66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:39

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
Size

184KB
MD5

e2c25c5a68d7e0f4371e9aae977cae92
SHA1

8620375f3a2561152ea6be2d5665674bb412a096
SHA256

66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a
SHA512

5c659f9db89f25ba7761cf0dd18422981d236350ca9a9689d83d34cddc0ce577d128458ce94a265d0ce702be46eaa3a8bd60401cdd48caabb51a052e61eaa655
SSDEEP

3072:h2b3axoTKUODdj4WrpDVRKsLhGnViFsn3:h2wog5j4yVYsLhGnViFs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-20656.exeUnicorn-44174.exeUnicorn-55035.exeUnicorn-22445.exeUnicorn-11584.exeUnicorn-7500.exeUnicorn-32088.exeUnicorn-8138.exeUnicorn-42948.exeUnicorn-62814.exeUnicorn-23920.exeUnicorn-32424.exeUnicorn-52290.exeUnicorn-27786.exeUnicorn-27786.exeUnicorn-3836.exeUnicorn-54428.exeUnicorn-65097.exeUnicorn-50152.exeUnicorn-38139.exeUnicorn-3328.exeUnicorn-49000.exeUnicorn-62643.exeUnicorn-62643.exeUnicorn-38693.exeUnicorn-19473.exeUnicorn-30333.exeUnicorn-46115.exeUnicorn-46115.exeUnicorn-46115.exeUnicorn-22165.exeUnicorn-61849.exeUnicorn-7173.exeUnicorn-32000.exeUnicorn-32000.exeUnicorn-25455.exeUnicorn-56504.exeUnicorn-17610.exeUnicorn-16026.exeUnicorn-50282.exeUnicorn-15471.exeUnicorn-22824.exeUnicorn-7879.exeUnicorn-38606.exeUnicorn-14656.exeUnicorn-14656.exeUnicorn-65248.exeUnicorn-65248.exeUnicorn-41298.exeUnicorn-26354.exeUnicorn-57656.exeUnicorn-22846.exeUnicorn-18762.exeUnicorn-29622.exeUnicorn-56073.exeUnicorn-41128.exeUnicorn-6317.exeUnicorn-47905.exeUnicorn-59602.exeUnicorn-4926.exeUnicorn-55518.exeUnicorn-842.exeUnicorn-51434.exeUnicorn-863.exe

pid	process
2100	Unicorn-20656.exe
2600	Unicorn-44174.exe
2716	Unicorn-55035.exe
2836	Unicorn-22445.exe
2728	Unicorn-11584.exe
2464	Unicorn-7500.exe
2700	Unicorn-32088.exe
2804	Unicorn-8138.exe
1584	Unicorn-42948.exe
1760	Unicorn-62814.exe
2116	Unicorn-23920.exe
2092	Unicorn-32424.exe
2856	Unicorn-52290.exe
1864	Unicorn-27786.exe
1708	Unicorn-27786.exe
2552	Unicorn-3836.exe
2892	Unicorn-54428.exe
1056	Unicorn-65097.exe
2824	Unicorn-50152.exe
444	Unicorn-38139.exe
1824	Unicorn-3328.exe
1856	Unicorn-49000.exe
1820	Unicorn-62643.exe
748	Unicorn-62643.exe
752	Unicorn-38693.exe
2296	Unicorn-19473.exe
3020	Unicorn-30333.exe
940	Unicorn-46115.exe
2220	Unicorn-46115.exe
2156	Unicorn-46115.exe
1816	Unicorn-22165.exe
1532	Unicorn-61849.exe
2860	Unicorn-7173.exe
2660	Unicorn-32000.exe
2612	Unicorn-32000.exe
2740	Unicorn-25455.exe
1936	Unicorn-56504.exe
2724	Unicorn-17610.exe
2592	Unicorn-16026.exe
2960	Unicorn-50282.exe
2976	Unicorn-15471.exe
2704	Unicorn-22824.exe
1500	Unicorn-7879.exe
468	Unicorn-38606.exe
348	Unicorn-14656.exe
2696	Unicorn-14656.exe
1784	Unicorn-65248.exe
1312	Unicorn-65248.exe
1340	Unicorn-41298.exe
1196	Unicorn-26354.exe
1812	Unicorn-57656.exe
1652	Unicorn-22846.exe
1144	Unicorn-18762.exe
1248	Unicorn-29622.exe
1240	Unicorn-56073.exe
1576	Unicorn-41128.exe
744	Unicorn-6317.exe
1712	Unicorn-47905.exe
1740	Unicorn-59602.exe
1320	Unicorn-4926.exe
1900	Unicorn-55518.exe
880	Unicorn-842.exe
1980	Unicorn-51434.exe
2580	Unicorn-863.exe

Loads dropped DLL 64 IoCs

Processes:

66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exeUnicorn-20656.exeUnicorn-44174.exeUnicorn-55035.exeWerFault.exeUnicorn-11584.exeUnicorn-7500.exeUnicorn-22445.exeWerFault.exeWerFault.exeUnicorn-32088.exeUnicorn-42948.exeUnicorn-62814.exeUnicorn-23920.exeUnicorn-8138.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
2100	Unicorn-20656.exe
2100	Unicorn-20656.exe
1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
2600	Unicorn-44174.exe
2100	Unicorn-20656.exe
2100	Unicorn-20656.exe
2600	Unicorn-44174.exe
2716	Unicorn-55035.exe
2716	Unicorn-55035.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
884	WerFault.exe
2728	Unicorn-11584.exe
2728	Unicorn-11584.exe
2716	Unicorn-55035.exe
2600	Unicorn-44174.exe
2716	Unicorn-55035.exe
2600	Unicorn-44174.exe
2464	Unicorn-7500.exe
2464	Unicorn-7500.exe
2836	Unicorn-22445.exe
2836	Unicorn-22445.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
616	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
616	WerFault.exe
2728	Unicorn-11584.exe
2728	Unicorn-11584.exe
2700	Unicorn-32088.exe
2700	Unicorn-32088.exe
1584	Unicorn-42948.exe
1760	Unicorn-62814.exe
1584	Unicorn-42948.exe
1760	Unicorn-62814.exe
2464	Unicorn-7500.exe
2464	Unicorn-7500.exe
2116	Unicorn-23920.exe
2116	Unicorn-23920.exe
2836	Unicorn-22445.exe
2836	Unicorn-22445.exe
2804	Unicorn-8138.exe
2804	Unicorn-8138.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
2452	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
2452	WerFault.exe
1096	WerFault.exe
3040	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2788	1732	WerFault.exe	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
884	2100	WerFault.exe	Unicorn-20656.exe
616	2600	WerFault.exe	Unicorn-44174.exe
2344	2716	WerFault.exe	Unicorn-55035.exe
2452	2464	WerFault.exe	Unicorn-7500.exe
1096	2728	WerFault.exe	Unicorn-11584.exe
3040	2836	WerFault.exe	Unicorn-22445.exe
1696	2700	WerFault.exe	Unicorn-32088.exe
2084	1760	WerFault.exe	Unicorn-62814.exe
1600	1584	WerFault.exe	Unicorn-42948.exe
1496	2116	WerFault.exe	Unicorn-23920.exe
1636	2804	WerFault.exe	Unicorn-8138.exe
2020	2856	WerFault.exe	Unicorn-52290.exe
2204	2092	WerFault.exe	Unicorn-32424.exe
2932	1708	WerFault.exe	Unicorn-27786.exe
1612	1864	WerFault.exe	Unicorn-27786.exe
2284	2892	WerFault.exe	Unicorn-54428.exe
380	2552	WerFault.exe	Unicorn-3836.exe
492	1056	WerFault.exe	Unicorn-65097.exe
320	2824	WerFault.exe	Unicorn-50152.exe
2444	444	WerFault.exe	Unicorn-38139.exe
2904	1824	WerFault.exe	Unicorn-3328.exe
2548	1856	WerFault.exe	Unicorn-49000.exe
2776	1820	WerFault.exe	Unicorn-62643.exe
2316	748	WerFault.exe	Unicorn-62643.exe
2604	940	WerFault.exe	Unicorn-46115.exe
3028	752	WerFault.exe	Unicorn-38693.exe
2744	2156	WerFault.exe	Unicorn-46115.exe
2496	2296	WerFault.exe	Unicorn-19473.exe
2456	2220	WerFault.exe	Unicorn-46115.exe
2500	3020	WerFault.exe	Unicorn-30333.exe
1120	1816	WerFault.exe	Unicorn-22165.exe
3324	1340	WerFault.exe	Unicorn-41298.exe
3348	2696	WerFault.exe	Unicorn-14656.exe
3364	2704	WerFault.exe	Unicorn-22824.exe
3380	468	WerFault.exe	Unicorn-38606.exe
3412	348	WerFault.exe	Unicorn-14656.exe
3444	1784	WerFault.exe	Unicorn-65248.exe
3716	2724	WerFault.exe	Unicorn-17610.exe
3784	1500	WerFault.exe	Unicorn-7879.exe
3812	2592	WerFault.exe	Unicorn-16026.exe
4064	2860	WerFault.exe	Unicorn-7173.exe
3092	1196	WerFault.exe	Unicorn-26354.exe
3200	1936	WerFault.exe	Unicorn-56504.exe
3272	1652	WerFault.exe	Unicorn-22846.exe
3524	1144	WerFault.exe	Unicorn-18762.exe
3608	1532	WerFault.exe	Unicorn-61849.exe
3624	2844	WerFault.exe	Unicorn-42450.exe
3676	1248	WerFault.exe	Unicorn-29622.exe
3604	2660	WerFault.exe	Unicorn-32000.exe
3764	744	WerFault.exe	Unicorn-6317.exe
3792	1900	WerFault.exe	Unicorn-55518.exe
3772	2960	WerFault.exe	Unicorn-50282.exe
3880	1756	WerFault.exe	Unicorn-1418.exe
3924	2580	WerFault.exe	Unicorn-863.exe
3960	1812	WerFault.exe	Unicorn-57656.exe
3968	1312	WerFault.exe	Unicorn-65248.exe
3976	1712	WerFault.exe	Unicorn-47905.exe
3168	1576	WerFault.exe	Unicorn-41128.exe
3208	1980	WerFault.exe	Unicorn-51434.exe
3228	880	WerFault.exe	Unicorn-842.exe
3316	1740	WerFault.exe	Unicorn-59602.exe
3656	3000	WerFault.exe	Unicorn-25368.exe
3952	2060	WerFault.exe	Unicorn-58040.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exeUnicorn-20656.exeUnicorn-44174.exeUnicorn-55035.exeUnicorn-11584.exeUnicorn-22445.exeUnicorn-7500.exeUnicorn-32088.exeUnicorn-8138.exeUnicorn-42948.exeUnicorn-62814.exeUnicorn-23920.exeUnicorn-52290.exeUnicorn-32424.exeUnicorn-27786.exeUnicorn-27786.exeUnicorn-3836.exeUnicorn-54428.exeUnicorn-50152.exeUnicorn-65097.exeUnicorn-38139.exeUnicorn-3328.exeUnicorn-49000.exeUnicorn-62643.exeUnicorn-62643.exeUnicorn-38693.exeUnicorn-19473.exeUnicorn-46115.exeUnicorn-46115.exeUnicorn-30333.exeUnicorn-46115.exeUnicorn-22165.exeUnicorn-7173.exeUnicorn-61849.exeUnicorn-32000.exeUnicorn-32000.exeUnicorn-25455.exeUnicorn-56504.exeUnicorn-17610.exeUnicorn-16026.exeUnicorn-50282.exeUnicorn-15471.exeUnicorn-7879.exeUnicorn-22824.exeUnicorn-14656.exeUnicorn-65248.exeUnicorn-38606.exeUnicorn-65248.exeUnicorn-41298.exeUnicorn-14656.exeUnicorn-26354.exeUnicorn-57656.exeUnicorn-22846.exeUnicorn-18762.exeUnicorn-29622.exeUnicorn-56073.exeUnicorn-41128.exeUnicorn-6317.exeUnicorn-47905.exeUnicorn-59602.exeUnicorn-4926.exeUnicorn-842.exeUnicorn-55518.exeUnicorn-51434.exe

pid	process
1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
2100	Unicorn-20656.exe
2600	Unicorn-44174.exe
2716	Unicorn-55035.exe
2728	Unicorn-11584.exe
2836	Unicorn-22445.exe
2464	Unicorn-7500.exe
2700	Unicorn-32088.exe
2804	Unicorn-8138.exe
1584	Unicorn-42948.exe
1760	Unicorn-62814.exe
2116	Unicorn-23920.exe
2856	Unicorn-52290.exe
2092	Unicorn-32424.exe
1708	Unicorn-27786.exe
1864	Unicorn-27786.exe
2552	Unicorn-3836.exe
2892	Unicorn-54428.exe
2824	Unicorn-50152.exe
1056	Unicorn-65097.exe
444	Unicorn-38139.exe
1824	Unicorn-3328.exe
1856	Unicorn-49000.exe
748	Unicorn-62643.exe
1820	Unicorn-62643.exe
752	Unicorn-38693.exe
2296	Unicorn-19473.exe
940	Unicorn-46115.exe
2156	Unicorn-46115.exe
3020	Unicorn-30333.exe
2220	Unicorn-46115.exe
1816	Unicorn-22165.exe
2860	Unicorn-7173.exe
1532	Unicorn-61849.exe
2660	Unicorn-32000.exe
2612	Unicorn-32000.exe
2740	Unicorn-25455.exe
1936	Unicorn-56504.exe
2724	Unicorn-17610.exe
2592	Unicorn-16026.exe
2960	Unicorn-50282.exe
2976	Unicorn-15471.exe
1500	Unicorn-7879.exe
2704	Unicorn-22824.exe
348	Unicorn-14656.exe
1784	Unicorn-65248.exe
468	Unicorn-38606.exe
1312	Unicorn-65248.exe
1340	Unicorn-41298.exe
2696	Unicorn-14656.exe
1196	Unicorn-26354.exe
1812	Unicorn-57656.exe
1652	Unicorn-22846.exe
1144	Unicorn-18762.exe
1248	Unicorn-29622.exe
1240	Unicorn-56073.exe
1576	Unicorn-41128.exe
744	Unicorn-6317.exe
1712	Unicorn-47905.exe
1740	Unicorn-59602.exe
1320	Unicorn-4926.exe
880	Unicorn-842.exe
1900	Unicorn-55518.exe
1980	Unicorn-51434.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exeUnicorn-20656.exeUnicorn-44174.exeUnicorn-55035.exeUnicorn-11584.exeUnicorn-7500.exeUnicorn-22445.exe

description	pid	process	target process
PID 1732 wrote to memory of 2100	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-20656.exe
PID 1732 wrote to memory of 2100	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-20656.exe
PID 1732 wrote to memory of 2100	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-20656.exe
PID 1732 wrote to memory of 2100	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-20656.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-20656.exe	Unicorn-44174.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-20656.exe	Unicorn-44174.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-20656.exe	Unicorn-44174.exe
PID 2100 wrote to memory of 2600	2100	Unicorn-20656.exe	Unicorn-44174.exe
PID 1732 wrote to memory of 2716	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-55035.exe
PID 1732 wrote to memory of 2716	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-55035.exe
PID 1732 wrote to memory of 2716	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-55035.exe
PID 1732 wrote to memory of 2716	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	Unicorn-55035.exe
PID 1732 wrote to memory of 2788	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	WerFault.exe
PID 1732 wrote to memory of 2788	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	WerFault.exe
PID 1732 wrote to memory of 2788	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	WerFault.exe
PID 1732 wrote to memory of 2788	1732	66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe	WerFault.exe
PID 2600 wrote to memory of 2728	2600	Unicorn-44174.exe	Unicorn-11584.exe
PID 2100 wrote to memory of 2836	2100	Unicorn-20656.exe	Unicorn-22445.exe
PID 2100 wrote to memory of 2836	2100	Unicorn-20656.exe	Unicorn-22445.exe
PID 2100 wrote to memory of 2836	2100	Unicorn-20656.exe	Unicorn-22445.exe
PID 2100 wrote to memory of 2836	2100	Unicorn-20656.exe	Unicorn-22445.exe
PID 2600 wrote to memory of 2728	2600	Unicorn-44174.exe	Unicorn-11584.exe
PID 2600 wrote to memory of 2728	2600	Unicorn-44174.exe	Unicorn-11584.exe
PID 2600 wrote to memory of 2728	2600	Unicorn-44174.exe	Unicorn-11584.exe
PID 2716 wrote to memory of 2464	2716	Unicorn-55035.exe	Unicorn-7500.exe
PID 2716 wrote to memory of 2464	2716	Unicorn-55035.exe	Unicorn-7500.exe
PID 2716 wrote to memory of 2464	2716	Unicorn-55035.exe	Unicorn-7500.exe
PID 2716 wrote to memory of 2464	2716	Unicorn-55035.exe	Unicorn-7500.exe
PID 2100 wrote to memory of 884	2100	Unicorn-20656.exe	WerFault.exe
PID 2100 wrote to memory of 884	2100	Unicorn-20656.exe	WerFault.exe
PID 2100 wrote to memory of 884	2100	Unicorn-20656.exe	WerFault.exe
PID 2100 wrote to memory of 884	2100	Unicorn-20656.exe	WerFault.exe
PID 2728 wrote to memory of 2700	2728	Unicorn-11584.exe	Unicorn-32088.exe
PID 2728 wrote to memory of 2700	2728	Unicorn-11584.exe	Unicorn-32088.exe
PID 2728 wrote to memory of 2700	2728	Unicorn-11584.exe	Unicorn-32088.exe
PID 2728 wrote to memory of 2700	2728	Unicorn-11584.exe	Unicorn-32088.exe
PID 2716 wrote to memory of 2804	2716	Unicorn-55035.exe	Unicorn-8138.exe
PID 2716 wrote to memory of 2804	2716	Unicorn-55035.exe	Unicorn-8138.exe
PID 2716 wrote to memory of 2804	2716	Unicorn-55035.exe	Unicorn-8138.exe
PID 2716 wrote to memory of 2804	2716	Unicorn-55035.exe	Unicorn-8138.exe
PID 2600 wrote to memory of 1584	2600	Unicorn-44174.exe	Unicorn-42948.exe
PID 2600 wrote to memory of 1584	2600	Unicorn-44174.exe	Unicorn-42948.exe
PID 2600 wrote to memory of 1584	2600	Unicorn-44174.exe	Unicorn-42948.exe
PID 2600 wrote to memory of 1584	2600	Unicorn-44174.exe	Unicorn-42948.exe
PID 2464 wrote to memory of 1760	2464	Unicorn-7500.exe	Unicorn-62814.exe
PID 2464 wrote to memory of 1760	2464	Unicorn-7500.exe	Unicorn-62814.exe
PID 2464 wrote to memory of 1760	2464	Unicorn-7500.exe	Unicorn-62814.exe
PID 2464 wrote to memory of 1760	2464	Unicorn-7500.exe	Unicorn-62814.exe
PID 2836 wrote to memory of 2116	2836	Unicorn-22445.exe	Unicorn-23920.exe
PID 2836 wrote to memory of 2116	2836	Unicorn-22445.exe	Unicorn-23920.exe
PID 2836 wrote to memory of 2116	2836	Unicorn-22445.exe	Unicorn-23920.exe
PID 2836 wrote to memory of 2116	2836	Unicorn-22445.exe	Unicorn-23920.exe
PID 2600 wrote to memory of 616	2600	Unicorn-44174.exe	WerFault.exe
PID 2600 wrote to memory of 616	2600	Unicorn-44174.exe	WerFault.exe
PID 2600 wrote to memory of 616	2600	Unicorn-44174.exe	WerFault.exe
PID 2600 wrote to memory of 616	2600	Unicorn-44174.exe	WerFault.exe
PID 2716 wrote to memory of 2344	2716	Unicorn-55035.exe	WerFault.exe
PID 2716 wrote to memory of 2344	2716	Unicorn-55035.exe	WerFault.exe
PID 2716 wrote to memory of 2344	2716	Unicorn-55035.exe	WerFault.exe
PID 2716 wrote to memory of 2344	2716	Unicorn-55035.exe	WerFault.exe
PID 2728 wrote to memory of 2092	2728	Unicorn-11584.exe	Unicorn-32424.exe
PID 2728 wrote to memory of 2092	2728	Unicorn-11584.exe	Unicorn-32424.exe
PID 2728 wrote to memory of 2092	2728	Unicorn-11584.exe	Unicorn-32424.exe
PID 2728 wrote to memory of 2092	2728	Unicorn-11584.exe	Unicorn-32424.exe

C:\Users\Admin\AppData\Local\Temp\66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe
"C:\Users\Admin\AppData\Local\Temp\66b0429027439533f64ea3e015f4e23416199d86782f3ee5a0ef6b5f2717528a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18762.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50339.exe
10⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28980.exe
11⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6068.exe
12⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
13⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
14⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60716.exe
15⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
15⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
14⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
13⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
12⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 236
11⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
10⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22305.exe
9⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20703.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6369.exe
11⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4693.exe
12⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
13⤵
PID:10848

C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
14⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
13⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 236
12⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
10⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
9⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56073.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
9⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15825.exe
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23495.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
12⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59502.exe
13⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
13⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
12⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
11⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 216
10⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 216
9⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
8⤵
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7173.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9306.exe
9⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
10⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11112.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64501.exe
12⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28010.exe
13⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21075.exe
14⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10424 -s 216
14⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
13⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
12⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
11⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
10⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 216
9⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8491.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54091.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34673.exe
11⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48163.exe
12⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59694.exe
13⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 236
13⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 216
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 216
9⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
8⤵
- Program crash
PID:4064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
7⤵
- Program crash
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22846.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21751.exe
9⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28056.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
11⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27963.exe
12⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34533.exe
13⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46072.exe
14⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 236
14⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
13⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
12⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4106.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44133.exe
11⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55368.exe
12⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36954.exe
13⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1806.exe
14⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 216
14⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 236
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
12⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
9⤵
- Program crash
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55170.exe
8⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48476.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19032.exe
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22317.exe
11⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47662.exe
12⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58324.exe
13⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
13⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 236
12⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
11⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29622.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29919.exe
8⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27610.exe
9⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
10⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25882.exe
11⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6110.exe
12⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36892.exe
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
11⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 216
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 236
9⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 236
8⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
7⤵
- Program crash
PID:2548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
6⤵
- Program crash
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3328.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32000.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:744

C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25643.exe
9⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46769.exe
10⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61875.exe
11⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18337.exe
12⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
13⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39082.exe
14⤵
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10880 -s 236
14⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 744 -s 236
9⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24251.exe
8⤵
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29447.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45586.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
11⤵
PID:8596

C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25252.exe
12⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8596 -s 216
12⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 236
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 216
9⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
8⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
8⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55321.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63437.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56463.exe
11⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63671.exe
12⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8962.exe
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
9⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
8⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 220
7⤵
- Program crash
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25455.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46831.exe
8⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47345.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37780.exe
10⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
11⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19842.exe
12⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26119.exe
13⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 216
13⤵
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
12⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 236
11⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 216
9⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
7⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46551.exe
8⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32239.exe
9⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34149.exe
10⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
11⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
11⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 236
10⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
8⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
7⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
6⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56504.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59602.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
9⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65435.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42825.exe
11⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21461.exe
12⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51995.exe
13⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26669.exe
14⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
13⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
12⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
11⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
10⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
9⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32995.exe
8⤵
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20475.exe
11⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19466.exe
12⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33628.exe
13⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 236
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 220
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
11⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
9⤵
PID:5236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54999.exe
8⤵
PID:1204

C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15440.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52384.exe
10⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
11⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 236
12⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
11⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 236
10⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1204 -s 216
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
8⤵
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
7⤵
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-16026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16026.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42747.exe
8⤵
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22265.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
10⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39525.exe
11⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 236
12⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 236
9⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
8⤵
- Program crash
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59789.exe
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-230.exe
9⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42457.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
11⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
11⤵
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
10⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
9⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
7⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
6⤵
- Program crash
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38693.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15471.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25368.exe
7⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18051.exe
8⤵
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47729.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14667.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-801.exe
11⤵
PID:8028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63863.exe
12⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59886.exe
13⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8028 -s 220
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 236
11⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
9⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
8⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42083.exe
8⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7459.exe
9⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
10⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-56030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56030.exe
11⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52865.exe
12⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
10⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
9⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
8⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1418.exe
6⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48201.exe
7⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51429.exe
8⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
10⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
11⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21376.exe
12⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 236
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 236
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 236
10⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
9⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
8⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
7⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
6⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
5⤵
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54428.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38606.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
8⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8574.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14345.exe
10⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42820.exe
11⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30532.exe
12⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26202.exe
13⤵
PID:5524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 236
12⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
10⤵
PID:6508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55554.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15991.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34050.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56079.exe
12⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17671.exe
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
9⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25922.exe
7⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36333.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27034.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11714.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29966.exe
11⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53173.exe
12⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54624.exe
13⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 236
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1901.exe
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19385.exe
10⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
11⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
12⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 236
12⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
11⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
10⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 220
8⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
7⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19146.exe
7⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56753.exe
8⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16920.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53323.exe
10⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9545.exe
11⤵
PID:7444

C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51035.exe
12⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
13⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7444 -s 220
12⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
11⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 216
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7168.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6063.exe
10⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2218.exe
11⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15101.exe
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
11⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20551.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20428.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14044.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3131.exe
10⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
11⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
11⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
7⤵
- Program crash
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
6⤵
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30333.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31398.exe
7⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48585.exe
8⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38549.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4117.exe
11⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12825.exe
12⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20416.exe
13⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
13⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 216
12⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
10⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57931.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61107.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17979.exe
11⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50623.exe
12⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
12⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
10⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
9⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 220
8⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
7⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1600.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23215.exe
11⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
12⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 236
12⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 220
11⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
9⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
6⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-32903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32903.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47397.exe
10⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60874.exe
11⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52932.exe
12⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 236
12⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
11⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
10⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31179.exe
7⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32711.exe
8⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60199.exe
9⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57641.exe
10⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12470.exe
11⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
10⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 220
9⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
8⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
7⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
6⤵
- Program crash
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
5⤵
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65097.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65248.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58040.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5798.exe
8⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65243.exe
9⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53515.exe
10⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18809.exe
11⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48238.exe
12⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15025.exe
12⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47774.exe
13⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 220
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
10⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
9⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 236
8⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43301.exe
7⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12918.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39042.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
10⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34891.exe
11⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
12⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
10⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 236
9⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 216
8⤵
PID:4916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
7⤵
- Program crash
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
6⤵
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7744.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1953.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24268.exe
9⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61678.exe
10⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4465.exe
11⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40208.exe
12⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
11⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
10⤵
PID:8864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35372.exe
7⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-13852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13852.exe
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36380.exe
9⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63624.exe
9⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35226.exe
10⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29923.exe
11⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 220
10⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 220
9⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
8⤵
PID:6992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 220
7⤵
PID:4932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
6⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41298.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8839.exe
6⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40225.exe
7⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34086.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15004.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40703.exe
11⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33472.exe
12⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27484.exe
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 220
11⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21227.exe
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22120.exe
10⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50000.exe
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
10⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
9⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
8⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
7⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36515.exe
9⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1175.exe
10⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64629.exe
11⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
11⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
10⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
9⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
8⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
7⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47002.exe
6⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44200.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41590.exe
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15565.exe
10⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61531.exe
11⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
11⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
9⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
7⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 240
6⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
5⤵
- Program crash
PID:492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62643.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17610.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55518.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21559.exe
9⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41315.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29011.exe
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8606.exe
12⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12667.exe
13⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
13⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
12⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
11⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
9⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20167.exe
8⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8066.exe
9⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53707.exe
10⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
11⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
12⤵
PID:10400

C:\Users\Admin\AppData\Local\Temp\Unicorn-3731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3731.exe
13⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10400 -s 236
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
11⤵
PID:2272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
9⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
8⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-842.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62591.exe
8⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45591.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64195.exe
11⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37312.exe
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
12⤵
PID:912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
11⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
8⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
7⤵
- Program crash
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
6⤵
- Program crash
PID:2932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 236
5⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3836.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-863.exe
7⤵
- Executes dropped EXE
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13390.exe
8⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48087.exe
10⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13240.exe
11⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 236
12⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 236
11⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
9⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
8⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11999.exe
7⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21279.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16391.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10194.exe
11⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
10⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 216
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
7⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42450.exe
6⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7360.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8450.exe
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47293.exe
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54901.exe
10⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39743.exe
11⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9502.exe
12⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
11⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 216
10⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
9⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
7⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
6⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22824.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10785.exe
6⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52669.exe
7⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33256.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
9⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28923.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31710.exe
11⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54707.exe
12⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 216
12⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 236
10⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
8⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35948.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24159.exe
8⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44683.exe
9⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8082.exe
10⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65532.exe
11⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 236
10⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 236
9⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
8⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 220
7⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
6⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
5⤵
- Program crash
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50152.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7879.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62124.exe
7⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
8⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53183.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10536.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11406.exe
12⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24915.exe
13⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 236
9⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22689.exe
7⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38601.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39141.exe
10⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50192.exe
11⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45449.exe
12⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 220
11⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
10⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
8⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
7⤵
- Program crash
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
6⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15061.exe
6⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12015.exe
8⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35612.exe
9⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53474.exe
10⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1313.exe
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 236
10⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
9⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
8⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
7⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16467.exe
6⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18482.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
8⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59457.exe
9⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62436.exe
10⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4162.exe
11⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
11⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
10⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 236
9⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 236
8⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
7⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
6⤵
- Program crash
PID:3348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 220
5⤵
- Program crash
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22165.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27314.exe
6⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15913.exe
7⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31310.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8118.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1320.exe
11⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
12⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 220
12⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
11⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34002.exe
7⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22021.exe
8⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52524.exe
9⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16609.exe
10⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1038.exe
11⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 236
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
10⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
9⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
8⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49332.exe
6⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14480.exe
7⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56037.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55757.exe
9⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42976.exe
10⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23021.exe
11⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10456 -s 216
11⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 236
10⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
9⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
8⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
7⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
6⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34090.exe
5⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54807.exe
6⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
7⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7075.exe
8⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14636.exe
9⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29964.exe
10⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38755.exe
11⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
11⤵
PID:9180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 220
10⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
9⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
8⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
7⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
6⤵
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
5⤵
- Program crash
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
4⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
2⤵
- Program crash
PID:2788

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22445.exe
Filesize
184KB

MD5
c7a4027fece18ebc9e4fb8b0bd70c9af

SHA1
44005f7143f46693e2fce67f1477b5301fddaf84

SHA256
ca76bdd753233718369e19a84f854cd850d0ac20509b5612199d58a9779c2c13

SHA512
573b7e0ec2f9167e36569ec9dc3032c9334d50b906f92830de3e19d9964abc9dde51f637fe6ae72e7276a27e8fbfcdaf9a59fccb4a4807f948e92da728a42d80

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23920.exe
Filesize
184KB

MD5
71131557d6bbe0283d119a2cbaf17866

SHA1
afbce0fb1675858fe6d6f218f8d522b945c84590

SHA256
1cae73ad3fe785aa3eea5a239e4a90a2abd5d125cbca52fb2d080fb94f2cad97

SHA512
0d6dec8e3b6fe6232e8bde8304461422c99a4964666f53745a158bfbbdb472a5e60ed518278d3d8577eb0bd81c8d12c1a9ca4c1a47480baaeb6aed213209b637

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
Filesize
184KB

MD5
ac53268706434f6698a93af7ab738a02

SHA1
05d6ba3fca4bd80adcbb762db2204acaa721ca1f

SHA256
1cf213367eea4f610a1a257626f6eec7baa2037fab52a0d0bb9946424730c1e3

SHA512
abcbe30b1db1e719315910fc70ff0a6f7d4d80ec3ef673ad866d0a06b7351714e96e154554588d0ceab90fa52b537290dc0b1ad359b4b7834bf4d8ed6e69ee15

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
Filesize
184KB

MD5
7fcc6f39c717768acbd14ba5f2318a86

SHA1
11da0d4d7f72ffe6ec7eed97ae175678743c9f3a

SHA256
7cd97b21e6ddbc76bde8d49ebee969c3289baa21014404ac0c2d8b7f942b2e92

SHA512
6995c00c86da5676ba85b557f5c54da30c6650892e187b2f4e5fb8fca5b17f6c22e4409b6dd38f7a46d837babfe6080565f00b5beffd92cabe6fac00dd966976

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41360.exe
Filesize
184KB

MD5
66f4c2a04b7069b64085c888d666a001

SHA1
8ef962f937db314e32ea8e8e490ce221c302a0c0

SHA256
877b9aa0711e44ca604b6f1b67266dad8b49c521f687f08ba4a32a2f9f721b32

SHA512
cf2991b36b898d4b9f25a236419ca70be8ef24b830c270dfb2f1e2ff9de52d0bba06122593f3bc848d4997551602b5824c7f9d62bd00495b7287b7b80d7d6e21

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45197.exe
Filesize
184KB

MD5
607ae2704cfe604fb81aac98629040f0

SHA1
dfff9cef66d26fb99b81c1e889adc3584bdbcf84

SHA256
6fccccda0a60f642c1c7614b4f64887a32603281f2b6c19b1383dd1da16cd29b

SHA512
26176cd4057e45e997ce7b3e0198f43f9abec334d9bfad0a514082d7c7fca8898250cf02f4f134e840ff1fb7648f212a7be5b4a831381547e34749ea8cdae84c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
Filesize
184KB

MD5
b6a9c7a1300579eb041ab415d874e005

SHA1
ad4d3a51aeadd0a8a88038aa026756e3b27da21c

SHA256
e8e45afdb95e26475adf96328ee9361c61e0aa9554b878ffc24389366894f88f

SHA512
803e10fb025b5b3818b444aeccddca7eacb230269edf590ac613d3fc708490d7c7bb56efd5e9d9bf3aba96af0d781a0cb8050a7c99cbcb0fd102270067bbc2fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-62814.exe
Filesize
184KB

MD5
8ddd8aa49c722b7d64ed97f9df585067

SHA1
9f49e450bff6c64a04f6cd0080ded32234eb810d

SHA256
7bfd8d68e97be2bd8ab18d59504b45847d480571431b1f63c83b6af97c87b226

SHA512
ba8f6f26bb6a1c6bbfc724b83d98550edcb8f8b5f3535ae2637ae31329e96602851ec50244895af0cae3b5b75a19d6ccbc30397fffcaae26918250692435c696

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6317.exe
Filesize
184KB

MD5
f381d8c10bce554c0da12b5ad2f20db3

SHA1
7770d9f12e343d7fbc0fbe977efe6ff43e07bece

SHA256
e390d58e27c52c2240119e04eb210a8584c53fc9dd75de3f0c7a0f920a1ba709

SHA512
d395dac989c1b2cdfa226f310451e5887d501b2ccddb50a89b846b4744822a8dc3fb7a98e13bcfad9d4edd3874ca4237cdcbae92a916f61f7fd7150cbb17a72b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6644.exe
Filesize
184KB

MD5
43e34804f40a36b1635e738d1cdd25fd

SHA1
67d703e319280a816279e011784733d46153aa56

SHA256
3db38236a0fc9e9c0cadbf655ee2220453ea45780712ff16645809281e63dcda

SHA512
ae1b3a779b5ac521469f99b83476c795186541ecbd896cc1b4a9d951f73fd6ff80a45be8ead9ce920cf4d5ea2d923be9ace8d46dca0d3b4026928562ed07b83c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8138.exe
Filesize
184KB

MD5
2799beca32e2db271d0e9475a6646c58

SHA1
176155a27d15534a3db8381937da8dff759eecae

SHA256
dd6ceee97e12391253d25065af5a4228b5f7f124e86bf82a9902dfd89f23cd7b

SHA512
238aaea50d744d4a2ff1f4e3c1257d47da3f9e50409b4c5e6c259c1f33ab9d7d02fd856ab41460bb4376b0c6b1fa1f518698f3ebbf11eece36dba6adf14339f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9673.exe
Filesize
184KB

MD5
1a33dfa362448c68c8b2196fc23e8f1b

SHA1
a73e3926398fe257f5783360f1ff6fdee559a7a9

SHA256
37dad08a2df03f0152885197e3c69c5b1fdb39955e022d3ff590ca7ec65be082

SHA512
7e463ee22976cbc2c21eb4cf592050d6dd30ad75c6e420115076d6394e3166fc0f3f79c2fa39789c8763043435ad2d21af9f910a3a04de7565723b2319c93433

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
Filesize
184KB

MD5
6897f009d1d7eee841cb3f39847ce187

SHA1
c74071e0e761c6091ec2358b9aed4bcd2c728326

SHA256
b8110fafa2e812a07ab040af2a397d7086a41bd5f6277e55a33de6ce618ab406

SHA512
e1b8280c4f112459b684d62b98e55a629e09417e4be536fafd87628ea4fbaf5107b9bfb2f0c7026e79fba1c457b59120ecb3839339182ebbfc4a8cc04dd6d62c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20656.exe
Filesize
184KB

MD5
6e175f2f9215db045dbffe3320bda35c

SHA1
f1525f85a0e6cbc4e8dbff4856e13527cfaf4c2b

SHA256
0aec3c3f7212851e40938ec6353aecf8bb7a7a541f194537e0a281772f764b6a

SHA512
a2d681dba3d7cfe9d6cd617d422f9e1d4ca1e656beb613311b15a734aa6bb944450b310f63360e0931f26050743d7465297344fbb54ca48f9ec3747c7750d29e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32088.exe
Filesize
184KB

MD5
190845c3aa1175487ddfad82cc91df51

SHA1
58e06cdbe08d87a53892f6aa24c25c0833d9ee2e

SHA256
b2c96277ef5a74f63782a6d98f6f1f460b6f295fe5baba1c332e8c1953d52a4d

SHA512
853560eece7aa4b594e050500d328454108c6a83a073f3c83a2c050c8ce315e33e78205ba23289c9b0b2f9d113cb9f8f7db93c9d4271a83e79a49594da43aa91

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32424.exe
Filesize
184KB

MD5
6432007f8490468f8660f0efc8557d5b

SHA1
b5b5c05543aea8c4110d1cd379b26b674bc40fe5

SHA256
ac8c66f766d750a4b94e967a9bcfb0d94f9d9050651b1323b3d85a4690427469

SHA512
ca7f19a3a630efdf4601450e5f7c6d78435574abe00e1a86c21c430a379d21026dcd4fde6ad4488f40008c3da1b180afcfff870bcc653b9989dadb046b530177

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42948.exe
Filesize
184KB

MD5
d0e361aa56d53b4cd2381a06643d96fd

SHA1
d09d31a796f3663628db01eab157ed392b0f5db1

SHA256
2139b1e96c307ddc878995984aabf8b19af78edacf3d7ff626c4e4008482e5d8

SHA512
6188e48c87a273e38da634693e963b2d881a58c2045b090d04719dea0c890cd9148f88958370e9c46dbf50fadab88145356faef3f6e3c7baaca8853a80969994

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44174.exe
Filesize
184KB

MD5
af400982e54425ec456eb493818a6816

SHA1
3959897307ad0c60130c291f8b5191cabbe3487e

SHA256
750167439ed455eb964d0b29847663b5dd1712805cae5d6912a3c517e3a3a71c

SHA512
1a0583b8def0ee16653afd3b1e0a354d0010469318c3c7aa4cde13cd8d0f32e4b1ad38f558c27d0950e1e278ad267b575bdb85a3e9a7c1946b0859a91f68cb0c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52290.exe
Filesize
184KB

MD5
c71318318d83567d3e8414c08a0e0a94

SHA1
a1ff40b484a8851721518045f6b1c5e7d1ad4556

SHA256
e09f37563db0ca142087a0482fbdc72f0f5209d45ecc4ee7211d9ac54aadb7c5

SHA512
72c79b5f9304d418b84a379dc7b6cebf859ee5ebbd6733e476e1eae237f9712ffd3653096fd4fa58ff90707075a94d703be276481c501754adb773f60e6b7e50

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55035.exe
Filesize
184KB

MD5
98248326d017b07c176f82e8fc52c7d7

SHA1
c3cda7e305f4dad9dc0fb6cc6456c94d93faacdf

SHA256
8aa1cbc7c0e26292ca74d45912dae753432f4ae9b8fa5d46c3b350ea6f49aedc

SHA512
f32f873debd9da9b1d2dc273e1130e6680649df92092dd120e6f4f708a37fd5b9265733e2bd20f4e86d6f952121207e2ce56663d12032124930ede4964c05c0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
Filesize
184KB

MD5
13a40c2f57b8cf1e8337a612b40b593c

SHA1
3e087702e158f2080d88dc4a0f99f38143fe8237

SHA256
dfe886acc0d4428650ea0683310f2f2e30783e40a77bd9d4a9fb7d85cb8b4cb8

SHA512
80420a570834beaa6a4c7091c6f7e1e73c48c1eb8974f42e4f2043b6efdf8d54ddda6b11266a0d5a2bea45005804e06ece4a0380652fbf5ae3c86a01829cf04c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads