe
Filesize
184KB

MD5
db854c744236161f546ddaa7a2e7464a

SHA1
1b04556b365d43a6efee81df4ef0d3b85b9f1669

SHA256
9506b0ef693f966d2ea510f1bbe7d88665b01e6acee0ab3cb75296e0a360e845

SHA512
cf45a10b3af27562c2b35bf6a4947dd89a5ac4ecd4222e9e67b9ebf32012d4ebdbf7f18e3b1f11ae1ff10d84c0a930a2b11206568a624b353ec45a805713a3e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
Filesize
184KB

MD5
6ae3220783bca32ba81def9353f6c672

SHA1
b853e4d83ae2ec8c0051e4f5ef1d75450babc2ab

SHA256
431f37eb6967953c6e3506f6e17cfddb65e03e645928de3600ec6908539255e6

SHA512
81009780b42e5c551b74c9b1f608c42e47f6cbb2b8b5fba8ac786989e0fb7baa7328cc905327fc3b995d9d7057f7ba67f87c8eee760bd3ecd83d12e833e78c5f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads