6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78

Analysis

max time kernel
149s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
Size

184KB
MD5

2fc0dac29c13ba32c8721b9262c93c87
SHA1

4e10623e9126f9fe9b303460080fb22072dcbf50
SHA256

6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78
SHA512

6c4a656d45af7f0e5d30dfdc7fb13897491e9d4f2853cda05d262dec94c74e7d1ec2cd1405ead12d559b05b0af510ac1a7f2581dd8d1df4b9e928171e7747451
SSDEEP

1536:P/Zn6jZ5tMt8o5x+tRuAWawpFM9yvZc86mddjwLR2VQetQhE5hj5nizpgK:3Q9Mt8ofwRu+4FaWe8wLRtsQhEnViFz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-20963.exeUnicorn-4673.exeUnicorn-50345.exeUnicorn-56780.exeUnicorn-40998.exeUnicorn-60864.exeUnicorn-17969.exeUnicorn-32913.exeUnicorn-65223.exeUnicorn-3770.exeUnicorn-49442.exeUnicorn-31565.exeUnicorn-33188.exeUnicorn-43324.exeUnicorn-12597.exeUnicorn-16682.exeUnicorn-31626.exeUnicorn-47408.exeUnicorn-62353.exeUnicorn-31648.exeUnicorn-46593.exeUnicorn-921.exeUnicorn-56728.exeUnicorn-10220.exeUnicorn-15888.exeUnicorn-106.exeUnicorn-54782.exeUnicorn-54782.exeUnicorn-24056.exeUnicorn-8274.exeUnicorn-4190.exeUnicorn-58866.exeUnicorn-46085.exeUnicorn-61606.exeUnicorn-15935.exeUnicorn-54829.exeUnicorn-4237.exeUnicorn-36355.exeUnicorn-51300.exeUnicorn-9712.exeUnicorn-65135.exeUnicorn-65135.exeUnicorn-14543.exeUnicorn-58721.exeUnicorn-8129.exeUnicorn-62805.exeUnicorn-12213.exeUnicorn-32079.exeUnicorn-47024.exeUnicorn-16297.exeUnicorn-36163.exeUnicorn-21171.exeUnicorn-40199.exeUnicorn-22240.exeUnicorn-38384.exeUnicorn-38384.exeUnicorn-11741.exeUnicorn-26686.exeUnicorn-15826.exeUnicorn-44.exeUnicorn-54720.exeUnicorn-4128.exeUnicorn-55467.exeUnicorn-13879.exe

pid	process
1272	Unicorn-20963.exe
2720	Unicorn-4673.exe
2524	Unicorn-50345.exe
2800	Unicorn-56780.exe
2764	Unicorn-40998.exe
2340	Unicorn-60864.exe
1644	Unicorn-17969.exe
2520	Unicorn-32913.exe
2780	Unicorn-65223.exe
2392	Unicorn-3770.exe
2204	Unicorn-49442.exe
1508	Unicorn-31565.exe
1412	Unicorn-33188.exe
1168	Unicorn-43324.exe
1948	Unicorn-12597.exe
2232	Unicorn-16682.exe
1492	Unicorn-31626.exe
1804	Unicorn-47408.exe
324	Unicorn-62353.exe
3040	Unicorn-31648.exe
2980	Unicorn-46593.exe
1768	Unicorn-921.exe
2852	Unicorn-56728.exe
1028	Unicorn-10220.exe
2096	Unicorn-15888.exe
2368	Unicorn-106.exe
568	Unicorn-54782.exe
864	Unicorn-54782.exe
1500	Unicorn-24056.exe
2332	Unicorn-8274.exe
2148	Unicorn-4190.exe
2364	Unicorn-58866.exe
772	Unicorn-46085.exe
2668	Unicorn-61606.exe
3068	Unicorn-15935.exe
2912	Unicorn-54829.exe
2456	Unicorn-4237.exe
1212	Unicorn-36355.exe
2408	Unicorn-51300.exe
2724	Unicorn-9712.exe
1576	Unicorn-65135.exe
2320	Unicorn-65135.exe
292	Unicorn-14543.exe
1972	Unicorn-58721.exe
1068	Unicorn-8129.exe
1268	Unicorn-62805.exe
1668	Unicorn-12213.exe
3028	Unicorn-32079.exe
2276	Unicorn-47024.exe
2104	Unicorn-16297.exe
2760	Unicorn-36163.exe
2952	Unicorn-21171.exe
2404	Unicorn-40199.exe
2052	Unicorn-22240.exe
332	Unicorn-38384.exe
2140	Unicorn-38384.exe
1292	Unicorn-11741.exe
1228	Unicorn-26686.exe
2388	Unicorn-15826.exe
2192	Unicorn-44.exe
2572	Unicorn-54720.exe
2640	Unicorn-4128.exe
2508	Unicorn-55467.exe
2300	Unicorn-13879.exe

Loads dropped DLL 64 IoCs

Processes:

6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exeUnicorn-20963.exeUnicorn-4673.exeUnicorn-50345.exeWerFault.exeUnicorn-56780.exeUnicorn-40998.exeUnicorn-60864.exeWerFault.exeWerFault.exeUnicorn-17969.exeUnicorn-49442.exeUnicorn-32913.exeUnicorn-3770.exeUnicorn-65223.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
1272	Unicorn-20963.exe
1272	Unicorn-20963.exe
2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
2720	Unicorn-4673.exe
2720	Unicorn-4673.exe
1272	Unicorn-20963.exe
2524	Unicorn-50345.exe
1272	Unicorn-20963.exe
2524	Unicorn-50345.exe
2888	WerFault.exe
2888	WerFault.exe
2888	WerFault.exe
2888	WerFault.exe
2888	WerFault.exe
2800	Unicorn-56780.exe
2800	Unicorn-56780.exe
2720	Unicorn-4673.exe
2720	Unicorn-4673.exe
2764	Unicorn-40998.exe
2764	Unicorn-40998.exe
2524	Unicorn-50345.exe
2340	Unicorn-60864.exe
2524	Unicorn-50345.exe
2340	Unicorn-60864.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2312	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2312	WerFault.exe
1644	Unicorn-17969.exe
1644	Unicorn-17969.exe
2800	Unicorn-56780.exe
2800	Unicorn-56780.exe
2204	Unicorn-49442.exe
2204	Unicorn-49442.exe
2520	Unicorn-32913.exe
2520	Unicorn-32913.exe
2392	Unicorn-3770.exe
2780	Unicorn-65223.exe
2780	Unicorn-65223.exe
2392	Unicorn-3770.exe
2340	Unicorn-60864.exe
2340	Unicorn-60864.exe
2764	Unicorn-40998.exe
2764	Unicorn-40998.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
1096	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
2248	WerFault.exe
852	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2588	2040	WerFault.exe	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
2888	1272	WerFault.exe	Unicorn-20963.exe
2312	2720	WerFault.exe	Unicorn-4673.exe
2324	2524	WerFault.exe	Unicorn-50345.exe
1096	2800	WerFault.exe	Unicorn-56780.exe
2248	2764	WerFault.exe	Unicorn-40998.exe
852	2340	WerFault.exe	Unicorn-60864.exe
2008	1644	WerFault.exe	Unicorn-17969.exe
1636	2204	WerFault.exe	Unicorn-49442.exe
2908	2520	WerFault.exe	Unicorn-32913.exe
2648	2780	WerFault.exe	Unicorn-65223.exe
2984	2392	WerFault.exe	Unicorn-3770.exe
684	1508	WerFault.exe	Unicorn-31565.exe
1044	1412	WerFault.exe	Unicorn-33188.exe
1776	1168	WerFault.exe	Unicorn-43324.exe
1164	1804	WerFault.exe	Unicorn-47408.exe
1340	2232	WerFault.exe	Unicorn-16682.exe
1332	324	WerFault.exe	Unicorn-62353.exe
1828	1492	WerFault.exe	Unicorn-31626.exe
1060	1948	WerFault.exe	Unicorn-12597.exe
1744	3040	WerFault.exe	Unicorn-31648.exe
2576	2980	WerFault.exe	Unicorn-46593.exe
2592	1768	WerFault.exe	Unicorn-921.exe
2624	2852	WerFault.exe	Unicorn-56728.exe
1632	1028	WerFault.exe	Unicorn-10220.exe
1984	2368	WerFault.exe	Unicorn-106.exe
1980	2096	WerFault.exe	Unicorn-15888.exe
2680	1500	WerFault.exe	Unicorn-24056.exe
2828	2332	WerFault.exe	Unicorn-8274.exe
2816	864	WerFault.exe	Unicorn-54782.exe
1856	2148	WerFault.exe	Unicorn-4190.exe
2860	2364	WerFault.exe	Unicorn-58866.exe
1020	568	WerFault.exe	Unicorn-54782.exe
3520	772	WerFault.exe	Unicorn-46085.exe
3704	2668	WerFault.exe	Unicorn-61606.exe
3752	2456	WerFault.exe	Unicorn-4237.exe
3744	2408	WerFault.exe	Unicorn-51300.exe
3784	3068	WerFault.exe	Unicorn-15935.exe
3896	292	WerFault.exe	Unicorn-14543.exe
3928	1668	WerFault.exe	Unicorn-12213.exe
3920	2760	WerFault.exe	Unicorn-36163.exe
3936	1972	WerFault.exe	Unicorn-58721.exe
3956	1268	WerFault.exe	Unicorn-62805.exe
3984	1068	WerFault.exe	Unicorn-8129.exe
4000	2104	WerFault.exe	Unicorn-16297.exe
4092	2276	WerFault.exe	Unicorn-47024.exe
3484	3028	WerFault.exe	Unicorn-32079.exe
3236	1212	WerFault.exe	Unicorn-36355.exe
3600	2912	WerFault.exe	Unicorn-54829.exe
3192	2724	WerFault.exe	Unicorn-9712.exe
3588	2320	WerFault.exe	Unicorn-65135.exe
3644	2572	WerFault.exe	Unicorn-54720.exe
3684	2388	WerFault.exe	Unicorn-15826.exe
3992	2152	WerFault.exe	Unicorn-57989.exe
4080	2200	WerFault.exe	Unicorn-30216.exe
4084	276	WerFault.exe	Unicorn-49821.exe
3252	1924	WerFault.exe	Unicorn-41076.exe
3224	2640	WerFault.exe	Unicorn-4128.exe
3284	1576	WerFault.exe	Unicorn-65135.exe
3304	2508	WerFault.exe	Unicorn-55467.exe
3368	540	WerFault.exe	Unicorn-31346.exe
3404	2192	WerFault.exe	Unicorn-44.exe
3452	1808	WerFault.exe	Unicorn-63635.exe
3560	2952	WerFault.exe	Unicorn-21171.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exeUnicorn-20963.exeUnicorn-4673.exeUnicorn-50345.exeUnicorn-56780.exeUnicorn-60864.exeUnicorn-40998.exeUnicorn-17969.exeUnicorn-32913.exeUnicorn-65223.exeUnicorn-49442.exeUnicorn-3770.exeUnicorn-31565.exeUnicorn-33188.exeUnicorn-43324.exeUnicorn-31626.exeUnicorn-47408.exeUnicorn-16682.exeUnicorn-12597.exeUnicorn-62353.exeUnicorn-31648.exeUnicorn-46593.exeUnicorn-921.exeUnicorn-56728.exeUnicorn-10220.exeUnicorn-15888.exeUnicorn-106.exeUnicorn-24056.exeUnicorn-54782.exeUnicorn-4190.exeUnicorn-54782.exeUnicorn-58866.exeUnicorn-46085.exeUnicorn-61606.exeUnicorn-15935.exeUnicorn-54829.exeUnicorn-4237.exeUnicorn-36355.exeUnicorn-51300.exeUnicorn-9712.exeUnicorn-65135.exeUnicorn-14543.exeUnicorn-65135.exeUnicorn-58721.exeUnicorn-8129.exeUnicorn-12213.exeUnicorn-62805.exeUnicorn-32079.exeUnicorn-47024.exeUnicorn-16297.exeUnicorn-36163.exeUnicorn-21171.exeUnicorn-40199.exeUnicorn-22240.exeUnicorn-38384.exeUnicorn-38384.exeUnicorn-11741.exeUnicorn-26686.exeUnicorn-15826.exeUnicorn-44.exeUnicorn-13365.exeUnicorn-54720.exeUnicorn-4128.exeUnicorn-55467.exe

pid	process
2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
1272	Unicorn-20963.exe
2720	Unicorn-4673.exe
2524	Unicorn-50345.exe
2800	Unicorn-56780.exe
2340	Unicorn-60864.exe
2764	Unicorn-40998.exe
1644	Unicorn-17969.exe
2520	Unicorn-32913.exe
2780	Unicorn-65223.exe
2204	Unicorn-49442.exe
2392	Unicorn-3770.exe
1508	Unicorn-31565.exe
1412	Unicorn-33188.exe
1168	Unicorn-43324.exe
1492	Unicorn-31626.exe
1804	Unicorn-47408.exe
2232	Unicorn-16682.exe
1948	Unicorn-12597.exe
324	Unicorn-62353.exe
3040	Unicorn-31648.exe
2980	Unicorn-46593.exe
1768	Unicorn-921.exe
2852	Unicorn-56728.exe
1028	Unicorn-10220.exe
2096	Unicorn-15888.exe
2368	Unicorn-106.exe
1500	Unicorn-24056.exe
864	Unicorn-54782.exe
2148	Unicorn-4190.exe
568	Unicorn-54782.exe
2364	Unicorn-58866.exe
772	Unicorn-46085.exe
2668	Unicorn-61606.exe
3068	Unicorn-15935.exe
2912	Unicorn-54829.exe
2456	Unicorn-4237.exe
1212	Unicorn-36355.exe
2408	Unicorn-51300.exe
2724	Unicorn-9712.exe
1576	Unicorn-65135.exe
292	Unicorn-14543.exe
2320	Unicorn-65135.exe
1972	Unicorn-58721.exe
1068	Unicorn-8129.exe
1668	Unicorn-12213.exe
1268	Unicorn-62805.exe
3028	Unicorn-32079.exe
2276	Unicorn-47024.exe
2104	Unicorn-16297.exe
2760	Unicorn-36163.exe
2952	Unicorn-21171.exe
2404	Unicorn-40199.exe
2052	Unicorn-22240.exe
332	Unicorn-38384.exe
2140	Unicorn-38384.exe
1292	Unicorn-11741.exe
1228	Unicorn-26686.exe
2388	Unicorn-15826.exe
2192	Unicorn-44.exe
2384	Unicorn-13365.exe
2572	Unicorn-54720.exe
2640	Unicorn-4128.exe
2508	Unicorn-55467.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exeUnicorn-20963.exeUnicorn-4673.exeUnicorn-50345.exeUnicorn-56780.exeUnicorn-40998.exeUnicorn-60864.exeUnicorn-17969.exe

description	pid	process	target process
PID 2040 wrote to memory of 1272	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-20963.exe
PID 2040 wrote to memory of 1272	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-20963.exe
PID 2040 wrote to memory of 1272	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-20963.exe
PID 2040 wrote to memory of 1272	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-20963.exe
PID 1272 wrote to memory of 2720	1272	Unicorn-20963.exe	Unicorn-4673.exe
PID 1272 wrote to memory of 2720	1272	Unicorn-20963.exe	Unicorn-4673.exe
PID 1272 wrote to memory of 2720	1272	Unicorn-20963.exe	Unicorn-4673.exe
PID 1272 wrote to memory of 2720	1272	Unicorn-20963.exe	Unicorn-4673.exe
PID 2040 wrote to memory of 2524	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-50345.exe
PID 2040 wrote to memory of 2524	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-50345.exe
PID 2040 wrote to memory of 2524	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-50345.exe
PID 2040 wrote to memory of 2524	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	Unicorn-50345.exe
PID 2040 wrote to memory of 2588	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	WerFault.exe
PID 2040 wrote to memory of 2588	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	WerFault.exe
PID 2040 wrote to memory of 2588	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	WerFault.exe
PID 2040 wrote to memory of 2588	2040	6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe	WerFault.exe
PID 2720 wrote to memory of 2800	2720	Unicorn-4673.exe	Unicorn-56780.exe
PID 2720 wrote to memory of 2800	2720	Unicorn-4673.exe	Unicorn-56780.exe
PID 2720 wrote to memory of 2800	2720	Unicorn-4673.exe	Unicorn-56780.exe
PID 2720 wrote to memory of 2800	2720	Unicorn-4673.exe	Unicorn-56780.exe
PID 1272 wrote to memory of 2764	1272	Unicorn-20963.exe	Unicorn-40998.exe
PID 1272 wrote to memory of 2764	1272	Unicorn-20963.exe	Unicorn-40998.exe
PID 1272 wrote to memory of 2764	1272	Unicorn-20963.exe	Unicorn-40998.exe
PID 1272 wrote to memory of 2764	1272	Unicorn-20963.exe	Unicorn-40998.exe
PID 2524 wrote to memory of 2340	2524	Unicorn-50345.exe	Unicorn-60864.exe
PID 2524 wrote to memory of 2340	2524	Unicorn-50345.exe	Unicorn-60864.exe
PID 2524 wrote to memory of 2340	2524	Unicorn-50345.exe	Unicorn-60864.exe
PID 2524 wrote to memory of 2340	2524	Unicorn-50345.exe	Unicorn-60864.exe
PID 1272 wrote to memory of 2888	1272	Unicorn-20963.exe	WerFault.exe
PID 1272 wrote to memory of 2888	1272	Unicorn-20963.exe	WerFault.exe
PID 1272 wrote to memory of 2888	1272	Unicorn-20963.exe	WerFault.exe
PID 1272 wrote to memory of 2888	1272	Unicorn-20963.exe	WerFault.exe
PID 2800 wrote to memory of 1644	2800	Unicorn-56780.exe	Unicorn-17969.exe
PID 2800 wrote to memory of 1644	2800	Unicorn-56780.exe	Unicorn-17969.exe
PID 2800 wrote to memory of 1644	2800	Unicorn-56780.exe	Unicorn-17969.exe
PID 2800 wrote to memory of 1644	2800	Unicorn-56780.exe	Unicorn-17969.exe
PID 2720 wrote to memory of 2520	2720	Unicorn-4673.exe	Unicorn-32913.exe
PID 2720 wrote to memory of 2520	2720	Unicorn-4673.exe	Unicorn-32913.exe
PID 2720 wrote to memory of 2520	2720	Unicorn-4673.exe	Unicorn-32913.exe
PID 2720 wrote to memory of 2520	2720	Unicorn-4673.exe	Unicorn-32913.exe
PID 2764 wrote to memory of 2780	2764	Unicorn-40998.exe	Unicorn-65223.exe
PID 2764 wrote to memory of 2780	2764	Unicorn-40998.exe	Unicorn-65223.exe
PID 2764 wrote to memory of 2780	2764	Unicorn-40998.exe	Unicorn-65223.exe
PID 2764 wrote to memory of 2780	2764	Unicorn-40998.exe	Unicorn-65223.exe
PID 2524 wrote to memory of 2204	2524	Unicorn-50345.exe	Unicorn-49442.exe
PID 2524 wrote to memory of 2204	2524	Unicorn-50345.exe	Unicorn-49442.exe
PID 2524 wrote to memory of 2204	2524	Unicorn-50345.exe	Unicorn-49442.exe
PID 2524 wrote to memory of 2204	2524	Unicorn-50345.exe	Unicorn-49442.exe
PID 2340 wrote to memory of 2392	2340	Unicorn-60864.exe	Unicorn-3770.exe
PID 2340 wrote to memory of 2392	2340	Unicorn-60864.exe	Unicorn-3770.exe
PID 2340 wrote to memory of 2392	2340	Unicorn-60864.exe	Unicorn-3770.exe
PID 2340 wrote to memory of 2392	2340	Unicorn-60864.exe	Unicorn-3770.exe
PID 2720 wrote to memory of 2312	2720	Unicorn-4673.exe	WerFault.exe
PID 2720 wrote to memory of 2312	2720	Unicorn-4673.exe	WerFault.exe
PID 2720 wrote to memory of 2312	2720	Unicorn-4673.exe	WerFault.exe
PID 2720 wrote to memory of 2312	2720	Unicorn-4673.exe	WerFault.exe
PID 2524 wrote to memory of 2324	2524	Unicorn-50345.exe	WerFault.exe
PID 2524 wrote to memory of 2324	2524	Unicorn-50345.exe	WerFault.exe
PID 2524 wrote to memory of 2324	2524	Unicorn-50345.exe	WerFault.exe
PID 2524 wrote to memory of 2324	2524	Unicorn-50345.exe	WerFault.exe
PID 1644 wrote to memory of 1508	1644	Unicorn-17969.exe	Unicorn-31565.exe
PID 1644 wrote to memory of 1508	1644	Unicorn-17969.exe	Unicorn-31565.exe
PID 1644 wrote to memory of 1508	1644	Unicorn-17969.exe	Unicorn-31565.exe
PID 1644 wrote to memory of 1508	1644	Unicorn-17969.exe	Unicorn-31565.exe

C:\Users\Admin\AppData\Local\Temp\6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe
"C:\Users\Admin\AppData\Local\Temp\6d224858b781fb51e9e1b82fdeee1544d5ab98167ebcc9fd859b10191a0e4a78.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31648.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21171.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47896.exe
10⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43895.exe
11⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62198.exe
12⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38073.exe
13⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47829.exe
14⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36914.exe
15⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 236
15⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
14⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
13⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
12⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
11⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58840.exe
10⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29142.exe
11⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47455.exe
12⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64466.exe
13⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35689.exe
14⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 236
14⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
13⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
12⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
11⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
10⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
9⤵
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
10⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23304.exe
11⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28151.exe
12⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41197.exe
13⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25622.exe
14⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
14⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 236
13⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 236
12⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
11⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
10⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
9⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25338.exe
9⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29697.exe
10⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26464.exe
11⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
12⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19485.exe
13⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5206.exe
14⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
14⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
13⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
12⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
11⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61637.exe
10⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2063.exe
11⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50548.exe
12⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44895.exe
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
10⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44642.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15135.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56355.exe
11⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53065.exe
12⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-51880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51880.exe
13⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 236
13⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
12⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
11⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
9⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
8⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61606.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22240.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35452.exe
9⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
10⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18535.exe
11⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62468.exe
12⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
13⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35819.exe
14⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
14⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
13⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
11⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20865.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2961.exe
11⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34482.exe
12⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31543.exe
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 236
13⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
12⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15586.exe
8⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62177.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64336.exe
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54793.exe
11⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63947.exe
12⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
13⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
13⤵
PID:8388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
12⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
11⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
8⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
7⤵
- Program crash
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46593.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15935.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11741.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36028.exe
9⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40003.exe
10⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46137.exe
11⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
12⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
13⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
14⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
13⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
11⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
10⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36665.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-11705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11705.exe
11⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4871.exe
12⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
13⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32498.exe
8⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33973.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29225.exe
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
11⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
12⤵
PID:10456

C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
12⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 220
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
9⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
8⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54502.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40963.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46791.exe
11⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
12⤵
PID:10452

C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45414.exe
13⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 220
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25181.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9380.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61181.exe
10⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40424.exe
11⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
11⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
9⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
8⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
7⤵
- Program crash
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
6⤵
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-921.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5109.exe
9⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9935.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
11⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59292.exe
12⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
13⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
13⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
12⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
11⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
10⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
9⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
8⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56998.exe
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20922.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
11⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-39140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39140.exe
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 216
12⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 236
10⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 216
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
8⤵
- Program crash
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55467.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42608.exe
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32121.exe
11⤵
PID:9080

C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52653.exe
12⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9080 -s 216
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
11⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
9⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
8⤵
- Program crash
PID:3304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4237.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55872.exe
8⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7522.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
11⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
12⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
12⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
11⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 236
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26551.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19495.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18120.exe
10⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
11⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61091.exe
12⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
8⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
7⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19583.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59951.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
11⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57007.exe
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
8⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 220
7⤵
- Program crash
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
6⤵
- Program crash
PID:1044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12597.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21446.exe
8⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47362.exe
11⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5180.exe
12⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 236
12⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
10⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
8⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
7⤵
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47024.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20486.exe
7⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12545.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29609.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6059.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44150.exe
11⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
12⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
11⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28798.exe
7⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10620.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15878.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
10⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24332.exe
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
7⤵
- Program crash
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
6⤵
- Program crash
PID:1060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8274.exe
5⤵
- Executes dropped EXE
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26573.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
9⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6562.exe
10⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53447.exe
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
11⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
10⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
8⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57854.exe
7⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9271.exe
8⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30922.exe
9⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 220
10⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
9⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
8⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
7⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
6⤵
- Program crash
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
5⤵
- Program crash
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16682.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36163.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
8⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22022.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11798.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33344.exe
11⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44518.exe
12⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-34589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34589.exe
13⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 216
13⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
12⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
11⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
9⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15987.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59619.exe
11⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33408.exe
12⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
11⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
10⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36966.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60719.exe
10⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55151.exe
11⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
12⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-10411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10411.exe
13⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
8⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57989.exe
7⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
8⤵
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22380.exe
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
11⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57147.exe
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
12⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
8⤵
- Program crash
PID:3992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
7⤵
- Program crash
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16297.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9940.exe
7⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34741.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
10⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29324.exe
11⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
12⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
11⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
8⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
7⤵
- Program crash
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
6⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4190.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32079.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31752.exe
8⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27833.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
10⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
11⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
12⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
11⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
10⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-25992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25992.exe
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44134.exe
10⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57339.exe
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
10⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 216
8⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
7⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43598.exe
6⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17938.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7714.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61295.exe
9⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22671.exe
10⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45276.exe
11⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27708.exe
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
11⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-677.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3350.exe
8⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44606.exe
9⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43818.exe
10⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 236
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
9⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
8⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
7⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
6⤵
- Program crash
PID:1856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
5⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31626.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58721.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12317.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34357.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
11⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57912.exe
12⤵
PID:11072

C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35300.exe
13⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57470.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11902.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42562.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18196.exe
12⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
10⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
9⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
8⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18684.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20543.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19687.exe
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27933.exe
10⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17591.exe
11⤵
PID:10860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28938.exe
12⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10860 -s 236
12⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 216
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
10⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
8⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
7⤵
- Program crash
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
6⤵
- Program crash
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8129.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24570.exe
6⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
7⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60999.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24347.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46983.exe
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15728.exe
11⤵
PID:11160

C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33271.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
11⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45218.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
8⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20341.exe
9⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28556.exe
10⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10603.exe
11⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 220
10⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
9⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
8⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 240
7⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 236
6⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
5⤵
- Program crash
PID:1828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3770.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-47408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47408.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15888.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
8⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46142.exe
9⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19059.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46459.exe
12⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33406.exe
13⤵
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
13⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
12⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
10⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 216
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3718.exe
8⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16890.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3900.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31519.exe
11⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
12⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 236
11⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
9⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 220
8⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
7⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58394.exe
8⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-1575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1575.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49894.exe
10⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55063.exe
11⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
12⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
12⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
11⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
10⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
8⤵
- Program crash
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
7⤵
- Program crash
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14543.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56858.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56832.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17741.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48208.exe
12⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34065.exe
13⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53962.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61103.exe
9⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56973.exe
11⤵
PID:11408

C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
12⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
11⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
8⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62540.exe
7⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15883.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34077.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
10⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59666.exe
11⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53006.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 220
10⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
8⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
7⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 240
6⤵
- Program crash
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-106.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65135.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
8⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53838.exe
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
10⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34726.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
12⤵
PID:2280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 236
12⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
11⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 216
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
8⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
7⤵
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61814.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47647.exe
9⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22474.exe
10⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5289.exe
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
11⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
10⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 236
9⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 216
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
7⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49821.exe
6⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50226.exe
7⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42800.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44710.exe
10⤵
PID:8788

C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16883.exe
11⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8788 -s 216
11⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
10⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
9⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 216
8⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 236
7⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
5⤵
- Program crash
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62353.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54782.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62805.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
7⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
8⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
11⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65115.exe
12⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
10⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44533.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60034.exe
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35307.exe
10⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13418.exe
11⤵
PID:11288

C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50074.exe
12⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
9⤵
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
8⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24714.exe
7⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20927.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7709.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
10⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25702.exe
11⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
10⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
8⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 220
7⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31346.exe
6⤵
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1025.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40662.exe
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27336.exe
9⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47087.exe
10⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
11⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
9⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
8⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 216
7⤵
- Program crash
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 220
6⤵
- Program crash
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12213.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43044.exe
6⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
6⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58477.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
8⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
9⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27622.exe
10⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30365.exe
11⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
10⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
9⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
8⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
7⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
6⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 240
5⤵
- Program crash
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56728.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36355.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13879.exe
7⤵
- Executes dropped EXE
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27668.exe
8⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20351.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14232.exe
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20149.exe
11⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30502.exe
12⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15071.exe
13⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 220
11⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43463.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22479.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6080.exe
11⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7287.exe
12⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
10⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
8⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
7⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5851.exe
8⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29282.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32505.exe
10⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
11⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
11⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
9⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
8⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
7⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63635.exe
6⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44580.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-169.exe
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16838.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63807.exe
10⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56052.exe
11⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 236
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
10⤵
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
9⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
8⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
7⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
6⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-16978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16978.exe
7⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64891.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41477.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48846.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21208.exe
11⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59337.exe
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49110.exe
7⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2582.exe
8⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22841.exe
9⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32448.exe
10⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12165.exe
11⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
10⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 220
9⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 216
8⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
7⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36006.exe
6⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11606.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23579.exe
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42432.exe
9⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
10⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48839.exe
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
10⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 220
9⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
8⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
7⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
6⤵
- Program crash
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
5⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10220.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9712.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9193.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26620.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10423.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48457.exe
10⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44978.exe
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 216
10⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
8⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
7⤵
- Program crash
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63033.exe
6⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59484.exe
7⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60008.exe
8⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4108.exe
9⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24750.exe
10⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 216
10⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
9⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
8⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 236
7⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
6⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4128.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39920.exe
6⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27004.exe
7⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
8⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
9⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44267.exe
10⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 216
10⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
9⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
8⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
7⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 216
6⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
5⤵
- Program crash
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
4⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
2⤵
- Program crash
PID:2588

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36412.exe
Filesize
184KB

MD5
311a5c9c5f46a09dc0b9797a6eb5e5f5

SHA1
6aa32302e75f1ec422b826fe524035bc67218724

SHA256
9ce7eb3871a525f5c090fac475b209c44a11776d164e2853629ae06de788abce

SHA512
f90fcab1f28e5e6ff96c6f54abc387a0be00d279bd2ad2d4b1929d34f8f541585f44999fd4d44fca85b27483a8ada37ddba9678c848fc756e360734626ac2fc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36781.exe
Filesize
184KB

MD5
3da486b921610bcc406aa1069a8c00ee

SHA1
8f246f58ef419c84c2a1332df405518ead868734

SHA256
e5b8b078a44020f955afabfd4ef77a6e5405a6b1825f614efa153574fdf542b6

SHA512
2e1aacd3f62834fcb214fb38afb509188a44d58e21ef2a2d271c38ace88e6b5cf6665d1476cfdb3c8062880b66cf9761436643399a9d54d1e6530442a8141e40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3770.exe
Filesize
184KB

MD5
7930500c3bd21258cf95c68baef67f90

SHA1
f51576ed2e45306dc83bff2864b842199eb2d36f

SHA256
2c62840145f398e0cf7c85259382ca9bae74d4fc5a0f14faca0a187230c412de

SHA512
10b182712e2f41eda517e5b901756edbe83927c3fb27caa1bd788fcea0895198be5e7d2a59cf8d274d0240d244b30505b6f2b77c87807809ee3943a4f4e629f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40199.exe
Filesize
184KB

MD5
6b530433d31c8d4fd4ce56f8f5c4f362

SHA1
df68544a63998c47f681ae8d366f630a2f5aeaf7

SHA256
4e111e42e93655f6a623a319379268e991459fe7eda629e593d35a203f4d3318

SHA512
09d2b124d3add1c19c2ef2669d905b0fcff241a25abe4c9f3febf3f3fb508e251bec9214ba75eaa9c461a3511242dca6e06e083b5f026693c2f646382980512b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
Filesize
184KB

MD5
adbf6bf9c8a23ecc4b547309e1ff71bc

SHA1
25cbf44f03a5247c36d207c5b64f1f533c631270

SHA256
500b2f5abb59a6d012bf4bd3ac3456ff61726ada5f7e40f79ec0e060519ca915

SHA512
acd9c82999db473f7eff1ce5b2e08ca28a89ff815fa2b1622f6ccd7dc8ca88c69da96868e3de6805852ad85e835be31dc5838bfccfbab744ddd562e578ad8e04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49442.exe
Filesize
184KB

MD5
76f9459d4ebaf15748ae466e999b5939

SHA1
c820edde6882cc3aafee8dcd70640e521650b0da

SHA256
d7d5fa2450bf21b99689b63974d9ad6ea957b63bb50a3c1ef663dcb0eff0a82f

SHA512
c753833ff966711ff87683b9b70fedecb0d1ca36f9ad3bf333a46425d8ece5abff98c8198119b8c972f7c71e4edb16d7d39e1f19f93387bd0d2af6c38180faff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5467.exe
Filesize
184KB

MD5
7683ce7d6f8b934217507cb2616df02d

SHA1
f061e78aa6c204793bf3157011cbb4dfb4733915

SHA256
4719c22cf6cc8c6e4af125ddc0e226f4e65a34fc744b992aaf1ae124fdb75a8b

SHA512
0cefdd53b5a21ed82ed1ebf4d53f4accec96da0e7dc8fbc3f0d31d32cd56d563a31de37c0275e5b8f9ea189c7fc0e4b4f77030db1ed457999d6cbd70a7761df6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6147.exe
Filesize
184KB

MD5
828ac91964158dfdc2cd0edea1b739d5

SHA1
de942f906f742c6289c07d3a5347dae9f6a70dfe

SHA256
c4bb6b82eeca255d82fdd9faff435f83e7fbdb6d78bb81e83e9ab78e9dec9b2e

SHA512
b789f37094108bc9d105023615e4a986bccddbcd56dc642301289d9e3558f23a319b0aceb6cd38a2560ba98ca1150781e2fc22393c21796fd865784ebc1f6611

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6583.exe
Filesize
184KB

MD5
7e001970bbc28629263fc3e4c4cb64a7

SHA1
b8c5a4fc607ad078bc227e8bccfe5edad994c607

SHA256
f7eb5db59eb9e6a75d7b767d62f0263b85c7467c416a627984f920df89047ba0

SHA512
8637447b9b91a922b9cf1489766a17f6fd9bbd8f7d9aab65bd295c154b69db30dd06b51a346b62f97a80819afb3d0ded08513438517de5335abaae60c0c7e6a9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17969.exe
Filesize
184KB

MD5
877e5b8ce44fbb2aea7ff3b0b71bb73f

SHA1
dfcc62772ab8a43a0ba97d61ea388c8609224ee9

SHA256
7233d328c6b62612b4d892ccdf07aa2d233fc1f47e15fc958f515526109cdb8d

SHA512
70563cf1076da0ec41b5a990d8dbc2794e7ff1f9ad0b5c51982d425215a6ee12d0d5639544389c66df3744ce6cde2cacc7cf9daa43f4724566549800629d209e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20963.exe
Filesize
184KB

MD5
96257c39184f45c912a0449c41725513

SHA1
c60184f76b5512beb7cb135a9196918fc7bd9432

SHA256
448b7d6532a03feb5f1c6d3fe17f4db2312f3b7ba7d856dd3733341502cb5705

SHA512
877751216a03bc88ce2b669746bb4f95a6dc503fba76f1717bbb7452cbe3b9b30aada22cafd385106b6c2e1063faff96a2ca50715d58e54d65372bf9634a6ba9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
Filesize
184KB

MD5
c66a5bd7a5fb87b339377c4a1e31f49e

SHA1
4339c9a502aa7d3a70fce3d9017c7a0abff402e0

SHA256
696748789fc43c5f024bcc8abfb71b314f956f88ec5d80df51d2207f6bf0fe02

SHA512
a1ce8459451923c658b7e76998b61ee114088417f9f816ee58ea9666108c98847672bc5f64945ddbb97355aa2a84a1302f1fd0f5255fc1425ee7e99fc6927bb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32913.exe
Filesize
184KB

MD5
96560c97698de7c17815134a79ee728a

SHA1
e4a1a6efa18afe24d5ac120e1ac70717b09cd461

SHA256
bfdc38492ba39628683f1a69188c6a4222a78e44a720f5d6665e9ff6e5edd8be

SHA512
9f301cdcbefe5a42112ef5f6dcb25f01acb7e6a0a114c49640e563c089bffe9f2647d55f47d9aad0005c1a47f2fa72386d385a3ae18d7c714cdf11d6fcb0644e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33188.exe
Filesize
184KB

MD5
bd6697c9c73c0cb6a815a79dd98baba9

SHA1
16ef158616efedecee185a2e37eb0cc2dc8f9ab2

SHA256
d2ee91233cde562a5a7a932e8857dfb221a5a78edbd8f85fedc3a3ffe24d906b

SHA512
6514ddd203c451453e41d64cff731dc286f126f1c5b991df9c1888131eae4a0b0a397a2293a0651eb86e07d188d82d79a750f3a2d340bae6f3b318af2eb589fb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43324.exe
Filesize
184KB

MD5
6ca2bf591dfd8725d3329fbda4d22540

SHA1
0111b02daa17a5ef6c66bdd33994ef6cb5ed5e46

SHA256
98a2a5e64bbe26abd567b6af4eb5c2c0dbcf28c2048001fd75d0da2903459409

SHA512
31aa4b3cc659426677c1bfe402198fe3b3c767ef3da28fd473076c3113c01b7ac6b62b84b72f14d948719f69b83f722e7d0e2cf877efafcaf6ecbcfd2fd9bc59

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4673.exe
Filesize
184KB

MD5
e82f5717a087b73137ae21a8b074be45

SHA1
f3c162bbc9880d49099233709647805b215a979d

SHA256
7889932fa771a431afbd5e5102169c6e651490b1bd3c4ba5409cf193e9749451

SHA512
1e4ede88197fc37b91b15e91cd07351a674aee40fa2b5ea3f6db49427c47a4ccbe9a2785cffd80f33f051b51e096a75e800749d428cd22b3d0ece1f1c895d505

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50345.exe
Filesize
184KB

MD5
c6b75adf16c742295960eb71ba8e1af2

SHA1
6bd40451f0b02995ffe62e1d75cf0db5bcdfa853

SHA256
3e5f308a4fffe358760956f8ca2f6041f0a374cf5d0afea9c0ed59001fff9e5b

SHA512
bc85580aa74fe1c0d74dbdd15d6906f2b86d67316ebf8a7b1ea6a718237a792ab42679001b6a60996287e9913bd8504ea8f4834fcc8e5bcefebb200a1bf104dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56780.exe
Filesize
184KB

MD5
96cb9c1ddd70d6cd4a9a6d90ce624c8e

SHA1
83b5caddccbb347870556e4b524f21bc60c6a3ea

SHA256
d52232b926b6cb458d8eb1b4d16de9eae243d2e0815e28c7869d5a271c1cf6a5

SHA512
821b8e5aa2cb0d50e795da8b7b7baae8843da77ebb81f3213e0103fc83f2681538f87cf563b77cedeb647dc506f24f576b73b3c40f4b1c44f5fed73cf3957b4a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60864.exe
Filesize
184KB

MD5
4a6eff6102c2e1be1c590f74c339c67a

SHA1
a942dd0878a44b9d3de7cc02f7d0ef5e51ee0f14

SHA256
0e04ab5c90b6ba32307aa7c63061374266b6746e534a081bffa2a4c2facd3178

SHA512
c68b75f1b34a6edbb40553ead41e6889a55446ed085ff66fd7629b7c1b0b1d2801d7f8bdec2db20b3b2fa48b71776404692b0138339eb910762e982b45a3eba9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65223.exe
Filesize
184KB

MD5
89a5b41c358cdb5a5e1042484e5c20a1

SHA1
404d896ba9c04425205ec0e6459cb08af0f7e488

SHA256
5d572b72e99f62b47aaeaf7bc40ded1c9f0ed93a6ab02210003e4f9f2d7a0f16

SHA512
cb63b5e72410ade4c9edf2ee92680da884f39a322b027d207ae51cf3d8bdc4ff4e8b72780748a8cdb7809ebb1767c59649a50247539a192de71d26cd8e22b87c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads