77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
Size

184KB
MD5

0ae54f93bbacc96e2ea92e95b9674361
SHA1

de88a7365d649d98aebb592caa4da5d291b502e9
SHA256

77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30
SHA512

ea5f22f8ae82e07efdd0cfe7b1147bdaf3aa22b41891b075b0552b81b8809128565ee6d012cd31ca5bce19fddf87417c5a2fdb620e736463bb82dbb99c5d9ed4
SSDEEP

3072:nZe3XaooOihKdFaWe8wLWssZhlnViF/n3:nZHoEGFafLbsZhlnViF/

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-63959.exeUnicorn-42975.exeUnicorn-62841.exeUnicorn-1471.exeUnicorn-36282.exeUnicorn-16416.exeUnicorn-19152.exeUnicorn-34096.exeUnicorn-15067.exeUnicorn-7454.exeUnicorn-13759.exeUnicorn-41793.exeUnicorn-64906.exeUnicorn-62213.exeUnicorn-38263.exeUnicorn-58129.exeUnicorn-42945.exeUnicorn-59281.exeUnicorn-33215.exeUnicorn-56328.exeUnicorn-18825.exeUnicorn-61803.exeUnicorn-59343.exeUnicorn-59343.exeUnicorn-61466.exeUnicorn-2706.exeUnicorn-8757.exeUnicorn-31870.exeUnicorn-21010.exeUnicorn-27786.exeUnicorn-55820.exeUnicorn-48207.exeUnicorn-63988.exeUnicorn-56567.exeUnicorn-19064.exeUnicorn-53874.exeUnicorn-60651.exeUnicorn-14979.exeUnicorn-14486.exeUnicorn-14486.exeUnicorn-7449.exeUnicorn-51819.exeUnicorn-29453.exeUnicorn-36229.exeUnicorn-33537.exeUnicorn-45789.exeUnicorn-21839.exeUnicorn-49873.exeUnicorn-61933.exeUnicorn-42067.exeUnicorn-35291.exeUnicorn-480.exeUnicorn-43459.exeUnicorn-58404.exeUnicorn-58404.exeUnicorn-12732.exeUnicorn-8648.exeUnicorn-8648.exeUnicorn-31761.exeUnicorn-31761.exeUnicorn-36635.exeUnicorn-12685.exeUnicorn-44803.exeUnicorn-59748.exe

pid	process
1256	Unicorn-63959.exe
1628	Unicorn-42975.exe
2400	Unicorn-62841.exe
2688	Unicorn-1471.exe
320	Unicorn-36282.exe
2712	Unicorn-16416.exe
1228	Unicorn-19152.exe
2796	Unicorn-34096.exe
2940	Unicorn-15067.exe
1584	Unicorn-7454.exe
2508	Unicorn-13759.exe
1440	Unicorn-41793.exe
1396	Unicorn-64906.exe
2284	Unicorn-62213.exe
2288	Unicorn-38263.exe
2860	Unicorn-58129.exe
1512	Unicorn-42945.exe
1332	Unicorn-59281.exe
1120	Unicorn-33215.exe
2144	Unicorn-56328.exe
1788	Unicorn-18825.exe
972	Unicorn-61803.exe
1896	Unicorn-59343.exe
2852	Unicorn-59343.exe
1172	Unicorn-61466.exe
2840	Unicorn-2706.exe
884	Unicorn-8757.exe
1732	Unicorn-31870.exe
1576	Unicorn-21010.exe
1736	Unicorn-27786.exe
768	Unicorn-55820.exe
2636	Unicorn-48207.exe
2672	Unicorn-63988.exe
2560	Unicorn-56567.exe
2692	Unicorn-19064.exe
2492	Unicorn-53874.exe
2724	Unicorn-60651.exe
2532	Unicorn-14979.exe
2768	Unicorn-14486.exe
2824	Unicorn-14486.exe
2820	Unicorn-7449.exe
1624	Unicorn-51819.exe
1496	Unicorn-29453.exe
1432	Unicorn-36229.exe
1524	Unicorn-33537.exe
2876	Unicorn-45789.exe
2872	Unicorn-21839.exe
680	Unicorn-49873.exe
2180	Unicorn-61933.exe
1136	Unicorn-42067.exe
1052	Unicorn-35291.exe
1384	Unicorn-480.exe
1984	Unicorn-43459.exe
1864	Unicorn-58404.exe
240	Unicorn-58404.exe
996	Unicorn-12732.exe
2328	Unicorn-8648.exe
1764	Unicorn-8648.exe
2152	Unicorn-31761.exe
848	Unicorn-31761.exe
2956	Unicorn-36635.exe
2984	Unicorn-12685.exe
2708	Unicorn-44803.exe
2704	Unicorn-59748.exe

Loads dropped DLL 64 IoCs

Processes:

77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exeUnicorn-63959.exeUnicorn-62841.exeUnicorn-42975.exeWerFault.exeUnicorn-36282.exeUnicorn-16416.exeWerFault.exeWerFault.exeUnicorn-1471.exeUnicorn-15067.exeUnicorn-19152.exeUnicorn-7454.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
1256	Unicorn-63959.exe
2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
1256	Unicorn-63959.exe
2400	Unicorn-62841.exe
2400	Unicorn-62841.exe
1628	Unicorn-42975.exe
1628	Unicorn-42975.exe
1256	Unicorn-63959.exe
1256	Unicorn-63959.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
320	Unicorn-36282.exe
320	Unicorn-36282.exe
1628	Unicorn-42975.exe
1628	Unicorn-42975.exe
2712	Unicorn-16416.exe
2712	Unicorn-16416.exe
2400	Unicorn-62841.exe
2400	Unicorn-62841.exe
340	WerFault.exe
340	WerFault.exe
340	WerFault.exe
340	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
2368	WerFault.exe
340	WerFault.exe
2368	WerFault.exe
2688	Unicorn-1471.exe
2688	Unicorn-1471.exe
2940	Unicorn-15067.exe
2940	Unicorn-15067.exe
2712	Unicorn-16416.exe
2712	Unicorn-16416.exe
1228	Unicorn-19152.exe
1228	Unicorn-19152.exe
320	Unicorn-36282.exe
320	Unicorn-36282.exe
1584	Unicorn-7454.exe
1584	Unicorn-7454.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
2088	WerFault.exe
988	WerFault.exe
988	WerFault.exe
988	WerFault.exe
988	WerFault.exe
988	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
616	WerFault.exe
1484	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2612	2360	WerFault.exe	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
1804	1256	WerFault.exe	Unicorn-63959.exe
340	2400	WerFault.exe	Unicorn-62841.exe
2368	1628	WerFault.exe	Unicorn-42975.exe
2088	2796	WerFault.exe	Unicorn-34096.exe
988	320	WerFault.exe	Unicorn-36282.exe
1484	2688	WerFault.exe	Unicorn-1471.exe
616	2712	WerFault.exe	Unicorn-16416.exe
892	2940	WerFault.exe	Unicorn-15067.exe
2392	1228	WerFault.exe	Unicorn-19152.exe
3028	1584	WerFault.exe	Unicorn-7454.exe
1128	2508	WerFault.exe	Unicorn-13759.exe
1876	1396	WerFault.exe	Unicorn-64906.exe
1820	1440	WerFault.exe	Unicorn-41793.exe
2024	2288	WerFault.exe	Unicorn-38263.exe
2500	2284	WerFault.exe	Unicorn-62213.exe
556	2860	WerFault.exe	Unicorn-58129.exe
2008	1512	WerFault.exe	Unicorn-42945.exe
904	1332	WerFault.exe	Unicorn-59281.exe
2600	1120	WerFault.exe	Unicorn-33215.exe
2528	2144	WerFault.exe	Unicorn-56328.exe
2472	1788	WerFault.exe	Unicorn-18825.exe
2828	1896	WerFault.exe	Unicorn-59343.exe
2780	972	WerFault.exe	Unicorn-61803.exe
2788	2852	WerFault.exe	Unicorn-59343.exe
1264	1384	WerFault.exe	Unicorn-480.exe
2188	2840	WerFault.exe	Unicorn-2706.exe
2764	1172	WerFault.exe	Unicorn-61466.exe
2596	1732	WerFault.exe	Unicorn-31870.exe
2792	884	WerFault.exe	Unicorn-8757.exe
2148	1736	WerFault.exe	Unicorn-27786.exe
1768	768	WerFault.exe	Unicorn-55820.exe
780	1576	WerFault.exe	Unicorn-21010.exe
2324	2636	WerFault.exe	Unicorn-48207.exe
1152	2560	WerFault.exe	Unicorn-56567.exe
1540	2672	WerFault.exe	Unicorn-63988.exe
1800	2492	WerFault.exe	Unicorn-53874.exe
880	2724	WerFault.exe	Unicorn-60651.exe
2388	2532	WerFault.exe	Unicorn-14979.exe
2164	2692	WerFault.exe	Unicorn-19064.exe
4080	2768	WerFault.exe	Unicorn-14486.exe
3124	2824	WerFault.exe	Unicorn-14486.exe
3184	1624	WerFault.exe	Unicorn-51819.exe
3360	1496	WerFault.exe	Unicorn-29453.exe
3388	680	WerFault.exe	Unicorn-49873.exe
3432	1052	WerFault.exe	Unicorn-35291.exe
3456	1984	WerFault.exe	Unicorn-43459.exe
3492	1136	WerFault.exe	Unicorn-42067.exe
3624	2328	WerFault.exe	Unicorn-8648.exe
3680	1864	WerFault.exe	Unicorn-58404.exe
4000	1764	WerFault.exe	Unicorn-8648.exe
4048	2152	WerFault.exe	Unicorn-31761.exe
3104	2820	WerFault.exe	Unicorn-7449.exe
3120	1524	WerFault.exe	Unicorn-33537.exe
3256	2876	WerFault.exe	Unicorn-45789.exe
3696	240	WerFault.exe	Unicorn-58404.exe
4016	2956	WerFault.exe	Unicorn-36635.exe
3084	2872	WerFault.exe	Unicorn-21839.exe
3580	3208	WerFault.exe	Unicorn-153.exe
3232	888	WerFault.exe	Unicorn-46941.exe
3944	848	WerFault.exe	Unicorn-31761.exe
3316	1680	WerFault.exe	Unicorn-14823.exe
4136	2128	WerFault.exe	Unicorn-28275.exe
4144	1724	WerFault.exe	Unicorn-37512.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exeUnicorn-63959.exeUnicorn-62841.exeUnicorn-42975.exeUnicorn-1471.exeUnicorn-36282.exeUnicorn-16416.exeUnicorn-15067.exeUnicorn-19152.exeUnicorn-34096.exeUnicorn-7454.exeUnicorn-13759.exeUnicorn-64906.exeUnicorn-41793.exeUnicorn-38263.exeUnicorn-62213.exeUnicorn-58129.exeUnicorn-42945.exeUnicorn-59281.exeUnicorn-33215.exeUnicorn-56328.exeUnicorn-18825.exeUnicorn-59343.exeUnicorn-61803.exeUnicorn-59343.exeUnicorn-61466.exeUnicorn-2706.exeUnicorn-8757.exeUnicorn-31870.exeUnicorn-21010.exeUnicorn-27786.exeUnicorn-55820.exeUnicorn-48207.exeUnicorn-63988.exeUnicorn-56567.exeUnicorn-53874.exeUnicorn-19064.exeUnicorn-14979.exeUnicorn-60651.exeUnicorn-14486.exeUnicorn-14486.exeUnicorn-7449.exeUnicorn-51819.exeUnicorn-29453.exeUnicorn-36229.exeUnicorn-33537.exeUnicorn-45789.exeUnicorn-21839.exeUnicorn-49873.exeUnicorn-42067.exeUnicorn-61933.exeUnicorn-35291.exeUnicorn-480.exeUnicorn-43459.exeUnicorn-58404.exeUnicorn-12732.exeUnicorn-8648.exeUnicorn-58404.exeUnicorn-31761.exeUnicorn-8648.exeUnicorn-31761.exeUnicorn-36635.exeUnicorn-44803.exeUnicorn-12685.exe

pid	process
2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
1256	Unicorn-63959.exe
2400	Unicorn-62841.exe
1628	Unicorn-42975.exe
2688	Unicorn-1471.exe
320	Unicorn-36282.exe
2712	Unicorn-16416.exe
2940	Unicorn-15067.exe
1228	Unicorn-19152.exe
2796	Unicorn-34096.exe
1584	Unicorn-7454.exe
2508	Unicorn-13759.exe
1396	Unicorn-64906.exe
1440	Unicorn-41793.exe
2288	Unicorn-38263.exe
2284	Unicorn-62213.exe
2860	Unicorn-58129.exe
1512	Unicorn-42945.exe
1332	Unicorn-59281.exe
1120	Unicorn-33215.exe
2144	Unicorn-56328.exe
1788	Unicorn-18825.exe
2852	Unicorn-59343.exe
972	Unicorn-61803.exe
1896	Unicorn-59343.exe
1172	Unicorn-61466.exe
2840	Unicorn-2706.exe
884	Unicorn-8757.exe
1732	Unicorn-31870.exe
1576	Unicorn-21010.exe
1736	Unicorn-27786.exe
768	Unicorn-55820.exe
2636	Unicorn-48207.exe
2672	Unicorn-63988.exe
2560	Unicorn-56567.exe
2492	Unicorn-53874.exe
2692	Unicorn-19064.exe
2532	Unicorn-14979.exe
2724	Unicorn-60651.exe
2768	Unicorn-14486.exe
2824	Unicorn-14486.exe
2820	Unicorn-7449.exe
1624	Unicorn-51819.exe
1496	Unicorn-29453.exe
1432	Unicorn-36229.exe
1524	Unicorn-33537.exe
2876	Unicorn-45789.exe
2872	Unicorn-21839.exe
680	Unicorn-49873.exe
1136	Unicorn-42067.exe
2180	Unicorn-61933.exe
1052	Unicorn-35291.exe
1384	Unicorn-480.exe
1984	Unicorn-43459.exe
1864	Unicorn-58404.exe
996	Unicorn-12732.exe
2328	Unicorn-8648.exe
240	Unicorn-58404.exe
2152	Unicorn-31761.exe
1764	Unicorn-8648.exe
848	Unicorn-31761.exe
2956	Unicorn-36635.exe
2708	Unicorn-44803.exe
2984	Unicorn-12685.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exeUnicorn-63959.exeUnicorn-62841.exeUnicorn-42975.exeUnicorn-36282.exeUnicorn-16416.exeUnicorn-1471.exeUnicorn-15067.exe

description	pid	process	target process
PID 2360 wrote to memory of 1256	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-63959.exe
PID 2360 wrote to memory of 1256	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-63959.exe
PID 2360 wrote to memory of 1256	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-63959.exe
PID 2360 wrote to memory of 1256	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-63959.exe
PID 2360 wrote to memory of 1628	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-42975.exe
PID 2360 wrote to memory of 1628	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-42975.exe
PID 2360 wrote to memory of 1628	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-42975.exe
PID 2360 wrote to memory of 1628	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	Unicorn-42975.exe
PID 1256 wrote to memory of 2400	1256	Unicorn-63959.exe	Unicorn-62841.exe
PID 1256 wrote to memory of 2400	1256	Unicorn-63959.exe	Unicorn-62841.exe
PID 1256 wrote to memory of 2400	1256	Unicorn-63959.exe	Unicorn-62841.exe
PID 1256 wrote to memory of 2400	1256	Unicorn-63959.exe	Unicorn-62841.exe
PID 2360 wrote to memory of 2612	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	WerFault.exe
PID 2360 wrote to memory of 2612	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	WerFault.exe
PID 2360 wrote to memory of 2612	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	WerFault.exe
PID 2360 wrote to memory of 2612	2360	77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe	WerFault.exe
PID 2400 wrote to memory of 2688	2400	Unicorn-62841.exe	Unicorn-1471.exe
PID 2400 wrote to memory of 2688	2400	Unicorn-62841.exe	Unicorn-1471.exe
PID 2400 wrote to memory of 2688	2400	Unicorn-62841.exe	Unicorn-1471.exe
PID 2400 wrote to memory of 2688	2400	Unicorn-62841.exe	Unicorn-1471.exe
PID 1628 wrote to memory of 320	1628	Unicorn-42975.exe	Unicorn-36282.exe
PID 1628 wrote to memory of 320	1628	Unicorn-42975.exe	Unicorn-36282.exe
PID 1628 wrote to memory of 320	1628	Unicorn-42975.exe	Unicorn-36282.exe
PID 1628 wrote to memory of 320	1628	Unicorn-42975.exe	Unicorn-36282.exe
PID 1256 wrote to memory of 2712	1256	Unicorn-63959.exe	Unicorn-16416.exe
PID 1256 wrote to memory of 2712	1256	Unicorn-63959.exe	Unicorn-16416.exe
PID 1256 wrote to memory of 2712	1256	Unicorn-63959.exe	Unicorn-16416.exe
PID 1256 wrote to memory of 2712	1256	Unicorn-63959.exe	Unicorn-16416.exe
PID 1256 wrote to memory of 1804	1256	Unicorn-63959.exe	WerFault.exe
PID 1256 wrote to memory of 1804	1256	Unicorn-63959.exe	WerFault.exe
PID 1256 wrote to memory of 1804	1256	Unicorn-63959.exe	WerFault.exe
PID 1256 wrote to memory of 1804	1256	Unicorn-63959.exe	WerFault.exe
PID 320 wrote to memory of 1228	320	Unicorn-36282.exe	Unicorn-19152.exe
PID 320 wrote to memory of 1228	320	Unicorn-36282.exe	Unicorn-19152.exe
PID 320 wrote to memory of 1228	320	Unicorn-36282.exe	Unicorn-19152.exe
PID 320 wrote to memory of 1228	320	Unicorn-36282.exe	Unicorn-19152.exe
PID 1628 wrote to memory of 2796	1628	Unicorn-42975.exe	Unicorn-34096.exe
PID 1628 wrote to memory of 2796	1628	Unicorn-42975.exe	Unicorn-34096.exe
PID 1628 wrote to memory of 2796	1628	Unicorn-42975.exe	Unicorn-34096.exe
PID 1628 wrote to memory of 2796	1628	Unicorn-42975.exe	Unicorn-34096.exe
PID 2712 wrote to memory of 2940	2712	Unicorn-16416.exe	Unicorn-15067.exe
PID 2712 wrote to memory of 2940	2712	Unicorn-16416.exe	Unicorn-15067.exe
PID 2712 wrote to memory of 2940	2712	Unicorn-16416.exe	Unicorn-15067.exe
PID 2712 wrote to memory of 2940	2712	Unicorn-16416.exe	Unicorn-15067.exe
PID 2400 wrote to memory of 1584	2400	Unicorn-62841.exe	Unicorn-7454.exe
PID 2400 wrote to memory of 1584	2400	Unicorn-62841.exe	Unicorn-7454.exe
PID 2400 wrote to memory of 1584	2400	Unicorn-62841.exe	Unicorn-7454.exe
PID 2400 wrote to memory of 1584	2400	Unicorn-62841.exe	Unicorn-7454.exe
PID 2400 wrote to memory of 340	2400	Unicorn-62841.exe	WerFault.exe
PID 2400 wrote to memory of 340	2400	Unicorn-62841.exe	WerFault.exe
PID 2400 wrote to memory of 340	2400	Unicorn-62841.exe	WerFault.exe
PID 2400 wrote to memory of 340	2400	Unicorn-62841.exe	WerFault.exe
PID 1628 wrote to memory of 2368	1628	Unicorn-42975.exe	WerFault.exe
PID 1628 wrote to memory of 2368	1628	Unicorn-42975.exe	WerFault.exe
PID 1628 wrote to memory of 2368	1628	Unicorn-42975.exe	WerFault.exe
PID 1628 wrote to memory of 2368	1628	Unicorn-42975.exe	WerFault.exe
PID 2688 wrote to memory of 2508	2688	Unicorn-1471.exe	Unicorn-13759.exe
PID 2688 wrote to memory of 2508	2688	Unicorn-1471.exe	Unicorn-13759.exe
PID 2688 wrote to memory of 2508	2688	Unicorn-1471.exe	Unicorn-13759.exe
PID 2688 wrote to memory of 2508	2688	Unicorn-1471.exe	Unicorn-13759.exe
PID 2940 wrote to memory of 1440	2940	Unicorn-15067.exe	Unicorn-41793.exe
PID 2940 wrote to memory of 1440	2940	Unicorn-15067.exe	Unicorn-41793.exe
PID 2940 wrote to memory of 1440	2940	Unicorn-15067.exe	Unicorn-41793.exe
PID 2940 wrote to memory of 1440	2940	Unicorn-15067.exe	Unicorn-41793.exe

C:\Users\Admin\AppData\Local\Temp\77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe
"C:\Users\Admin\AppData\Local\Temp\77278d0009e60518695b17998e02d6b593b30174571cc49fa881a757e689ee30.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42945.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36635.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14351.exe
10⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14434.exe
11⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44222.exe
12⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44170.exe
13⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18182.exe
14⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31384.exe
15⤵
PID:11284

C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45087.exe
16⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11284 -s 216
16⤵
PID:14240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
15⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
14⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
13⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
12⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
11⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
10⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
11⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39894.exe
12⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
13⤵
PID:9048

C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3179.exe
14⤵
PID:11504

C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12606.exe
15⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11504 -s 216
15⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9048 -s 216
14⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
13⤵
PID:3024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
12⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
11⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
10⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2654.exe
9⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57413.exe
10⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52390.exe
11⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55400.exe
12⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17819.exe
13⤵
PID:9268

C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
14⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9268 -s 216
14⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
13⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
12⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
11⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
10⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
9⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12685.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45462.exe
9⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37377.exe
10⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26407.exe
11⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
12⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
13⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51659.exe
14⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
14⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
13⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
12⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
10⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56406.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59271.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20756.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29464.exe
12⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38748.exe
13⤵
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 236
13⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 236
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
11⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
9⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 240
8⤵
- Program crash
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7449.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9992.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59468.exe
9⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63827.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62779.exe
11⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44876.exe
12⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35302.exe
13⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
14⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
14⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 236
12⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 216
11⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17319.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3656.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62364.exe
11⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-491.exe
12⤵
PID:10916

C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32718.exe
13⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10916 -s 216
13⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
11⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17044.exe
8⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17881.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59738.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
11⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
12⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20007.exe
13⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10436 -s 216
13⤵
PID:14088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
12⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 216
9⤵
PID:5388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
8⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
7⤵
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2706.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44803.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3853.exe
9⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43407.exe
10⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64642.exe
11⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52530.exe
12⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62660.exe
13⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62925.exe
14⤵
PID:12000

C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
15⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
14⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
13⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
12⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
11⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58352.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36137.exe
10⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-527.exe
11⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
12⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
13⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17512.exe
13⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 220
13⤵
PID:13544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 216
12⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23458.exe
8⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12680.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
11⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
12⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
13⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4046.exe
14⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 236
14⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
12⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
11⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
9⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
8⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59748.exe
7⤵
- Executes dropped EXE
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
8⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2862.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
11⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
12⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20933.exe
13⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10544 -s 216
13⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
11⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 216
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51300.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27367.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44357.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8742.exe
11⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43984.exe
12⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 220
12⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
11⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 220
7⤵
- Program crash
PID:2188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
6⤵
- Program crash
PID:1128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48207.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15529.exe
8⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16210.exe
10⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
11⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35821.exe
12⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 236
13⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
12⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
11⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 236
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
8⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
10⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2141.exe
11⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51633.exe
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
12⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
9⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
8⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
7⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
8⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38960.exe
9⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61622.exe
10⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25411.exe
11⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59225.exe
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 236
11⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
10⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
9⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
8⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
7⤵
- Program crash
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
6⤵
- Program crash
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14979.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35985.exe
9⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2094.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11217.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
12⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
13⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
13⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
10⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 216
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26241.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30081.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
11⤵
PID:7220

C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
12⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61415.exe
13⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 236
13⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7220 -s 236
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
9⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
8⤵
- Program crash
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 236
7⤵
- Program crash
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50340.exe
7⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45846.exe
8⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26324.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2945.exe
10⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38950.exe
11⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43361.exe
12⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2842.exe
13⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 220
13⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 220
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
11⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
10⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
9⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 236
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34148.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42468.exe
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52146.exe
9⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54938.exe
10⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
11⤵
PID:11452

C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19706.exe
12⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11452 -s 220
12⤵
PID:14324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 220
11⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
10⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
9⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
8⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 240
7⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
6⤵
- Program crash
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 240
5⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33215.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21010.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49873.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
9⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60044.exe
10⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63080.exe
11⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54092.exe
12⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
13⤵
PID:8660

C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
14⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23707.exe
15⤵
PID:1752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 220
15⤵
PID:14000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8660 -s 216
14⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
13⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
12⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
11⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
10⤵
- Program crash
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
9⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34025.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37865.exe
11⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46495.exe
12⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-14964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14964.exe
13⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42038.exe
14⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
14⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
12⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
11⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 216
10⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 240
9⤵
- Program crash
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13562.exe
8⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35540.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
10⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50631.exe
11⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46490.exe
12⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
13⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
13⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
12⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 236
11⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
10⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 216
9⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
8⤵
- Program crash
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42067.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5223.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62504.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64782.exe
11⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25219.exe
12⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40367.exe
13⤵
PID:12040

C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33904.exe
14⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12040 -s 236
14⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
13⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
12⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
9⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 236
8⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
7⤵
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27786.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33537.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28275.exe
8⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21150.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56666.exe
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54668.exe
11⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14253.exe
12⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21654.exe
13⤵
PID:11488

C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56763.exe
14⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11488 -s 220
14⤵
PID:14152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
13⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
12⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
10⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
9⤵
- Program crash
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48347.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12727.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44933.exe
11⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6988.exe
12⤵
PID:11780

C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56327.exe
13⤵
PID:13936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 220
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
11⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4325.exe
7⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-153.exe
8⤵
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 240
9⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-19504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19504.exe
8⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
9⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9354.exe
10⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10880.exe
11⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33931.exe
12⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10352 -s 216
12⤵
PID:13992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
11⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
10⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
9⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
7⤵
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 240
6⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56328.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55820.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45789.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59001.exe
8⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28009.exe
9⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20761.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53812.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57175.exe
12⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60730.exe
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 216
13⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 236
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 236
11⤵
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
10⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56775.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36111.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59131.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8934.exe
12⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14518.exe
13⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11256 -s 216
13⤵
PID:13804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
10⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
9⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
8⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24745.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49930.exe
8⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15057.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55846.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
11⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26257.exe
12⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40694.exe
13⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 216
13⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 236
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
11⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
7⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22053.exe
7⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33402.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5706.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33159.exe
12⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
8⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30064.exe
7⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44414.exe
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40086.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-776.exe
10⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37798.exe
11⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11552 -s 220
12⤵
PID:14232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 236
11⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
9⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
8⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
7⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
6⤵
- Program crash
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
5⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-64906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64906.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59281.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8757.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
8⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17066.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51212.exe
10⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
11⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44845.exe
12⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
13⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
12⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
11⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58653.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19443.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
11⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1233.exe
12⤵
PID:11660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
13⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11660 -s 216
13⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 236
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
10⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 220
8⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
7⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49354.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64751.exe
9⤵
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 200
10⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46640.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10646.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-2136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2136.exe
11⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33102.exe
12⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 216
12⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 236
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 236
10⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 220
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
7⤵
- Program crash
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36229.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
7⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-53438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53438.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
10⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24705.exe
11⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45499.exe
12⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53989.exe
13⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 216
13⤵
PID:13896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 216
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
9⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 216
8⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19182.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28187.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-2478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2478.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25499.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55229.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30004.exe
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 236
12⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
11⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
8⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
6⤵
- Program crash
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31870.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51819.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6183.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1544.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9468.exe
10⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23745.exe
11⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56827.exe
12⤵
PID:11584

C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
13⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11584 -s 216
13⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
11⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
10⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4045.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34850.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29967.exe
10⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50761.exe
11⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 216
12⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
11⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
8⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29488.exe
7⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64403.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10454.exe
9⤵
PID:5276

C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50304.exe
10⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-63205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63205.exe
11⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26496.exe
12⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
12⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5276 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
7⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14823.exe
6⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39048.exe
7⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38192.exe
8⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7029.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
10⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32069.exe
11⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
12⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
12⤵
PID:13888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
11⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4584 -s 216
9⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
8⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
7⤵
- Program crash
PID:3316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
6⤵
- Program crash
PID:2596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 240
5⤵
- Program crash
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-42975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42975.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61803.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53874.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43459.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10376.exe
9⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55768.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12125.exe
11⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22235.exe
12⤵
PID:6520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
13⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58021.exe
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 236
14⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 216
13⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
12⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
11⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 216
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42193.exe
10⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58285.exe
11⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10916.exe
12⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-574.exe
13⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52152.exe
14⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11152 -s 216
14⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
13⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
12⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
11⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 240
9⤵
- Program crash
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
8⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6645.exe
11⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7984.exe
12⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15348.exe
13⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33294.exe
14⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
14⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 216
13⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
12⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26682.exe
10⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32297.exe
11⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20803.exe
12⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25126.exe
13⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
13⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
11⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
9⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
8⤵
- Program crash
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
8⤵
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37808.exe
10⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41456.exe
11⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32873.exe
12⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25354.exe
13⤵
PID:11316

C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
14⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11316 -s 216
14⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
13⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
12⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
11⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58975.exe
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47294.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28789.exe
11⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48213.exe
12⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-9700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9700.exe
13⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
13⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
12⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
9⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39078.exe
10⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58083.exe
11⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17809.exe
12⤵
PID:12072

C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11677.exe
13⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 236
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
10⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
8⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
7⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60651.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12732.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
8⤵
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3505.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14455.exe
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11352.exe
11⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61373.exe
12⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
13⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
12⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
11⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
10⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 216
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15674.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8233.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36194.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39526.exe
11⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20440.exe
12⤵
PID:11804

C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1672.exe
13⤵
PID:14064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 236
12⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
11⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
10⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
9⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33210.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46085.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43319.exe
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58363.exe
11⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10496.exe
12⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30580.exe
13⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
13⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 236
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
11⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16489.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27943.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16153.exe
10⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-766.exe
11⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44560.exe
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 216
12⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
8⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
6⤵
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59343.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8648.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7636.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25665.exe
10⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33589.exe
11⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52909.exe
12⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
13⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6926.exe
14⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10924 -s 216
14⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
12⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
11⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 236
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56946.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19775.exe
10⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8970.exe
11⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27217.exe
12⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19864.exe
13⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
13⤵
PID:13708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
12⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 236
11⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
10⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
9⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42001.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11222.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37751.exe
11⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63397.exe
12⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21234.exe
13⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11028 -s 216
13⤵
PID:13484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 236
12⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
11⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
8⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
7⤵
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
8⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
7⤵
- Program crash
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31761.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48394.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50376.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23091.exe
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-37860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37860.exe
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 240
11⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
10⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13344.exe
7⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22842.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12483.exe
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16537.exe
10⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
11⤵
PID:11360

C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9892.exe
12⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11360 -s 220
12⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
11⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
10⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
8⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
7⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
6⤵
- Program crash
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
5⤵
- Program crash
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38263.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63988.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
8⤵
- Program crash
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55171.exe
7⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23973.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44331.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
10⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
11⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15951.exe
12⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
13⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 216
13⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
12⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
11⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35840.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49209.exe
10⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36537.exe
11⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23372.exe
12⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 216
12⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
11⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
10⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
9⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
8⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58404.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64491.exe
7⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22987.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40221.exe
9⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
10⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18774.exe
11⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42832.exe
12⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11044 -s 216
12⤵
PID:13368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 236
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
8⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 216
7⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
6⤵
- Program crash
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56567.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35291.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
7⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33293.exe
8⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32053.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51098.exe
10⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
11⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6184.exe
12⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 236
10⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 216
7⤵
- Program crash
PID:3432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 236
6⤵
- Program crash
PID:1152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
5⤵
- Program crash
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
2⤵
- Program crash
PID:2612

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
Filesize
184KB

MD5
29f64ab1c4667b031e2d5842134c6b1a

SHA1
19f74f8312506ef16c01fbb88d31bdc2c7aca710

SHA256
208c7e7b422b36e2888d4a079c4a3f7a9d1a2127c6c375686cc74618d35be43f

SHA512
5c1416483c5f7fd68dd03b4cf3cb356861cc72d9168156146e94067f2e0f87703604d8dc244cfaf612e4bb73481e49bffb1470a0192bf8de78f70fcf8b3bcf19

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-15067.exe
Filesize
184KB

MD5
1bd1c5e01ec2e35cd49e981483917a86

SHA1
6604db1964e99efcafb022d65449bf4afb02f241

SHA256
5af868d320fc3cb5388faddc81f08f07b71f2424d9bb7f36e542c547baedfc01

SHA512
82400442532e9229472f5a2b64e18a817063034ea0d8d2f0c0e1f42ba89295e915e71920cc824a40561d09f534cd4da76d15065187cce61a46d2244da76fa1d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
Filesize
184KB

MD5
d9616b6f6fac1f47268ad7c0a1eec958

SHA1
f8dd630ce8ac5828624d805886b2a992d76b4ac4

SHA256
472dd6c52efd88d64342a5401bb386a63527fdc37966ffdb80f50ead4b10c587

SHA512
ac9c42d5b7acd12fac0a9d1974e35fc0a746257ef4fd170aff7be5f9193ca9ab1cf7b518f56e01af0b23c46defd8c96532e2f9d1b1d965c129e7e0cdc9b618fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24695.exe
Filesize
184KB

MD5
abfa66a229e5c6756f1477e1468fdbdd

SHA1
61a1ea3cda36035cdffe3357033b0ff80f86a454

SHA256
9827636930a571fc4f0c63b0ddf3a2ac893c89916dbb2afaf62909f21346f3fa

SHA512
6aa889fd932b04bad8ca324b738a4935882362ac38d5ce681a1ce22c035e1b4a8c269498c60522e640dbd1714e78fa24ad81ce0e426177d3fc8eb2f38c2ef698

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24799.exe
Filesize
184KB

MD5
0e4dbd7f8ed37584423359cec53dc6d7

SHA1
49ebe77bde49084ebfa6f7d9c01103112e4a0ee5

SHA256
794659abcecf5c45345d71c41408453299e579faf5c424a3827cf06978444eef

SHA512
05d34e59b1bb5ac70b5c7c208e69068cd548e09a76e42fdee3ebecd6da6cbc0621839f461eae650133e5510868c1b6a1351df62ef2ff808689da66e30aa1434d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29126.exe
Filesize
184KB

MD5
4fff762add9474062e62edcaad2fcfdc

SHA1
222942ee0aee89d2239473c73456353a59934bf6

SHA256
4439aafabada11b99ac7cedce8db0ffecdd5522cfc31bb8f21a705a0c7a58182

SHA512
348d394409966d2259416c1a2ec8af2999eea98b58a16c082beaa466f22e5a31705652867407c0859b2e1683f747165c6494caee6a521b88cb206bfd158564da

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37092.exe
Filesize
184KB

MD5
2d460f9e0585bce9f484d5a1fc0e66a9

SHA1
10b09cecf8eee8808c671e6b41d8219bb02afcf4

SHA256
f6c5f964c49e250efe00f383cb4a30ef44f6dfe80d376c9aa7a049a252b3e534

SHA512
e973b0b9c47670ca8c21b7272cae9104c5cfe97f98c48703760e91909fd57f9f887798f8dbd427e1ef88b0b21ddc3620c3d2d663c57b81a7f6e9afe4740e9775

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39711.exe
Filesize
184KB

MD5
584776645f1e05d3301c427a2ec6d519

SHA1
96ffe4407aaa874d081b2b46aa8170122ba63beb

SHA256
ec97f846ec39104db3e97f804dbc35d361bc079b2fdb1f107697767b61eeaece

SHA512
d3903efd20257754e7c9351e4c7e8b19555c5001a615aecc868f86a024365590b33efdc3c70975166688407e750e13031f03648d53093706a8a28511e42b3090

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54829.exe
Filesize
184KB

MD5
a2d2b60b06076e0a8e31f2bb1f5cf32e

SHA1
8435f415e848a55c8bbfd63017982e6476f9193d

SHA256
4394720762af27fce424d21f116188cbf1f530e6a6ff84c657b5346d7b8d566a

SHA512
ad909a0925af23f16008f430b10a5f5cf26ee414b518918318f7f7c2a6f30e845173fd70fafde85a85525ee0e9c47949642feb0e915d9076b3c8005e9b625a00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59614.exe
Filesize
184KB

MD5
dd07cd797426a78077b82af05cad9a51

SHA1
211232f452a4a9de4eb5c26a2dff3719be8495cf

SHA256
f8268b75643a95814526c673fc6c70e56debfa6a2aa69dd375340922345ee2fe

SHA512
70745ca943cffb69ad2b2faa116e8f15f851fc002bcbf7cd1cd94bdc8a42082e9e6791236c01bb32869e6fec972a281f12648c46a8cc1ec4a8ec52045801161c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63023.exe
Filesize
184KB

MD5
a50642a3342e73b0ce73ebc42b0fa93c

SHA1
45ef6681c1a410f1db463d0fb5f86e7a208070d6

SHA256
b9f1452fd7c930366330e2ab68a4747e76d81032269b0787fada611a0f9e6618

SHA512
2516fa1d3ad8bbe209ae85ef708557ed555f4a5c6f84f04390747472a2d94c5c54fff4c98711fb0db2a82ebb4a2129dc9274549535e55984e512819241b2b2a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7454.exe
Filesize
184KB

MD5
185a26614ff54f985f12fc1783979565

SHA1
048523380a333fb7799cb1dcb291302c1adcdb5f

SHA256
c688573233b2ee35b95151482045ae2037dd5075f7ff21b9de896d46aca03a6b

SHA512
600ced84b151de89a2bcae690b13f54b7dd06b13eb951b06b04c7bf792552fa3ddc3343b504f5b8e4933789b389a10e745bf73cffec48e73b201e31fa282d645

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13759.exe
Filesize
184KB

MD5
ab2df51fdc5629fd5ee305a2fe08bfe8

SHA1
a31fed32564f453697c345d64191709ea351755f

SHA256
d4048ceaed73a9afb36d2010fbaf15a1eee32a77f3742848d56726e10d8b5e34

SHA512
510945c4ea7da67b62f2f16b371dd038196f9977bcbe57721479b77c14d013a971fc381d1df43f986af4a1c25822a49fd0c4d58948d3cce006b8d2c69b231588

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
Filesize
184KB

MD5
773e412d24e6c6d9b3e2366f0f963334

SHA1
90f99b5fa176b046a9d7cf0c4d3494e8be7af93d

SHA256
35cfef4f056ed13148cc95b07af484ea216b8a21770b523d1fdfbc80da0d2d08

SHA512
1103690cee939161542c8b8b45d105d2bf07bc3ab73e54a10a8a8c46d344b1addb62a0ca8fc50ad07dce314926c1df8aedda96c78a1dfb6590807f596ffd3dd9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19152.exe
Filesize
184KB

MD5
02d0c35eeffba8e68efc084a06f560e2

SHA1
4d09684583e7f9243a84b894c7e1ea1e2992f65d

SHA256
fb9749ef0f50dc7eb088d523dba56c1951cf974094b828783952c0bff0d394aa

SHA512
53c4db0dfa50a0691550052eeb1ec80a2ab9009b38050b214fe536805997e49b7ebc6758b18fdf0797feedf011abb8e9929f05129d9762e9559775c1f0cc24a3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34096.exe
Filesize
184KB

MD5
7f1476aad93253f6fc43bca6501dbed0

SHA1
eaeeb19bf18bb0cd289c2fe16d743730ad9e014a

SHA256
4ba35429c8669919be8fc4f0d607dfb191e13c100cf061c8bff1edcbd2566599

SHA512
a668c971727843edc16ecf377c6975a359d5d4e557c80fa7e3701be1345516877ff414ad3355bff77e61b3d8355d7d3a341ea303c044d13bf76eb2b9645df972

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36282.exe
Filesize
184KB

MD5
1ccb358e8fae9e9fc3e095e3083eb76f

SHA1
9c903998a3fe7221a30147ef9496e84abaed3c35

SHA256
08d3ec2ab12aadbb58d3137e52c367f188211cbae8589c1a8e4a4e69444bcb0f

SHA512
68671a6f85310cbc8b39116418849eb4fb72c15661ff7c3b25de14ea82c6c38f551d99a60db502eff4c361e5e348ed83f481486b0537f5aa639f1895d948c42e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
Filesize
184KB

MD5
ff48c00ee1cffc05f384a79cea8496e2

SHA1
61d03f24182d18c145321283f23b6224c05da519

SHA256
3aa171cad02727eba6b7f1866ec9086619b66164359ae5ae91cd19b429c6c58a

SHA512
adf5e079157bd41af35c8768ba777e15e153c08e6a2c911c01f617c96f84b489556971a4e163ecb254053d35b67433f8606313a3b1d95ed34011020010f875e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42975.exe
Filesize
184KB

MD5
b810b5fa2375da19ce5fc78fd6f7193d

SHA1
da4c81d17f627817e37747e5a6b2f845eb412c59

SHA256
d79b963b12fcfe4612697fb43de86d48d4735b81570bc4fce5ea0d605679971b

SHA512
5dc347353b217c2089c8c221c168bd1c8f480b103bff49a31c7cd36eecbd4e795d042f6a3ab213841c89f6096a37ab1cd90d0adf98cbee439cebde7c75d506e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
Filesize
184KB

MD5
f2ed2f5e204779625f4a283e486b339c

SHA1
b0dadd417d9d633f753c76605d01f8b51347a5e4

SHA256
f5c4bf13fe63e4804882f86d2e4a10cf1959f8d5a444ce02a77655e045793783

SHA512
4f383b3a0ee6784ff58c7a65f778fb4464e4f34a4826408127d0206bffc98508b38608493917d0ed444f8c0051bc8ce96d34ceb124b44b5c3aaafa8f41e9112d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62841.exe
Filesize
184KB

MD5
932dfc96241ce3c4f22c0b9294ce58ae

SHA1
28c6c44f8cb574ec15029e71f5bf4faf457e6872

SHA256
c9eebb0832ed4c225514da44f6e299dfb869eb8fd5ea6a8dffe3e46d95420f29

SHA512
e5743ef50ce52e67568722d5e86d857e0b67f533216de01cbc02418851de8ec88380794be5df142304349ce5bbe802e50b77cdcc6c7e432a141ace98a6ae99d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63959.exe
Filesize
184KB

MD5
e928e8a548cb859956c08db30347f626

SHA1
7696329aaf7cc002956a1b05c22225f843edb46a

SHA256
f0482a46da03ad9135bcaf1743380380f462f78413bfad79c81c2fff606e0ed6

SHA512
ac64d89a38c86938349bb65906636954dac016df7c8f17dfbb318d23973486681b01d880fbfaba9603ffd12029ab7591984bee935670e261f63b158374e71052

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64906.exe
Filesize
184KB

MD5
c7985a32eb759b9ea92cc44362119979

SHA1
4997a228f78ac42004f1d29f785f2f54e92ed28f

SHA256
f281948dd0da9e66cf4eb09c183417aba8082b388609f4ec66607471ea725888

SHA512
e8baf61f343b4c15e4c618577e8510d9fa6902dd5446ded3b6efd28f336e9ae555321b6895f4da48c4dc1c8d7661d040a498c37620ef67243e7cf38c317ceeea

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads