79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
Size

184KB
MD5

fd8e60085024ec02136dbeae1da38e17
SHA1

643c89514046705aa0efcc2e03e3bf2add6c376a
SHA256

79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67
SHA512

a72e058e7dfe6ea8997cf1dee2a44a952f5fba81d774f9cb286e80bba9373899ae651ee0e7adc0b29c49fc1c04d7387d1f674d92c7c7be66b8a6b3fc3b0d43c8
SSDEEP

3072:RRvEXZoTpPu5dwtfWySD9i3ThlnViFsnU:RRaoU3wtYDs3ThlnViFs

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-29506.exeUnicorn-34550.exeUnicorn-14684.exeUnicorn-14767.exeUnicorn-34633.exeUnicorn-34633.exeUnicorn-45733.exeUnicorn-30788.exeUnicorn-61.exeUnicorn-12313.exeUnicorn-19090.exeUnicorn-4228.exeUnicorn-46714.exeUnicorn-36085.exeUnicorn-55951.exeUnicorn-48338.exeUnicorn-2666.exeUnicorn-42630.exeUnicorn-22764.exeUnicorn-55712.exeUnicorn-10040.exeUnicorn-36683.exeUnicorn-1872.exeUnicorn-44659.exeUnicorn-59604.exeUnicorn-40575.exeUnicorn-40575.exeUnicorn-52827.exeUnicorn-32961.exeUnicorn-55520.exeUnicorn-9848.exeUnicorn-49018.exeUnicorn-10123.exeUnicorn-25068.exeUnicorn-28406.exeUnicorn-51519.exeUnicorn-1763.exeUnicorn-59687.exeUnicorn-30544.exeUnicorn-6594.exeUnicorn-3901.exeUnicorn-55048.exeUnicorn-24322.exeUnicorn-50964.exeUnicorn-63792.exeUnicorn-13200.exeUnicorn-13200.exeUnicorn-9116.exeUnicorn-39842.exeUnicorn-59708.exeUnicorn-13413.exeUnicorn-25666.exeUnicorn-32442.exeUnicorn-52308.exeUnicorn-5800.exeUnicorn-45894.exeUnicorn-64923.exeUnicorn-54062.exeUnicorn-969.exeUnicorn-19998.exeUnicorn-53185.exeUnicorn-17306.exeUnicorn-58893.exeUnicorn-38795.exe

pid	process
1496	Unicorn-29506.exe
2628	Unicorn-34550.exe
2976	Unicorn-14684.exe
2748	Unicorn-14767.exe
2924	Unicorn-34633.exe
2472	Unicorn-34633.exe
2896	Unicorn-45733.exe
2948	Unicorn-30788.exe
2548	Unicorn-61.exe
2784	Unicorn-12313.exe
1020	Unicorn-19090.exe
864	Unicorn-4228.exe
1652	Unicorn-46714.exe
1760	Unicorn-36085.exe
2260	Unicorn-55951.exe
2732	Unicorn-48338.exe
2104	Unicorn-2666.exe
2552	Unicorn-42630.exe
2824	Unicorn-22764.exe
1636	Unicorn-55712.exe
1316	Unicorn-10040.exe
2368	Unicorn-36683.exe
2024	Unicorn-1872.exe
992	Unicorn-44659.exe
1308	Unicorn-59604.exe
700	Unicorn-40575.exe
1256	Unicorn-40575.exe
1540	Unicorn-52827.exe
988	Unicorn-32961.exe
1912	Unicorn-55520.exe
2932	Unicorn-9848.exe
1120	Unicorn-49018.exe
1248	Unicorn-10123.exe
2560	Unicorn-25068.exe
2752	Unicorn-28406.exe
2712	Unicorn-51519.exe
2624	Unicorn-1763.exe
2512	Unicorn-59687.exe
1436	Unicorn-30544.exe
2700	Unicorn-6594.exe
2180	Unicorn-3901.exe
2704	Unicorn-55048.exe
2904	Unicorn-24322.exe
2036	Unicorn-50964.exe
2212	Unicorn-63792.exe
2420	Unicorn-13200.exe
2320	Unicorn-13200.exe
1568	Unicorn-9116.exe
2544	Unicorn-39842.exe
1328	Unicorn-59708.exe
480	Unicorn-13413.exe
1488	Unicorn-25666.exe
1196	Unicorn-32442.exe
2312	Unicorn-52308.exe
1144	Unicorn-5800.exe
1732	Unicorn-45894.exe
2272	Unicorn-64923.exe
2928	Unicorn-54062.exe
1444	Unicorn-969.exe
2968	Unicorn-19998.exe
2340	Unicorn-53185.exe
2500	Unicorn-17306.exe
2736	Unicorn-58893.exe
2892	Unicorn-38795.exe

Loads dropped DLL 64 IoCs

Processes:

79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exeUnicorn-29506.exeUnicorn-34550.exeUnicorn-14684.exeWerFault.exeUnicorn-34633.exeUnicorn-14767.exeUnicorn-34633.exeWerFault.exeWerFault.exeUnicorn-45733.exeUnicorn-30788.exeUnicorn-12313.exeUnicorn-61.exeUnicorn-19090.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
1496	Unicorn-29506.exe
1496	Unicorn-29506.exe
2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
1496	Unicorn-29506.exe
1496	Unicorn-29506.exe
2628	Unicorn-34550.exe
2976	Unicorn-14684.exe
2628	Unicorn-34550.exe
2976	Unicorn-14684.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2464	WerFault.exe
2472	Unicorn-34633.exe
2628	Unicorn-34550.exe
2628	Unicorn-34550.exe
2472	Unicorn-34633.exe
2748	Unicorn-14767.exe
2748	Unicorn-14767.exe
2924	Unicorn-34633.exe
2924	Unicorn-34633.exe
2976	Unicorn-14684.exe
2976	Unicorn-14684.exe
1908	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
1908	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1752	WerFault.exe
1908	WerFault.exe
2896	Unicorn-45733.exe
2896	Unicorn-45733.exe
2948	Unicorn-30788.exe
2948	Unicorn-30788.exe
2472	Unicorn-34633.exe
2472	Unicorn-34633.exe
2784	Unicorn-12313.exe
2784	Unicorn-12313.exe
2548	Unicorn-61.exe
2548	Unicorn-61.exe
2748	Unicorn-14767.exe
2748	Unicorn-14767.exe
2924	Unicorn-34633.exe
1020	Unicorn-19090.exe
1020	Unicorn-19090.exe
2924	Unicorn-34633.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
2988	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
1600	WerFault.exe
2988	WerFault.exe
1600	WerFault.exe
784	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2728	2792	WerFault.exe	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
2464	1496	WerFault.exe	Unicorn-29506.exe
1752	2628	WerFault.exe	Unicorn-34550.exe
1908	2976	WerFault.exe	Unicorn-14684.exe
2988	2472	WerFault.exe	Unicorn-34633.exe
1600	2748	WerFault.exe	Unicorn-14767.exe
784	2924	WerFault.exe	Unicorn-34633.exe
1580	2896	WerFault.exe	Unicorn-45733.exe
544	2948	WerFault.exe	Unicorn-30788.exe
1740	2784	WerFault.exe	Unicorn-12313.exe
1048	2548	WerFault.exe	Unicorn-61.exe
2276	1020	WerFault.exe	Unicorn-19090.exe
536	864	WerFault.exe	Unicorn-4228.exe
2780	1760	WerFault.exe	Unicorn-36085.exe
1480	2104	WerFault.exe	Unicorn-2666.exe
1372	2552	WerFault.exe	Unicorn-42630.exe
1296	1652	WerFault.exe	Unicorn-46714.exe
1860	2732	WerFault.exe	Unicorn-48338.exe
1348	2824	WerFault.exe	Unicorn-22764.exe
1036	2260	WerFault.exe	Unicorn-55951.exe
2744	1636	WerFault.exe	Unicorn-55712.exe
2208	1316	WerFault.exe	Unicorn-10040.exe
2296	2368	WerFault.exe	Unicorn-36683.exe
2484	2024	WerFault.exe	Unicorn-1872.exe
2660	992	WerFault.exe	Unicorn-44659.exe
2392	1308	WerFault.exe	Unicorn-59604.exe
2196	1256	WerFault.exe	Unicorn-40575.exe
2116	1912	WerFault.exe	Unicorn-55520.exe
2112	1540	WerFault.exe	Unicorn-52827.exe
2076	700	WerFault.exe	Unicorn-40575.exe
2060	988	WerFault.exe	Unicorn-32961.exe
2160	2932	WerFault.exe	Unicorn-9848.exe
3320	1248	WerFault.exe	Unicorn-10123.exe
3328	1120	WerFault.exe	Unicorn-49018.exe
3336	2560	WerFault.exe	Unicorn-25068.exe
3500	1436	WerFault.exe	Unicorn-30544.exe
3572	2180	WerFault.exe	Unicorn-3901.exe
3636	2704	WerFault.exe	Unicorn-55048.exe
3680	2512	WerFault.exe	Unicorn-59687.exe
3696	2420	WerFault.exe	Unicorn-13200.exe
3720	1568	WerFault.exe	Unicorn-9116.exe
3748	2212	WerFault.exe	Unicorn-63792.exe
3880	3800	WerFault.exe	Unicorn-32956.exe
4060	2036	WerFault.exe	Unicorn-50964.exe
3904	2700	WerFault.exe	Unicorn-6594.exe
3156	2624	WerFault.exe	Unicorn-1763.exe
3176	2752	WerFault.exe	Unicorn-28406.exe
3196	480	WerFault.exe	Unicorn-13413.exe
3296	2904	WerFault.exe	Unicorn-24322.exe
3536	2544	WerFault.exe	Unicorn-39842.exe
3608	2712	WerFault.exe	Unicorn-51519.exe
3392	1488	WerFault.exe	Unicorn-25666.exe
3532	2320	WerFault.exe	Unicorn-13200.exe
3380	1328	WerFault.exe	Unicorn-59708.exe
3612	1196	WerFault.exe	Unicorn-32442.exe
3556	1032	WerFault.exe	Unicorn-60538.exe
3464	2340	WerFault.exe	Unicorn-53185.exe
3944	2736	WerFault.exe	Unicorn-58893.exe
3984	1988	WerFault.exe	Unicorn-10268.exe
3092	1732	WerFault.exe	Unicorn-45894.exe
4080	2708	WerFault.exe	Unicorn-45079.exe
3128	1252	WerFault.exe	Unicorn-55515.exe
4056	2968	WerFault.exe	Unicorn-19998.exe
3244	1684	WerFault.exe	Unicorn-4923.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exeUnicorn-29506.exeUnicorn-14684.exeUnicorn-34550.exeUnicorn-34633.exeUnicorn-34633.exeUnicorn-14767.exeUnicorn-45733.exeUnicorn-30788.exeUnicorn-61.exeUnicorn-12313.exeUnicorn-19090.exeUnicorn-4228.exeUnicorn-55951.exeUnicorn-2666.exeUnicorn-36085.exeUnicorn-48338.exeUnicorn-46714.exeUnicorn-22764.exeUnicorn-42630.exeUnicorn-55712.exeUnicorn-10040.exeUnicorn-36683.exeUnicorn-1872.exeUnicorn-44659.exeUnicorn-59604.exeUnicorn-40575.exeUnicorn-40575.exeUnicorn-52827.exeUnicorn-32961.exeUnicorn-9848.exeUnicorn-55520.exeUnicorn-49018.exeUnicorn-10123.exeUnicorn-25068.exeUnicorn-28406.exeUnicorn-51519.exeUnicorn-1763.exeUnicorn-59687.exeUnicorn-30544.exeUnicorn-6594.exeUnicorn-3901.exeUnicorn-55048.exeUnicorn-24322.exeUnicorn-50964.exeUnicorn-63792.exeUnicorn-13200.exeUnicorn-13200.exeUnicorn-59708.exeUnicorn-39842.exeUnicorn-9116.exeUnicorn-13413.exeUnicorn-25666.exeUnicorn-32442.exeUnicorn-52308.exeUnicorn-5800.exeUnicorn-45894.exeUnicorn-64923.exeUnicorn-54062.exeUnicorn-969.exeUnicorn-19998.exeUnicorn-53185.exeUnicorn-17306.exeUnicorn-58893.exe

pid	process
2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
1496	Unicorn-29506.exe
2976	Unicorn-14684.exe
2628	Unicorn-34550.exe
2472	Unicorn-34633.exe
2924	Unicorn-34633.exe
2748	Unicorn-14767.exe
2896	Unicorn-45733.exe
2948	Unicorn-30788.exe
2548	Unicorn-61.exe
2784	Unicorn-12313.exe
1020	Unicorn-19090.exe
864	Unicorn-4228.exe
2260	Unicorn-55951.exe
2104	Unicorn-2666.exe
1760	Unicorn-36085.exe
2732	Unicorn-48338.exe
1652	Unicorn-46714.exe
2824	Unicorn-22764.exe
2552	Unicorn-42630.exe
1636	Unicorn-55712.exe
1316	Unicorn-10040.exe
2368	Unicorn-36683.exe
2024	Unicorn-1872.exe
992	Unicorn-44659.exe
1308	Unicorn-59604.exe
1256	Unicorn-40575.exe
700	Unicorn-40575.exe
1540	Unicorn-52827.exe
988	Unicorn-32961.exe
2932	Unicorn-9848.exe
1912	Unicorn-55520.exe
1120	Unicorn-49018.exe
1248	Unicorn-10123.exe
2560	Unicorn-25068.exe
2752	Unicorn-28406.exe
2712	Unicorn-51519.exe
2624	Unicorn-1763.exe
2512	Unicorn-59687.exe
1436	Unicorn-30544.exe
2700	Unicorn-6594.exe
2180	Unicorn-3901.exe
2704	Unicorn-55048.exe
2904	Unicorn-24322.exe
2036	Unicorn-50964.exe
2212	Unicorn-63792.exe
2420	Unicorn-13200.exe
2320	Unicorn-13200.exe
1328	Unicorn-59708.exe
2544	Unicorn-39842.exe
1568	Unicorn-9116.exe
480	Unicorn-13413.exe
1488	Unicorn-25666.exe
1196	Unicorn-32442.exe
2312	Unicorn-52308.exe
1144	Unicorn-5800.exe
1732	Unicorn-45894.exe
2272	Unicorn-64923.exe
2928	Unicorn-54062.exe
1444	Unicorn-969.exe
2968	Unicorn-19998.exe
2340	Unicorn-53185.exe
2500	Unicorn-17306.exe
2736	Unicorn-58893.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exeUnicorn-29506.exeUnicorn-14684.exeUnicorn-34550.exeUnicorn-34633.exeUnicorn-14767.exeUnicorn-34633.exeUnicorn-45733.exe

description	pid	process	target process
PID 2792 wrote to memory of 1496	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-29506.exe
PID 2792 wrote to memory of 1496	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-29506.exe
PID 2792 wrote to memory of 1496	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-29506.exe
PID 2792 wrote to memory of 1496	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-29506.exe
PID 1496 wrote to memory of 2628	1496	Unicorn-29506.exe	Unicorn-34550.exe
PID 1496 wrote to memory of 2628	1496	Unicorn-29506.exe	Unicorn-34550.exe
PID 1496 wrote to memory of 2628	1496	Unicorn-29506.exe	Unicorn-34550.exe
PID 1496 wrote to memory of 2628	1496	Unicorn-29506.exe	Unicorn-34550.exe
PID 2792 wrote to memory of 2976	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-14684.exe
PID 2792 wrote to memory of 2976	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-14684.exe
PID 2792 wrote to memory of 2976	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-14684.exe
PID 2792 wrote to memory of 2976	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	Unicorn-14684.exe
PID 2792 wrote to memory of 2728	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	WerFault.exe
PID 2792 wrote to memory of 2728	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	WerFault.exe
PID 2792 wrote to memory of 2728	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	WerFault.exe
PID 2792 wrote to memory of 2728	2792	79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe	WerFault.exe
PID 1496 wrote to memory of 2748	1496	Unicorn-29506.exe	Unicorn-14767.exe
PID 1496 wrote to memory of 2748	1496	Unicorn-29506.exe	Unicorn-14767.exe
PID 1496 wrote to memory of 2748	1496	Unicorn-29506.exe	Unicorn-14767.exe
PID 1496 wrote to memory of 2748	1496	Unicorn-29506.exe	Unicorn-14767.exe
PID 2976 wrote to memory of 2924	2976	Unicorn-14684.exe	Unicorn-34633.exe
PID 2976 wrote to memory of 2924	2976	Unicorn-14684.exe	Unicorn-34633.exe
PID 2976 wrote to memory of 2924	2976	Unicorn-14684.exe	Unicorn-34633.exe
PID 2976 wrote to memory of 2924	2976	Unicorn-14684.exe	Unicorn-34633.exe
PID 2628 wrote to memory of 2472	2628	Unicorn-34550.exe	Unicorn-34633.exe
PID 2628 wrote to memory of 2472	2628	Unicorn-34550.exe	Unicorn-34633.exe
PID 2628 wrote to memory of 2472	2628	Unicorn-34550.exe	Unicorn-34633.exe
PID 2628 wrote to memory of 2472	2628	Unicorn-34550.exe	Unicorn-34633.exe
PID 1496 wrote to memory of 2464	1496	Unicorn-29506.exe	WerFault.exe
PID 1496 wrote to memory of 2464	1496	Unicorn-29506.exe	WerFault.exe
PID 1496 wrote to memory of 2464	1496	Unicorn-29506.exe	WerFault.exe
PID 1496 wrote to memory of 2464	1496	Unicorn-29506.exe	WerFault.exe
PID 2628 wrote to memory of 2896	2628	Unicorn-34550.exe	Unicorn-45733.exe
PID 2628 wrote to memory of 2896	2628	Unicorn-34550.exe	Unicorn-45733.exe
PID 2628 wrote to memory of 2896	2628	Unicorn-34550.exe	Unicorn-45733.exe
PID 2628 wrote to memory of 2896	2628	Unicorn-34550.exe	Unicorn-45733.exe
PID 2472 wrote to memory of 2948	2472	Unicorn-34633.exe	Unicorn-30788.exe
PID 2472 wrote to memory of 2948	2472	Unicorn-34633.exe	Unicorn-30788.exe
PID 2472 wrote to memory of 2948	2472	Unicorn-34633.exe	Unicorn-30788.exe
PID 2472 wrote to memory of 2948	2472	Unicorn-34633.exe	Unicorn-30788.exe
PID 2748 wrote to memory of 2548	2748	Unicorn-14767.exe	Unicorn-61.exe
PID 2748 wrote to memory of 2548	2748	Unicorn-14767.exe	Unicorn-61.exe
PID 2748 wrote to memory of 2548	2748	Unicorn-14767.exe	Unicorn-61.exe
PID 2748 wrote to memory of 2548	2748	Unicorn-14767.exe	Unicorn-61.exe
PID 2924 wrote to memory of 2784	2924	Unicorn-34633.exe	Unicorn-12313.exe
PID 2924 wrote to memory of 2784	2924	Unicorn-34633.exe	Unicorn-12313.exe
PID 2924 wrote to memory of 2784	2924	Unicorn-34633.exe	Unicorn-12313.exe
PID 2924 wrote to memory of 2784	2924	Unicorn-34633.exe	Unicorn-12313.exe
PID 2976 wrote to memory of 1020	2976	Unicorn-14684.exe	Unicorn-19090.exe
PID 2976 wrote to memory of 1020	2976	Unicorn-14684.exe	Unicorn-19090.exe
PID 2976 wrote to memory of 1020	2976	Unicorn-14684.exe	Unicorn-19090.exe
PID 2976 wrote to memory of 1020	2976	Unicorn-14684.exe	Unicorn-19090.exe
PID 2976 wrote to memory of 1908	2976	Unicorn-14684.exe	WerFault.exe
PID 2976 wrote to memory of 1908	2976	Unicorn-14684.exe	WerFault.exe
PID 2976 wrote to memory of 1908	2976	Unicorn-14684.exe	WerFault.exe
PID 2976 wrote to memory of 1908	2976	Unicorn-14684.exe	WerFault.exe
PID 2628 wrote to memory of 1752	2628	Unicorn-34550.exe	WerFault.exe
PID 2628 wrote to memory of 1752	2628	Unicorn-34550.exe	WerFault.exe
PID 2628 wrote to memory of 1752	2628	Unicorn-34550.exe	WerFault.exe
PID 2628 wrote to memory of 1752	2628	Unicorn-34550.exe	WerFault.exe
PID 2896 wrote to memory of 864	2896	Unicorn-45733.exe	Unicorn-4228.exe
PID 2896 wrote to memory of 864	2896	Unicorn-45733.exe	Unicorn-4228.exe
PID 2896 wrote to memory of 864	2896	Unicorn-45733.exe	Unicorn-4228.exe
PID 2896 wrote to memory of 864	2896	Unicorn-45733.exe	Unicorn-4228.exe

C:\Users\Admin\AppData\Local\Temp\79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe
"C:\Users\Admin\AppData\Local\Temp\79bfc6e41f02823cf59262ea24f86245c8dfbdb37c1986a43ea2c8c8bdf79c67.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63792.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35287.exe
9⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
10⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
11⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-50487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50487.exe
12⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
13⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
14⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21887.exe
15⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
14⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
13⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
12⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
11⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62313.exe
10⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10331.exe
11⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
12⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
13⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
14⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
14⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
13⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
12⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
11⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
9⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35692.exe
10⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
11⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48017.exe
12⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
13⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
14⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
14⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
13⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
11⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 216
10⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
9⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27481.exe
8⤵
PID:360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12090.exe
9⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53974.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26559.exe
11⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38095.exe
12⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24032.exe
13⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12052.exe
14⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 216
14⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
13⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
12⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
11⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
10⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41207.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
10⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
11⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14457.exe
12⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52073.exe
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 220
12⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
11⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 360 -s 240
9⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
8⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
8⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18121.exe
9⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
10⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
11⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61037.exe
12⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
13⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63946.exe
14⤵
PID:760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
14⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 216
13⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
12⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
11⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
10⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54623.exe
11⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
12⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11476.exe
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 236
13⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37149.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52298.exe
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 148
11⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
7⤵
- Program crash
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55520.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55048.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20897.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27358.exe
9⤵
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28894.exe
10⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
11⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
12⤵
PID:7980

C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
13⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57444.exe
14⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 216
14⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7980 -s 216
13⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
12⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
11⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 236
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8037.exe
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
11⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19948.exe
12⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
13⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
13⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
10⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 220
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
8⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51815.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
9⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35879.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13974.exe
11⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
12⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17372.exe
13⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
13⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 220
12⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
10⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 216
8⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
7⤵
- Program crash
PID:2116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
6⤵
- Program crash
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45894.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12282.exe
9⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18863.exe
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26424.exe
11⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23954.exe
12⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10788.exe
13⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 236
13⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
12⤵
PID:10224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 216
11⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 236
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
9⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-585.exe
8⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24665.exe
11⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17694.exe
13⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
10⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
9⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
8⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53123.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40653.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14991.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
11⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24416.exe
12⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59499.exe
13⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 236
13⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
11⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45292.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53201.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
10⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
11⤵
PID:11164

C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21695.exe
12⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 216
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 220
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
7⤵
- Program crash
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51519.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54062.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58037.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10217.exe
10⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62594.exe
11⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35514.exe
12⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 236
12⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 236
11⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 236
10⤵
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 216
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24897.exe
7⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6610.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36429.exe
9⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41551.exe
10⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
11⤵
PID:11352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53163.exe
12⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 236
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
10⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
9⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
8⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
6⤵
- Program crash
PID:2780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10123.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13413.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5100.exe
9⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5183.exe
10⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55811.exe
11⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
12⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43606.exe
13⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
14⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8954.exe
15⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 236
15⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 216
14⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 236
13⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
12⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
11⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5811.exe
11⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18609.exe
12⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
12⤵
PID:10228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20128.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
10⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23326.exe
11⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28448.exe
12⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44857.exe
13⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18379.exe
14⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 220
13⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
12⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
9⤵
- Program crash
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
8⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13351.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
11⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 148
12⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
11⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
10⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
9⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
9⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
8⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63429.exe
8⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14778.exe
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40425.exe
11⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
12⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
13⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
12⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 216
9⤵
PID:4212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 216
8⤵
PID:3220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
7⤵
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25068.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52308.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56631.exe
8⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18012.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21193.exe
10⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40513.exe
11⤵
PID:7012

C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62163.exe
12⤵
PID:8336

C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4483.exe
13⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
13⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7012 -s 216
12⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
10⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32956.exe
8⤵
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 188
9⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
8⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22567.exe
7⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3621.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45993.exe
10⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60113.exe
11⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18825.exe
13⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
13⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 236
8⤵
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:3336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
6⤵
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55712.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49018.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25666.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37965.exe
8⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38048.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37529.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
11⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
12⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63658.exe
13⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55327.exe
14⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 216
11⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11441.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
10⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17540.exe
11⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34333.exe
12⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 216
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
11⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14098.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58136.exe
10⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
11⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51214.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59857.exe
13⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 216
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
10⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
9⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
8⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30351.exe
7⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11405.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52111.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4659.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43030.exe
11⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48069.exe
12⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59032.exe
13⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 216
13⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
12⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 236
8⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
7⤵
- Program crash
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22397.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24893.exe
8⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-492.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
10⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2205.exe
11⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47906.exe
12⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10340 -s 216
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 220
11⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
9⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
8⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 236
7⤵
- Program crash
PID:3612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
6⤵
- Program crash
PID:2744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
5⤵
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-14767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14767.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42630.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44659.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30544.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17306.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5868.exe
9⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12832.exe
10⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34208.exe
11⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-2957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2957.exe
12⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35293.exe
13⤵
PID:12244

C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46562.exe
14⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12244 -s 216
14⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
13⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
12⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
11⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 216
10⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
9⤵
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
8⤵
- Program crash
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58893.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
8⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10694.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29932.exe
10⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5095.exe
11⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65251.exe
12⤵
PID:11980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3495.exe
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 236
12⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 216
11⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 236
9⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
8⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
7⤵
- Program crash
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6594.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38795.exe
7⤵
- Executes dropped EXE
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48847.exe
8⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21302.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6247.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
11⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32008.exe
12⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\Unicorn-26801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26801.exe
13⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 216
13⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
10⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42271.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
10⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61712.exe
11⤵
PID:10660

C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27486.exe
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10660 -s 216
12⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 220
11⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
10⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58639.exe
7⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56989.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
9⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51691.exe
10⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35899.exe
11⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6209.exe
12⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
10⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
8⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
6⤵
- Program crash
PID:1372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
5⤵
- Program crash
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48338.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59708.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55515.exe
7⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35199.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34727.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-46839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46839.exe
11⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38614.exe
12⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
13⤵
PID:9336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
12⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
9⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35395.exe
7⤵
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47446.exe
9⤵
PID:6312

C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
10⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2589.exe
11⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57527.exe
12⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
11⤵
PID:11928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6312 -s 216
10⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 216
8⤵
PID:5680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
7⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4923.exe
6⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
8⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30700.exe
9⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35630.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-40939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40939.exe
11⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
11⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
10⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
9⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
8⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 236
7⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 240
6⤵
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9116.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43263.exe
6⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57015.exe
7⤵
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23440.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53310.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5749.exe
11⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8627.exe
12⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
12⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 216
8⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
7⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
8⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3284.exe
9⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
10⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45851.exe
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
10⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
9⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
8⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
7⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18867.exe
6⤵
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5027.exe
7⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11732.exe
8⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29839.exe
9⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7244.exe
10⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
10⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 236
9⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
8⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 216
7⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
6⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
5⤵
- Program crash
PID:1860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55951.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52827.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50964.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
8⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38733.exe
9⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47944.exe
10⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63315.exe
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
12⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13533.exe
13⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16879.exe
14⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 216
14⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 236
13⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
12⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
11⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
10⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21664.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
10⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
11⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
12⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35976.exe
13⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
11⤵
PID:9872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36272.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
9⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32781.exe
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
11⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14109.exe
12⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47714.exe
13⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
13⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
12⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
8⤵
- Program crash
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46148.exe
7⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
8⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28614.exe
10⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1338.exe
11⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
12⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25431.exe
13⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
11⤵
PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34300.exe
8⤵
PID:4092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 220
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
8⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
7⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16621.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4114.exe
8⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45697.exe
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 220
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
10⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
9⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 236
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14975.exe
7⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41997.exe
8⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
9⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
10⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29694.exe
11⤵
PID:12400

C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55602.exe
12⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
11⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 236
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
9⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
8⤵
PID:5152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
7⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
6⤵
- Program crash
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10268.exe
6⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30.exe
7⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25085.exe
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-32781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32781.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
10⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
11⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8762.exe
12⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
12⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 220
11⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
9⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
8⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
7⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
6⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
5⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22764.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40575.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24322.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
7⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63984.exe
7⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31214.exe
9⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12023.exe
10⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33568.exe
11⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
11⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
10⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
9⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 216
8⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
7⤵
- Program crash
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
6⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53761.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5323.exe
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21375.exe
9⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54374.exe
10⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38695.exe
11⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 236
11⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
10⤵
PID:1168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
9⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
8⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
7⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
6⤵
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13200.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
6⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8006.exe
7⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4965.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35412.exe
9⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56953.exe
10⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
11⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41684.exe
12⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
12⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 220
11⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
10⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60170.exe
8⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16497.exe
9⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
10⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3884.exe
11⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 216
11⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 220
10⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
9⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
8⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 220
7⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
6⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7508.exe
8⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46647.exe
9⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16767.exe
10⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11284.exe
11⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
11⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 216
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 236
9⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
8⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
7⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
6⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
5⤵
- Program crash
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2666.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-1872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1872.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1763.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-969.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-40871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40871.exe
8⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51343.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
10⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16388.exe
11⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64317.exe
12⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44253.exe
13⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 220
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
11⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 216
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 236
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
7⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
9⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57913.exe
10⤵
PID:8776

C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44992.exe
11⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31378.exe
12⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10816 -s 216
12⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8776 -s 216
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
10⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
9⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 236
8⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
7⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19998.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47093.exe
7⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27031.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37114.exe
9⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8494.exe
10⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55760.exe
11⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
11⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
10⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
9⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
8⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 216
7⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
6⤵
- Program crash
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53185.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 220
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37341.exe
6⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60196.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51748.exe
8⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25603.exe
9⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47981.exe
10⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24108.exe
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
10⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
9⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
8⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
7⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
6⤵
- Program crash
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
5⤵
- Program crash
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59604.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3901.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52116.exe
6⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62853.exe
7⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51260.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47114.exe
11⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52257.exe
12⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13910.exe
13⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 216
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64918.exe
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
9⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47965.exe
10⤵
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
11⤵
PID:12472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
11⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
11⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
10⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
9⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
8⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-668.exe
7⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62225.exe
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
9⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
10⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
11⤵
PID:10320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54839.exe
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10320 -s 216
12⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
11⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 236
10⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
7⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38903.exe
6⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32786.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11976.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14166.exe
10⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28848.exe
11⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5550.exe
12⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
7⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
6⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45079.exe
5⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34841.exe
6⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
7⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20529.exe
8⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18635.exe
9⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32740.exe
10⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51414.exe
11⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
10⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 236
9⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
8⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 216
7⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 216
6⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
5⤵
- Program crash
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
4⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
2⤵
- Program crash
PID:2728

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10087.exe
Filesize
184KB

MD5
48ede7f3cc22fddf4995f6e0579d9e89

SHA1
c75085e713a689d87c7bec14318dd0d6bbcf19ed

SHA256
b365f0efbfb16b54e2cc10cb4b36cbaad559c955c29472225f42b1bfb633cc84

SHA512
3240e5d68704096a9cb8fbe8dd77f64f44e401ec7f6684c879ba91617aa9b73eb499fe4318de4181022298f09f1e45501890db4200c864bf0b39830374780b37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
Filesize
184KB

MD5
04de6ee7ad8d788c1b1bf0a572b79b90

SHA1
f8a46647d31cfa3046e96ba441d214cbb6ce7f89

SHA256
f8022e0e9ffc19625ba5446c2c23d1c1a6a752a4ad59cd0a497e77d63c0c7a39

SHA512
d85d4a74fd0a55da0573ab8f7aa847b32d56ba54ad4d0de7c33f4b37794f76f8a38a5803477aa35c3b69c8afa7c48091109a838307b0e8892769da10cb44727b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-25047.exe
Filesize
184KB

MD5
dd176c58763284ebd631c22bdbfdedb5

SHA1
8dab71d3d4dfcc137d9dc7f5ed29d6de41989f4a

SHA256
5ae3d43fa420c495bfd5dfae01a0dc63d43ef28c7edce6591bc070c9640a34b9

SHA512
8c031c9c7a07a672a7aae7510b621e89707657ae98f2814c038184b6169f58bb3ddf8449f8acbe238d8973a192027e6f80c955478b8ea14dbe0de22d42d45a6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27877.exe
Filesize
184KB

MD5
618632c0622dc3887b4c496de1e3e4e6

SHA1
c3e3e0b19fe7a92a0af66484cfcc409dd2a9725d

SHA256
bf5d6eb80ded36ec30ca66c25ced9a8dd2dc09ae3f59658009072ecd0048183c

SHA512
1c3d59a403a58d5a805c1aaa8da68043588454e55c79af182e5a0dc6637eb05daa477ce2859caf97cce2be1f5e34025d118e51111cada49739e6ca7aa227ccbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
Filesize
184KB

MD5
11f8f447362125d3b0a24f64ee1d0edf

SHA1
7af9e374c9d1ce00c3c8738d56cf2770fa7b67a1

SHA256
d1c25125b492107b9bd8a1d6f2238f7bf26c0964ffbe8a72563429bdfaf6c50a

SHA512
7d224f0c036f2fe638d1a5796a9c23d0ba358d74dc79264dd41918627e885b0ba618dd19f96d8cc60d5ace554ae82a220dd509d894a0609cefe91e47031e436f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32641.exe
Filesize
184KB

MD5
f0fa23f687bbb37d7f822aada955ba0e

SHA1
81ebca151ea6b558ed38a9bcc8ef5e9128c29711

SHA256
1b6ea45ff1cbc92ec977326e21cb61d2e71c3de53d0c93111773c5980a75117d

SHA512
508b67af5672d51eb50347e77a3fe77003f7c146e25781447f988050c8ff5b57087f72c6b14b0d96167e68538808fb55f58a126ef96f01353f104c0f23fcbf47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34633.exe
Filesize
184KB

MD5
f426e5530774cb8ee6c764068181e528

SHA1
d65853ace4762650c185f4a7db9ad0b00b7672af

SHA256
aca1527b3999d64a6072ca45270bd9b4c48749be797ccfa07fc8a2772796fe8b

SHA512
9c7675a86cd3f04cd589d9671fd0b0ab973a50d6b62c074334179397ccc8e3cffcfe76f503f702a284314070e8e4f54cf8bcf9e787ade9da2ad5f7156dd9b36f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
Filesize
184KB

MD5
c254e6fde1947b1f56b5048994efdde3

SHA1
cb118666fa17347e7a5750b36f9e2e360c08cfae

SHA256
08a3291bd8e7fe5b19e9348322dbc26f571573a091fe776bb8209a0b2954f9e3

SHA512
d5cdbb2d3eb92742a99e02b9a259f4ee02c5f9b695ba26229ea08ccd2b467fbeb2363ef9d5bbbfaf7fd711bddff72c5bc1851794433b25ef3d58b856db222f82

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39842.exe
Filesize
184KB

MD5
3c8453ed7e21e76e1c8255515ae9718e

SHA1
11be552eb668db12597107c6aa70b0080697c3d8

SHA256
6ffa4ac472166d46bff1f4ffc586040ef6f77811b1f913ffc71d46f6035859c8

SHA512
e79bfd73188c2e9ba775567b15fc1d970f98f2510d4c9d2c3207683efc95b7b9bf6b20504e64f83b29b954a83ae500519f442ef37688f22620750ebded9263e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40029.exe
Filesize
184KB

MD5
6ab892c94411f0065833f19a5365a76f

SHA1
af6ad3407263dca21c5fcc7d5c61b5704a7d285d

SHA256
a2d5aa0cab3cd1c20cd9b5174489fc85712be6d96e219ff7db13b5df8abe1329

SHA512
b25736738f2740ef75ada1d85b311248c26601875816c07e4f2c9d825769550d3898f74bdb4b1c8d017910ad227bcba5c88113b2b34282c18dd40ffb337a0a02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40138.exe
Filesize
184KB

MD5
89cea632c90f1b2012f2232c23ef77c2

SHA1
73751b7f3d6175936150af06bd64c6d0a484c5d7

SHA256
917d204cf216451c450d4052fd1e6d3d4c575f313560817e217847cc77967495

SHA512
b0b91337b38bc66e6e665e3351524c8b8f744aa41773da85d91e1a58b3b77c1ff23ef37104e82bdf31345ee41728dda1b893b2f09728b065bbffc01e190516fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40989.exe
Filesize
184KB

MD5
1a0d10258cfe8b6206741603a82d1dc8

SHA1
aad2ae8d9a145078962305e1890847067da5be94

SHA256
7d7af42c3174dd50dfbc3e853f2f29f1db4e5da76d4888e95ae06549d53e67ab

SHA512
77dc5c2dfd6dbe4f0c59a4664aa7d553768f49d4d869cd1f29d2cf527129a390f7929e41df79ccbd47964592cc631decae683c2c185c25e58469fa98e7186f95

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52677.exe
Filesize
184KB

MD5
e5f61580a28e8e6e71795914b0ce2d01

SHA1
24fc1407d7d970fc28b44bad4e143698d43baccd

SHA256
37acc7de04b79df23c3c1d376f59fc0d8222682fad57ead4fcdd75a42bf43c87

SHA512
56d3e68298bb6f54d282488ed1b9463d47f7bb69dfa2b2af003f1b64266d49bcff2db6ae0efae807e13483be0a23bd8a0b58819a7798e6c65246864e5489dd63

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5624.exe
Filesize
184KB

MD5
16de0f04bde3b0941d81856d65cb232c

SHA1
5b7ef2490bb2d63bbe749aa68e076b033758891a

SHA256
00bcdeaf2b9fdd48a8729c68f522b57aab3f17307ceb940084fbcfc34f957a42

SHA512
538615b4c67bf478cee0689d7854d7e3d519c7482979ddbb5c700fb608fcca3831699d94355ab6ab8947fee80939d70a48b40c02981dce72bac4a9c1da336452

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59703.exe
Filesize
184KB

MD5
8e7ff1547edb6c9da77c3347425aaba1

SHA1
2a1c2607666b669868af65a6235784740cc81d13

SHA256
355d25f3fd7ae9b44504211668da47c463299caf4de4935d83de00c0f75607e3

SHA512
a53b4da0763b80cbf5a3020cb7f503fda70b49c1fa513862992834e13a91aab7d6898c0df50d77185edd434fde903c43769ddee3dc555afbef44333ee5976fdb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
Filesize
184KB

MD5
fe1aa1e564a916eb04701c46d3a94d94

SHA1
eb2760533739bc1bd051a164f2fceb5779c485db

SHA256
db830547ed399ec50ce43b8e3b6df5bb919fe9b8590827b35b3bcb4ac0aa78b4

SHA512
1f08baf160ff211070438bfe1d02268ba57d709179229846acec149e7af8a1144bb8ef3e05fb610b85ccc2c12498d3ec6f1332eb3006a3c5ca7bff5b95e6b23c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
Filesize
184KB

MD5
527557563073737ed1fbfd413905fbe4

SHA1
8f164d7a2c3d98067c70e306556f8460476b6340

SHA256
e21df3141a5bd04577c74586c0673090405fdd17d5c6f50f63da976df03637a6

SHA512
edcce954623367641da9821fbbac8d3ff6fcfcec3a6e523eda988c3b6c59552506e6002e246d463d792a81f8e7d97fd672f0b96ac5cf0f346b99805e8c8f47ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9594.exe
Filesize
184KB

MD5
57cdb18ccabec4e401899413d3aec689

SHA1
0e17a7836aaf0130e802e6508d96882fbd18d084

SHA256
8ebfbb4a1f31091be3e16e17391df703d7e8c94928bbc96537ed057b40f1aa8c

SHA512
5c57e06874f934afb4522900a8b9ae0e0f97ada93c2d5699afadde954629f538ea896cab1e8d24737a1385dde195ce2c460193c7be3d157ac66624b555ee0a60

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12313.exe
Filesize
184KB

MD5
5b8cf43e5b4fdee3ab123477463d213d

SHA1
fe6e0e06760f3e5dc9961c2fb50160dd15c3bc8c

SHA256
5e57c0aabe8f83e8bd353f89688567d330c570a383ec7914995a7d8e9065e5bd

SHA512
bab2884ed445b0d0775e36425fccb2b68e1b55f94d813131ddad95ee7ba5c7774e3376a2bfda59c296385823b7efc4e931ab3d2ac9ca0e1881bef923d1c75b81

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14684.exe
Filesize
184KB

MD5
e7852c789be9da17665bb47aa9dc527d

SHA1
e0290bc93fcdcc5fe1174e61135039ad421b29e1

SHA256
c0ca68eb9ca91d93c16386102adeed6daa818118f9918b3d64c58da29b304a27

SHA512
5a5b00d640525080c64f17ce0cde9dc53c4e912e85114cf15d9649ecd88ec0793667e53c59dc2d816a7d45628b723969a414b0a0fb56bbb0265dfdfcffe71d66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14767.exe
Filesize
184KB

MD5
aa0100c5f3d02242484be88763aa4cb8

SHA1
d25c03de4010b2eecad0d718ea7179a4d7aca594

SHA256
16ba2aafe489b2ee5c2d847cd05d4d8e30529ff0fad8ccad78b90f472781b337

SHA512
05db8dfee6cbbb455e3d82c6a509e88025ba912295acdc571aaa5b907f851f5ec3f65da9a44cf51cef5a441c53e3ea05a3f47ccdabd7ed302e2a36337621b91a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
Filesize
184KB

MD5
111d27c94fefef89b1ce3e690b0eaea5

SHA1
4bdab785ac7897e866c3b30da187050bd249591c

SHA256
b7ac17953b634b7aa52fe86356fd3f631be1f688d34a50ac72fe9ed19e3fb84d

SHA512
0ddb28d52ab7ce15d9e3a2f4b421be97112a81c1d72337eb3f2821fa59f6ab1f30aef6c38c160ed0c38c1dbbb261bbd37e1eb82dde22cceee8a212f2db5c25a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30788.exe
Filesize
184KB

MD5
723c22afe4640e82b5446b288b31e787

SHA1
9c2b9647f4db9cc289e998ebcbd10e7b5e118d49

SHA256
b10266fbf118e59b0303b836c1e474f653a8af189dac07b766da4a1d3c53763d

SHA512
d49899474beea5c6eef8da02deb9f492ba09d27af2e4b84257297e34754c3bedbaf40ed42029840a3c3d226c9a1cd0e0ed3c49f08ebc15c2d6521eca1745e955

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34550.exe
Filesize
184KB

MD5
7b3f56cc16b5e267dede8af6078962b8

SHA1
936fbb3ad3acf48bb11f2618f209b4ba843fea24

SHA256
9b121ccb1dbaabd1954b29a7447e70801b6c938638156140b2077cfd89e88e92

SHA512
378ede65c704c89a9850a371bd0904e6754370220110381c49d0c40772e9f9a26e5b4cd2d071709e1e115375068c6861df4f92a872547933800019a25de6c215

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36085.exe
Filesize
184KB

MD5
263db4f730db251378dbbfd4b2ae2eb4

SHA1
2a78a004daeeb16051a5289bda71ec778c26c173

SHA256
71584aaf07230ff9a2590a93a64850e09c73254f337e308e95938ec0892788db

SHA512
9a5c5adc062113cc73dec918acc3364e853f649e2986da29ce46381873d48298f31e71042dc52b061162f03fe7d2070724b2b7a93e42e1519fe236b075df3f4f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4228.exe
Filesize
184KB

MD5
b5d7ff6529aaebbb5830d2cedecee863

SHA1
a234d02ff094253d7c802695222c7f8d6642749d

SHA256
ca746e3c90c038e10b771272d7d4c5245b5f3de0fbb7289bbe9e4dd9822d4913

SHA512
964df0c087d648b003e75fe59d8604a073751f8822bc92127daf4c2ae7816ec20ad60edc4d431eeb3c24254970a45e254000f4b8cf19156db3920407c23f7aef

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45733.exe
Filesize
184KB

MD5
e973e73dfc069702616a5d550fc75f44

SHA1
5f1a4c50f2bdc56bd05fc2b315c2bebe7aa2c62e

SHA256
242bdf6375859724494fbb2ec2a00b66139b6b7d4ded5b4b7f444d60ee676ffa

SHA512
aa9a218b72c67e3c42c2e9384d7b5fba5c8a46aee84f28d8bf2bf0e347bcb650f12fdc8fd3b9c654b3e6064ce1116cc185a28dbc0f392ce2573ca48118ed5795

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46714.exe
Filesize
184KB

MD5
d56b72d108c0d8a70a33280bbba3ae77

SHA1
4d3ee6d6b2b3348239a160fc54c6d24e431472e9

SHA256
0b45417926612a6598fb21ccffb3226c83ba50c7a76c3b47db1573555349b0de

SHA512
ba8f485c8b3319200f1934a5ef0da147b87eb1d6d5583d1d4f6f1ba168b48b2b04d911dbdfb29e0ce14dcc6eb2f04343e950f8fae983d3b65b266d2b937fa036

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61.exe
Filesize
184KB

MD5
53d3fd8863331ccc9ff179e5bcd4ed84

SHA1
cd53389d380d2e9c9e710a6acbe1ded4a2509334

SHA256
92914545c31aea2c95233a3be79370f121063fb04167cd7d2c43f4e0bd7c91bd

SHA512
7b7f9129171ee197fb74ec7c77238f1c503e7404c14acf1661e0871d8d0add386007f249e5302c30e17f0df583dc0651aca8b937aedfb7d8335a5144ed0f7f7e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads