bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721

Analysis

max time kernel
149s
max time network
120s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
Size

184KB
MD5

8fe3e0e6613db291a065b04d05e3fa42
SHA1

a2c82a997a7e04c7813457d8b53e1a79467082f5
SHA256

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721
SHA512

238d66e4f647f8e92cea841f0a34eb9fb3f0569e43fb5df061eb265f656b6501e230d8c8722667b0b2632df3fa47444ce491b1816abc738204e5a65ab065b880
SSDEEP

3072:UMS7TxoTFAOpd4hIeE7LRbV4MlnziF5n3:UMkobn4hCLJV4MlnziF5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-26653.exeUnicorn-24383.exeUnicorn-20853.exeUnicorn-36194.exeUnicorn-49001.exeUnicorn-3329.exeUnicorn-10143.exeUnicorn-55815.exeUnicorn-39286.exeUnicorn-15104.exeUnicorn-15104.exeUnicorn-2795.exeUnicorn-64803.exeUnicorn-50735.exeUnicorn-24607.exeUnicorn-57279.exeUnicorn-37413.exeUnicorn-8078.exeUnicorn-4549.exeUnicorn-4321.exeUnicorn-14113.exeUnicorn-36994.exeUnicorn-33464.exeUnicorn-3937.exeUnicorn-13729.exeUnicorn-19890.exeUnicorn-16360.exeUnicorn-52562.exeUnicorn-52562.exeUnicorn-19698.exeUnicorn-65369.exeUnicorn-14116.exeUnicorn-17454.exeUnicorn-62056.exeUnicorn-48865.exeUnicorn-61672.exeUnicorn-33214.exeUnicorn-48481.exeUnicorn-61288.exeUnicorn-15617.exeUnicorn-12959.exeUnicorn-17921.exeUnicorn-61968.exeUnicorn-42102.exeUnicorn-30727.exeUnicorn-29104.exeUnicorn-45440.exeUnicorn-14199.exeUnicorn-12575.exeUnicorn-46872.exeUnicorn-42093.exeUnicorn-3883.exeUnicorn-21843.exeUnicorn-33026.exeUnicorn-55004.exeUnicorn-5803.exeUnicorn-5803.exeUnicorn-17541.exeUnicorn-5611.exeUnicorn-53551.exeUnicorn-49830.exeUnicorn-16773.exeUnicorn-4843.exeUnicorn-49446.exe

pid	process
1440	Unicorn-26653.exe
2100	Unicorn-24383.exe
2472	Unicorn-20853.exe
2644	Unicorn-36194.exe
2664	Unicorn-49001.exe
2640	Unicorn-3329.exe
1680	Unicorn-10143.exe
1424	Unicorn-55815.exe
1992	Unicorn-39286.exe
2216	Unicorn-15104.exe
316	Unicorn-15104.exe
1624	Unicorn-2795.exe
2284	Unicorn-64803.exe
2076	Unicorn-50735.exe
2060	Unicorn-24607.exe
2892	Unicorn-57279.exe
2360	Unicorn-37413.exe
580	Unicorn-8078.exe
592	Unicorn-4549.exe
2380	Unicorn-4321.exe
2364	Unicorn-14113.exe
2028	Unicorn-36994.exe
1304	Unicorn-33464.exe
1976	Unicorn-3937.exe
1664	Unicorn-13729.exe
1224	Unicorn-19890.exe
2116	Unicorn-16360.exe
2308	Unicorn-52562.exe
1720	Unicorn-52562.exe
2356	Unicorn-19698.exe
2172	Unicorn-65369.exe
2204	Unicorn-14116.exe
2440	Unicorn-17454.exe
1920	Unicorn-62056.exe
2944	Unicorn-48865.exe
2548	Unicorn-61672.exe
2536	Unicorn-33214.exe
2436	Unicorn-48481.exe
2976	Unicorn-61288.exe
2696	Unicorn-15617.exe
1824	Unicorn-12959.exe
2168	Unicorn-17921.exe
1896	Unicorn-61968.exe
2420	Unicorn-42102.exe
2012	Unicorn-30727.exe
2004	Unicorn-29104.exe
1200	Unicorn-45440.exe
1764	Unicorn-14199.exe
1628	Unicorn-12575.exe
1736	Unicorn-46872.exe
840	Unicorn-42093.exe
1364	Unicorn-3883.exe
1852	Unicorn-21843.exe
1640	Unicorn-33026.exe
896	Unicorn-55004.exe
2184	Unicorn-5803.exe
1740	Unicorn-5803.exe
3064	Unicorn-17541.exe
1328	Unicorn-5611.exe
2672	Unicorn-53551.exe
324	Unicorn-49830.exe
2524	Unicorn-16773.exe
2544	Unicorn-4843.exe
2648	Unicorn-49446.exe

Loads dropped DLL 64 IoCs

Processes:

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exeUnicorn-26653.exeUnicorn-20853.exeUnicorn-24383.exeWerFault.exeUnicorn-36194.exeUnicorn-3329.exeUnicorn-49001.exeWerFault.exeWerFault.exeUnicorn-10143.exeUnicorn-55815.exeUnicorn-15104.exeUnicorn-39286.exeUnicorn-15104.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
1440	Unicorn-26653.exe
1440	Unicorn-26653.exe
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2472	Unicorn-20853.exe
2472	Unicorn-20853.exe
1440	Unicorn-26653.exe
1440	Unicorn-26653.exe
2100	Unicorn-24383.exe
2100	Unicorn-24383.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2472	Unicorn-20853.exe
2644	Unicorn-36194.exe
2644	Unicorn-36194.exe
2472	Unicorn-20853.exe
2100	Unicorn-24383.exe
2100	Unicorn-24383.exe
2640	Unicorn-3329.exe
2664	Unicorn-49001.exe
2640	Unicorn-3329.exe
2664	Unicorn-49001.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1532	WerFault.exe
1864	WerFault.exe
1532	WerFault.exe
1680	Unicorn-10143.exe
1680	Unicorn-10143.exe
2644	Unicorn-36194.exe
2644	Unicorn-36194.exe
1424	Unicorn-55815.exe
1424	Unicorn-55815.exe
316	Unicorn-15104.exe
316	Unicorn-15104.exe
1992	Unicorn-39286.exe
1992	Unicorn-39286.exe
2664	Unicorn-49001.exe
2664	Unicorn-49001.exe
2216	Unicorn-15104.exe
2216	Unicorn-15104.exe
2640	Unicorn-3329.exe
2640	Unicorn-3329.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
816	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
2492	WerFault.exe
288	WerFault.exe
288	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2632	2164	WerFault.exe	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
2956	1440	WerFault.exe	Unicorn-26653.exe
1864	2472	WerFault.exe	Unicorn-20853.exe
1532	2100	WerFault.exe	Unicorn-24383.exe
816	2644	WerFault.exe	Unicorn-36194.exe
2492	2664	WerFault.exe	Unicorn-49001.exe
288	2640	WerFault.exe	Unicorn-3329.exe
1604	1680	WerFault.exe	Unicorn-10143.exe
1704	1424	WerFault.exe	Unicorn-55815.exe
1008	316	WerFault.exe	Unicorn-15104.exe
2756	1992	WerFault.exe	Unicorn-39286.exe
2680	2216	WerFault.exe	Unicorn-15104.exe
332	1624	WerFault.exe	Unicorn-2795.exe
684	2284	WerFault.exe	Unicorn-64803.exe
3044	2076	WerFault.exe	Unicorn-50735.exe
2368	2060	WerFault.exe	Unicorn-24607.exe
876	2892	WerFault.exe	Unicorn-57279.exe
2988	1640	WerFault.exe	Unicorn-33026.exe
1904	2360	WerFault.exe	Unicorn-37413.exe
844	592	WerFault.exe	Unicorn-4549.exe
1516	2364	WerFault.exe	Unicorn-14113.exe
1796	2028	WerFault.exe	Unicorn-36994.exe
3052	1304	WerFault.exe	Unicorn-33464.exe
2736	1976	WerFault.exe	Unicorn-3937.exe
2424	1664	WerFault.exe	Unicorn-13729.exe
2616	2172	WerFault.exe	Unicorn-65369.exe
1344	2308	WerFault.exe	Unicorn-52562.exe
2228	1224	WerFault.exe	Unicorn-19890.exe
1876	2116	WerFault.exe	Unicorn-16360.exe
1972	2356	WerFault.exe	Unicorn-19698.exe
1676	1720	WerFault.exe	Unicorn-52562.exe
3020	2204	WerFault.exe	Unicorn-14116.exe
1772	2440	WerFault.exe	Unicorn-17454.exe
2752	1920	WerFault.exe	Unicorn-62056.exe
3152	2536	WerFault.exe	Unicorn-33214.exe
3160	2548	WerFault.exe	Unicorn-61672.exe
3224	2696	WerFault.exe	Unicorn-15617.exe
3216	2976	WerFault.exe	Unicorn-61288.exe
3232	2944	WerFault.exe	Unicorn-48865.exe
3352	1764	WerFault.exe	Unicorn-14199.exe
3344	2012	WerFault.exe	Unicorn-30727.exe
3360	2004	WerFault.exe	Unicorn-29104.exe
3392	1200	WerFault.exe	Unicorn-45440.exe
3432	1824	WerFault.exe	Unicorn-12959.exe
3440	1896	WerFault.exe	Unicorn-61968.exe
3456	2168	WerFault.exe	Unicorn-17921.exe
3448	1736	WerFault.exe	Unicorn-46872.exe
3504	2420	WerFault.exe	Unicorn-42102.exe
3596	2436	WerFault.exe	Unicorn-48481.exe
3836	1628	WerFault.exe	Unicorn-12575.exe
3952	840	WerFault.exe	Unicorn-42093.exe
3724	2544	WerFault.exe	Unicorn-4843.exe
3884	324	WerFault.exe	Unicorn-49830.exe
3956	2052	WerFault.exe	Unicorn-58621.exe
4088	1652	WerFault.exe	Unicorn-23125.exe
3540	1636	WerFault.exe	Unicorn-23125.exe
3608	1996	WerFault.exe	Unicorn-10318.exe
3660	1900	WerFault.exe	Unicorn-55990.exe
3680	2380	WerFault.exe	Unicorn-4321.exe
3328	1364	WerFault.exe	Unicorn-3883.exe
4160	2184	WerFault.exe	Unicorn-5803.exe
4188	2920	WerFault.exe	Unicorn-61906.exe
4212	2400	WerFault.exe	Unicorn-45378.exe
4264	2884	WerFault.exe	Unicorn-48523.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exeUnicorn-26653.exeUnicorn-20853.exeUnicorn-24383.exeUnicorn-36194.exeUnicorn-49001.exeUnicorn-3329.exeUnicorn-10143.exeUnicorn-55815.exeUnicorn-15104.exeUnicorn-15104.exeUnicorn-39286.exeUnicorn-2795.exeUnicorn-64803.exeUnicorn-50735.exeUnicorn-24607.exeUnicorn-57279.exeUnicorn-8078.exeUnicorn-4549.exeUnicorn-37413.exeUnicorn-4321.exeUnicorn-14113.exeUnicorn-36994.exeUnicorn-33464.exeUnicorn-3937.exeUnicorn-13729.exeUnicorn-19890.exeUnicorn-16360.exeUnicorn-52562.exeUnicorn-52562.exeUnicorn-19698.exeUnicorn-65369.exeUnicorn-14116.exeUnicorn-17454.exeUnicorn-62056.exeUnicorn-48865.exeUnicorn-61672.exeUnicorn-33214.exeUnicorn-48481.exeUnicorn-61288.exeUnicorn-15617.exeUnicorn-12959.exeUnicorn-17921.exeUnicorn-61968.exeUnicorn-30727.exeUnicorn-42102.exeUnicorn-29104.exeUnicorn-45440.exeUnicorn-14199.exeUnicorn-12575.exeUnicorn-46872.exeUnicorn-42093.exeUnicorn-3883.exeUnicorn-21843.exeUnicorn-33026.exeUnicorn-55004.exeUnicorn-5803.exeUnicorn-5803.exeUnicorn-5611.exeUnicorn-53551.exeUnicorn-49830.exeUnicorn-16773.exeUnicorn-4843.exeUnicorn-49446.exe

pid	process
2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
1440	Unicorn-26653.exe
2472	Unicorn-20853.exe
2100	Unicorn-24383.exe
2644	Unicorn-36194.exe
2664	Unicorn-49001.exe
2640	Unicorn-3329.exe
1680	Unicorn-10143.exe
1424	Unicorn-55815.exe
316	Unicorn-15104.exe
2216	Unicorn-15104.exe
1992	Unicorn-39286.exe
1624	Unicorn-2795.exe
2284	Unicorn-64803.exe
2076	Unicorn-50735.exe
2060	Unicorn-24607.exe
2892	Unicorn-57279.exe
580	Unicorn-8078.exe
592	Unicorn-4549.exe
2360	Unicorn-37413.exe
2380	Unicorn-4321.exe
2364	Unicorn-14113.exe
2028	Unicorn-36994.exe
1304	Unicorn-33464.exe
1976	Unicorn-3937.exe
1664	Unicorn-13729.exe
1224	Unicorn-19890.exe
2116	Unicorn-16360.exe
2308	Unicorn-52562.exe
1720	Unicorn-52562.exe
2356	Unicorn-19698.exe
2172	Unicorn-65369.exe
2204	Unicorn-14116.exe
2440	Unicorn-17454.exe
1920	Unicorn-62056.exe
2944	Unicorn-48865.exe
2548	Unicorn-61672.exe
2536	Unicorn-33214.exe
2436	Unicorn-48481.exe
2976	Unicorn-61288.exe
2696	Unicorn-15617.exe
1824	Unicorn-12959.exe
2168	Unicorn-17921.exe
1896	Unicorn-61968.exe
2012	Unicorn-30727.exe
2420	Unicorn-42102.exe
2004	Unicorn-29104.exe
1200	Unicorn-45440.exe
1764	Unicorn-14199.exe
1628	Unicorn-12575.exe
1736	Unicorn-46872.exe
840	Unicorn-42093.exe
1364	Unicorn-3883.exe
1852	Unicorn-21843.exe
1640	Unicorn-33026.exe
896	Unicorn-55004.exe
2184	Unicorn-5803.exe
1740	Unicorn-5803.exe
1328	Unicorn-5611.exe
2672	Unicorn-53551.exe
324	Unicorn-49830.exe
2524	Unicorn-16773.exe
2544	Unicorn-4843.exe
2648	Unicorn-49446.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exeUnicorn-26653.exeUnicorn-20853.exeUnicorn-24383.exeUnicorn-36194.exeUnicorn-3329.exeUnicorn-49001.exeUnicorn-10143.exe

description	pid	process	target process
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 2164 wrote to memory of 1440	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-26653.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 1440 wrote to memory of 2100	1440	Unicorn-26653.exe	Unicorn-24383.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2472	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	Unicorn-20853.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2164 wrote to memory of 2632	2164	bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe	WerFault.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 2472 wrote to memory of 2644	2472	Unicorn-20853.exe	Unicorn-36194.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 1440 wrote to memory of 2664	1440	Unicorn-26653.exe	Unicorn-49001.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 2100 wrote to memory of 2640	2100	Unicorn-24383.exe	Unicorn-3329.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 1440 wrote to memory of 2956	1440	Unicorn-26653.exe	WerFault.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2644 wrote to memory of 1680	2644	Unicorn-36194.exe	Unicorn-10143.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2472 wrote to memory of 1424	2472	Unicorn-20853.exe	Unicorn-55815.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2100 wrote to memory of 1992	2100	Unicorn-24383.exe	Unicorn-39286.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2640 wrote to memory of 2216	2640	Unicorn-3329.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2664 wrote to memory of 316	2664	Unicorn-49001.exe	Unicorn-15104.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2472 wrote to memory of 1864	2472	Unicorn-20853.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 2100 wrote to memory of 1532	2100	Unicorn-24383.exe	WerFault.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe
PID 1680 wrote to memory of 1624	1680	Unicorn-10143.exe	Unicorn-2795.exe

C:\Users\Admin\AppData\Local\Temp\bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe
"C:\Users\Admin\AppData\Local\Temp\bc562aca3d58ca9dca08157f20f28fdab36ca4a8f3f653d55e2604066e6dd721.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8078.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12575.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10318.exe
9⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17252.exe
10⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22255.exe
11⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
12⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21207.exe
13⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1009.exe
14⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55997.exe
15⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
14⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
13⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
12⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 216
11⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
10⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51548.exe
9⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15381.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
11⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27346.exe
12⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41637.exe
13⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7403.exe
14⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 236
13⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
12⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 216
10⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
9⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
9⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
10⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20619.exe
11⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16241.exe
12⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28503.exe
13⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54544.exe
14⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 236
13⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
12⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
10⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
9⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46872.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16868.exe
9⤵
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52218.exe
10⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44422.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25999.exe
12⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
13⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59987.exe
14⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10732 -s 236
14⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
13⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
12⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
11⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 236
10⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48497.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57197.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6670.exe
12⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39424.exe
13⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 236
13⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34827.exe
8⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38698.exe
10⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43554.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
12⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27197.exe
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 216
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
11⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
9⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
8⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65369.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12959.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59327.exe
8⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
9⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3017.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57551.exe
11⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60591.exe
12⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
13⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
14⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 216
14⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
12⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
11⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64833.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37016.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26661.exe
11⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58357.exe
12⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39993.exe
13⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
12⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
10⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 220
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
8⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55612.exe
9⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49907.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35801.exe
11⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
12⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
13⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
12⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
10⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 216
9⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 240
8⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42476.exe
7⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54693.exe
8⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
10⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51219.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
12⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49522.exe
13⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 220
13⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
12⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
10⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31776.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63472.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32952.exe
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 220
11⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
- Program crash
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
6⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19698.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46198.exe
8⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55269.exe
9⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9177.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
11⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35417.exe
12⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
13⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8255.exe
14⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 220
14⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
13⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
12⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
11⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
10⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5456.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
11⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
12⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33627.exe
13⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
13⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
12⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
9⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35211.exe
8⤵
PID:1772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 220
8⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23125.exe
7⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
8⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12366.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42357.exe
10⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10433.exe
11⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27906.exe
12⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39578.exe
13⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 216
12⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
11⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
9⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
8⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
7⤵
- Program crash
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14199.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26847.exe
7⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22405.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
11⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41958.exe
12⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14726.exe
13⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
13⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
12⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 236
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
9⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4579.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33571.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62791.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44340.exe
11⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26045.exe
12⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10848 -s 216
12⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 220
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
8⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
7⤵
- Program crash
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
6⤵
- Program crash
PID:844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57279.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19890.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61968.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2264.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-815.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54628.exe
11⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25591.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
13⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
13⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
9⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 216
8⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58621.exe
7⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
8⤵
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53762.exe
11⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25794.exe
12⤵
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
13⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 236
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 216
9⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
8⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
7⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30727.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
7⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
8⤵
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24303.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48230.exe
11⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20283.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43812.exe
13⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
13⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 236
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
11⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 236
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51123.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63000.exe
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
10⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
11⤵
PID:10560

C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56106.exe
12⤵
PID:8956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
11⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
10⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
9⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
8⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
7⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40063.exe
9⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58780.exe
10⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
11⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60371.exe
12⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 216
10⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
8⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
7⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
6⤵
- Program crash
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16360.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29104.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
7⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59037.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44894.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1208.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
11⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63107.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 216
12⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
8⤵
PID:4776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
7⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55990.exe
6⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64390.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41973.exe
9⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63694.exe
10⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52529.exe
11⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12132.exe
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 220
12⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
11⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
9⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
8⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
7⤵
- Program crash
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
6⤵
- Program crash
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
5⤵
- Program crash
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3937.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48481.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4843.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20485.exe
9⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55887.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46939.exe
11⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26116.exe
12⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
13⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63231.exe
14⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
12⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
11⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 216
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
9⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3499.exe
8⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38508.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10789.exe
10⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52179.exe
11⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44714.exe
12⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10326.exe
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10516 -s 220
13⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 216
12⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
11⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
9⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
8⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49446.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
8⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30755.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60893.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
11⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
12⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27047.exe
13⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 240
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
11⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
10⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13769.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19482.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
10⤵
PID:7344

C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25186.exe
11⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53569.exe
12⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
12⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7344 -s 216
11⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
10⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
7⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61288.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55004.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20594.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49971.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63232.exe
11⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31507.exe
12⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38505.exe
13⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
13⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
12⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46250.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6268.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
11⤵
PID:10440

C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48370.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10440 -s 216
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
8⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
7⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10964.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61444.exe
11⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43341.exe
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
12⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
10⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 216
8⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
- Program crash
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
6⤵
- Program crash
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13729.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15617.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52555.exe
8⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
9⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-706.exe
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28388.exe
12⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57638.exe
13⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10808 -s 220
13⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
12⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53012.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53005.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
10⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6628.exe
11⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1727.exe
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 220
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
11⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52041.exe
7⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3593.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56591.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57773.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
11⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
12⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 236
12⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
8⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
7⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49830.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39509.exe
7⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39167.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1824.exe
10⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11590.exe
11⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25437.exe
12⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
11⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
10⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 216
8⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
7⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
6⤵
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
5⤵
- Program crash
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37413.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52562.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17921.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45814.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
8⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2633.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63664.exe
10⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
11⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57879.exe
12⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
13⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 220
13⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
11⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63150.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23963.exe
10⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8870.exe
11⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41229.exe
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 216
12⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
11⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
8⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2155.exe
7⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9561.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36385.exe
11⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30124.exe
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11032 -s 216
12⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
10⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 236
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
7⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
6⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42102.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12949.exe
6⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6452.exe
7⤵
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32720.exe
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14311.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5175.exe
11⤵
PID:10368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
12⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10368 -s 216
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
10⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
8⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38896.exe
7⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62574.exe
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48520.exe
9⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
10⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
11⤵
PID:1980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 216
10⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
9⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
8⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
7⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
6⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
7⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53114.exe
8⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35910.exe
9⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52840.exe
10⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52609.exe
11⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 220
11⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
9⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
8⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
7⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
6⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
5⤵
- Program crash
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17454.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3883.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
9⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12415.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
11⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24924.exe
12⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35606.exe
13⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29698.exe
14⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
14⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
13⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
12⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
11⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
10⤵
- Program crash
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57895.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57788.exe
11⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44651.exe
12⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47124.exe
13⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
13⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
12⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
10⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
9⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61330.exe
8⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49504.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15039.exe
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58821.exe
11⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
12⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44540.exe
13⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
13⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
12⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
11⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 216
9⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
8⤵
- Program crash
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33026.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 188
8⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
7⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62056.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45378.exe
7⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12799.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9782.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42111.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
11⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48084.exe
12⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
12⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
9⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 216
8⤵
- Program crash
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 236
7⤵
- Program crash
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14113.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48865.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53551.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3681.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2464.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
12⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54488.exe
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11252 -s 220
13⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38320.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17811.exe
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-170.exe
10⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48450.exe
11⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9708.exe
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
11⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
8⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32689.exe
7⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8793.exe
8⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6814.exe
9⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38292.exe
10⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42887.exe
11⤵
PID:10624

C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24400.exe
12⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10624 -s 220
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
10⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
8⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16773.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7028.exe
7⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37631.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33862.exe
9⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36025.exe
10⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
11⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26651.exe
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 236
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
10⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
8⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34594.exe
7⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 220
8⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
6⤵
- Program crash
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
5⤵
- Program crash
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14116.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42093.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17304.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8886.exe
8⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63430.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54500.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31892.exe
11⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27522.exe
12⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40237.exe
13⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
9⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29724.exe
8⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20159.exe
10⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65041.exe
11⤵
PID:11292

C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20222.exe
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 236
11⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
10⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
9⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
8⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38029.exe
7⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47478.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3187.exe
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6406.exe
10⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26199.exe
11⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21488.exe
12⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 236
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
10⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
8⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 240
7⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
6⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34043.exe
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11244.exe
9⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3125.exe
10⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63351.exe
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
11⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
10⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
8⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
7⤵
- Program crash
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
6⤵
- Program crash
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
5⤵
- Program crash
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36994.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21843.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31995.exe
7⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63920.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64001.exe
9⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13221.exe
10⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4215.exe
11⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62391.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
12⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
11⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 236
10⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27334.exe
7⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30561.exe
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
9⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15201.exe
10⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37534.exe
11⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 216
11⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
9⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
8⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 220
7⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
6⤵
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61672.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20210.exe
7⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4240.exe
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32459.exe
10⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
11⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18593.exe
12⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
11⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
10⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
9⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60282.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46622.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65432.exe
9⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
10⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57456.exe
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 220
11⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 216
10⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
8⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
7⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30001.exe
6⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47091.exe
7⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1282.exe
8⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64078.exe
9⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62788.exe
10⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7861.exe
11⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
11⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
10⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
9⤵
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
8⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
7⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
6⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
5⤵
- Program crash
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33464.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33214.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5803.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
7⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58917.exe
7⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8692.exe
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44166.exe
9⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41574.exe
10⤵
PID:9408

C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32708.exe
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9408 -s 216
11⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
10⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
9⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
7⤵
- Program crash
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13857.exe
6⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17107.exe
7⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14271.exe
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16040.exe
9⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41221.exe
10⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26813.exe
11⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
10⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
9⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
8⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
7⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 220
6⤵
- Program crash
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
5⤵
- Executes dropped EXE
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52882.exe
6⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19738.exe
7⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
8⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33518.exe
9⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
10⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32428.exe
11⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 220
11⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
10⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
9⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
8⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
7⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32544.exe
6⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58397.exe
7⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51904.exe
8⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12124.exe
9⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
10⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 220
10⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
9⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
8⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
7⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
5⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 240
4⤵
- Program crash
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
2⤵
- Program crash
PID:2632

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
Filesize
184KB

MD5
7ff67b2440d8aad86c877c638d5dd039

SHA1
dcf6937057ff891744163cc28ca87e85de09bb06

SHA256
a68dc2709bcd9945183b4a7bdf9928cd750044c3940e203e9e55ce1c27477bc2

SHA512
69e40a701e2993c8ac9bd5c249f09dd2fe26c40e8d6d7a52c61cec6f11151f29fc59a0d085288cd0e9a719b2f3c87466da1ea1e8d83d2077c4b7fc37528ded57

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15104.exe
Filesize
184KB

MD5
fa87dcfa98afba1ab5a0d0f0bb261c4a

SHA1
fd88d7a14cba651379e9cf0d8575923995972f52

SHA256
c25a7a6bb940be642c864c840d42c25868788b87c676b942a2a44308b93117f7

SHA512
dc1902ff1e6e07194284af7c963448654a3deda1a7b8fe8dfcbb54dd8b4f59697e2852420ef0afd86f741d304b06ba32f41db83c9453d3dfe0d0dde05220a98d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16180.exe
Filesize
184KB

MD5
f188100b5eab5cdce69bfce260c37ff3

SHA1
31c05449bbc13abdc1760f1f74d9aee2158e0045

SHA256
0f7841108b8c67b3110f9f84f7e5d8a7934f8170fcd1c25aee01a0f03b74c8ca

SHA512
421dddbd8b77a3fc373fcfc32ec12b8de19f4561e8a7670a30352b0422967edb94f665018bff93ac86683c3b346b92c6033b5e62cff90e87063966b192956b08

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3329.exe
Filesize
184KB

MD5
75140b2b1f8e6809de61c68b506fd81b

SHA1
d65d0fc4a4f161da25dda9884cdb99e16cb3d027

SHA256
98c84219369e520a9fdd691384ec9645609001d8f079f92daf95b0f540946020

SHA512
4292e1d4da56fb738fc6bd7229348a28f5dbab9bc31570b94b6104cb7bdd727794c70c6950c38662bd93cf0225b93f6ea5f9fd4126436cbbc2480cb6caee01b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
Filesize
184KB

MD5
2a2500cc9ee9538b67ace4182a609bfe

SHA1
7e245ae8a70e9b06325253da14516e7c16da8150

SHA256
f790704da06634724b2421b9f8142c3a49bf2c3b910c8da665ea87f6d4d1da05

SHA512
f5ce77e599a9c467ab41ac4398b85148867a5c1a5e175aee547f239da820998878d6994d64b849dd3a41655f3c08c68a6ba26a3ef93c0666859616702a33aab5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37375.exe
Filesize
184KB

MD5
3c15d3a99b2283c5c94a2f70680c7516

SHA1
0f990f81bbe02e10cee5c99108e4d2467660481e

SHA256
1d5a2a15b93831a70655bcb17f2f2bc1a70c792ce030374ad859f93c5ecf0145

SHA512
7486b204e598d2e6ba5d4f86b10d96dcda9338e7a7efd7edf46ee3c9047780b1f400c0e286ae97eba5cfcf6f3f1c5f07da2c24edb55d5492da9d5af177210c12

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39032.exe
Filesize
184KB

MD5
2942f5d7b17ae7dce206c00ff440cc73

SHA1
9f34be8f29c557bf1948ac56664b05d75aa65ba2

SHA256
a4298664249350a32af5f35518c89edfe100b71ae4fabac27c47b985e08d684a

SHA512
c5fb0417aa2ec9bddb5415fe59d46e203a208f5d7155031514487ebee5eb7d247097783ddea8700eb590b576b3c0755a207aec203ad1b108d69e0fa4058b6550

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
Filesize
184KB

MD5
2306485fbfececf2aadcb53221d5dc80

SHA1
5afee0660ee8f9300cec0d0cf001c9f4b260328a

SHA256
b6f3430201c85e440ac61c77aed6e8915e298eca494525d5103f5181a7016894

SHA512
80d3afed6d35cfa30c6fcfd10db47997447e0ff762b5e0fd12653d681497d97e40b213051950c3b6a5e0d16ef3a7a5d252845d5b4be4b57c19d278aaa8de7de6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55813.exe
Filesize
184KB

MD5
720d3c157dbe53a0fee31a24a8057643

SHA1
d0fab6796dbc8e8cadcd25acbc76a98d760d694e

SHA256
75daf45448a3337f4af996bead3220476fd9cd60e00480bc34d445cc46cd62f4

SHA512
a37723a419e042f72bdd813144ffc8de222b3756fc4807149cb026ee659c1bf210f5ffeae1d366d8cad4c85532f434383b9ae30a1508c566ca1cf59900a456fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5611.exe
Filesize
184KB

MD5
5413e561bd29bc1a5e7f2d413e7a2def

SHA1
e38a43ad17335f9b3c2f920e0d87a2566a4a1a9e

SHA256
a509f059b866f0b97d7ffd12cb5e8832004d5cfdf81528186098b1d7630505d8

SHA512
c4dcd469e8b461dda7e6adce8a39b1212d0cc706a7ca51af587195bdc7d29170489f3db742ac55054fa943efa5a83c6c61bcdb7a84a09b0e7273fe2af77a0735

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6027.exe
Filesize
184KB

MD5
e5080b455d759d19730062f7b0d3c818

SHA1
d5069ced28fa99973fc4fe0f04e2a6c845a8aaf5

SHA256
fc4dfbe778f2db4e47a16e968de443244f4436dc302688e7ca6a883033208210

SHA512
b3806b1d92ee724b539ff4e3464b547fad2f27d4f30bace7e53e389f11b8de63f93523204fbb7e3bdae2cd600944f1f84683be52e1c4a6a3c71973a9cd6750c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
Filesize
184KB

MD5
37af80e45dbcaf616cd4abbfaf2b2b7f

SHA1
95f4a4c485e5193d456c8dd5a8c4f50d2ba2297a

SHA256
d3348dfbf6e7075d24ab921071592a266edc25f20ccc45e7ccb34c2f1f478952

SHA512
933a322bb325f6bdf0e370e397beaf632739e58bb9b32ccf1e9453fcf0aa4bec09693b5d9d96e69407c63ef16f7e224b1c05a16e691321e13d5e531eb88c5ed1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
Filesize
184KB

MD5
38d3842c87079f4ddf07bf6753d211e8

SHA1
f540761addbe29d5473e16722761775ad69fb8e1

SHA256
a7bb6ff977aea5346ffe6724b789fbf62872fc2be8a099285692ad113c176535

SHA512
8f82ffe8265422494dcb8d7c5e492e0117284fd2e1e83ed5304067c0711132c33955e5369d809e5d49da7d4bdbddeb5b60e0dc604302f032aac1da9f29758b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
Filesize
184KB

MD5
fbd3d1fd0f0aeca9c91bb34b8fae4ea6

SHA1
b394bc7cf86f2bfb0e5160492a10c5f87cd15148

SHA256
ea471327ed9b5dafad3d7624bd54058d932d15a6411b5f67b88b7717c9bda203

SHA512
5a8ee00ce717c2f97e3ab7739391569e1fb3dcf77fd5875f8b3aa624dfd9611d1d94c8652729fed93b6aa9d4401e70a279ebc45e13a291d8b452de593be1bc69

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10143.exe
Filesize
184KB

MD5
ace9d38d6c51997ce6a80492ba0e2b9e

SHA1
b023db719f389a8267378fdda941868991242adf

SHA256
921718c3ed84a00ea749cf06e0e31f89cb144afd96646a309cc95c0c489835eb

SHA512
9384bf317f712b35e4ab88e9ece47c442ecfc6d85b2f70e9fe0b678e87cc5b3b03664934e8b02698029b4505c0d2f160164a86c5d965fa7cf79f4785bf0f8757

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20853.exe
Filesize
184KB

MD5
5ef73044c0ea1767178d07e4deb64a12

SHA1
521e3df03ea81be8f34d4aaba579ecc5abbf5437

SHA256
20b5e2d3f750ea53f13418fe3ee89fc1d64c14b8db84939a931d0adae3b649bc

SHA512
9a9a5de55f4fc242765684e446a194950d372a323232eb07d0f923981b506914a3169d788fa1c24ffbbcac56cdd58a1bacee85a37127097ad334c4a637a2b3af

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24383.exe
Filesize
184KB

MD5
c69b3f9ee7c32d9f35d128d17fb2e019

SHA1
f0df905353daeda79b6086356136177c65701406

SHA256
f61204459140bfa1635c32a59af8125b248a55cf2c029cbe489ee53b1b84dd2f

SHA512
fe5e26a4095b54d5a769b2ce038fdba576ce087fd4ddb32c6991b4ee37a4f3d2d2b7df38337037ea1d049dddbeded2c185dcdd8ed66504f30333e6ff270be8f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26653.exe
Filesize
184KB

MD5
8c73d15ef6834972d6272f5ddae3c677

SHA1
5144f10171af981f9a71dcf189b5bf2db6ddf29a

SHA256
7226ce39087864cbded79a21b6f0d48b82f21b53a6da8fdb99ee4d7290cda6e8

SHA512
01d9aa50387265c530e7de8302f54044896bfe36306cbbc24d3646508f3c32f3c31fcb70dac1b9520b71702a7dceaca39b6dd0170aa8baa3adc8701fdc9079dc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2795.exe
Filesize
184KB

MD5
f75d747782bfbf5aa4ddd6f14eed65af

SHA1
94f5930cf95cab0ed9cd1a862e967959c993df59

SHA256
2b081e3856880045135c370513be19de78a124909bcac4d909446707cada8707

SHA512
b8212ec60589fbadab0ab6219f5b1ca7a16fa77471d8d80742068bfdb98e03173d5c70655e6786c2e5e4addd3c8c43cf382dd8b931b6baf403ff3c94abfbbede

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39286.exe
Filesize
184KB

MD5
f696eeedeba34f10826217975657e107

SHA1
6cb7e044c033f11006a113b13897be2516317cd3

SHA256
4949c69bc5af7c8196bbebb3fc139efc9c7a338c18371dd5b176ecb677cfbf18

SHA512
68db4a6b8076f901a46cb312043e2a06eee6ce1558146730f28317260e7cb28ee91b85dd1fbef28cb16d47783cd5c55a2e4d9e455e40dda5577fdb7f53b4c554

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
Filesize
184KB

MD5
8cd2bae1c8e5f90f5dade6b32cc4be9a

SHA1
2b8088de97c6b9f664695c51fb9069bcb77bb9c9

SHA256
97c8c1775f962a8ed72538e7bd8f0988db4c96bd58b587eb3704a825ba68aa60

SHA512
215c0f414cf2be39fc8dd663ee6332ae5ec432197030b6b4f73588ffa2555726400dcccea1c997b753007ff3a17d04eb0bcdb599c7821f05c24dd8f60316bece

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50735.exe
Filesize
184KB

MD5
76a670b379cc4e23f7db0d424b921119

SHA1
dd78950c3c3687a61e5d129f2427633e9c793cf0

SHA256
2ec65862fd92a1552035cafd654c89b958a35dac4851b0856b08e78abb7c33c4

SHA512
7f36ac0ac81263c8c16ca598fbceac73f5136ee85c6312c48ea4201b5a94430a8e8076e8183b738bb8025cc662eabe926a46523654200b63f5d2ad5490481e4c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55815.exe
Filesize
184KB

MD5
0878c9e8cf9c479a91c67fa8efe4af30

SHA1
95cd4e1a975caad636ac0a271f59dbfeb0d594e1

SHA256
47f8297d3849b21ea299dafcc97b7a5f7f9df28b6cd1276f9726739892461ecc

SHA512
5cfdeb4a1d215af1b42251e8425df346a38dc511000c97e4350c64f40e20719d817726dcf5085ba3aa6088c64a0c29973f71c379892a1742758cdeb935e5b244

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64803.exe
Filesize
184KB

MD5
51135686609355095a76801d4f873e5e

SHA1
453831502813415641bbf81ff749e93f9e7b0fb1

SHA256
c6bbfbb1361372fdb9c2c70d004c8121139dc5365412e953f28ad61f08dcde75

SHA512
a9cf3f69fa72f0e52288a2759260938745031e1830e48e920fbc783c4d46666d25d39dc5612bdc3e4f408617e956016f9fb7766a2b48089bc17f28e049b4b312

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads