79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
Size

184KB
MD5

2e16bb092027c3196bd664f5f00f2a07
SHA1

f8ef18a737911e8f8f707569a82030985256b525
SHA256

79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e
SHA512

4190ed0ad444f0698eb71adc22ecd24fad35947a1422265756d91c320f8cfc881c40f54b68b81b4cd150a120bd54f76583bc955939746784f25bf2002ae4b728
SSDEEP

1536:R7G/6jZCH36xoRx1HyhAluwMHAItZcimd8xcwR2jzwt2hl5hj5VizpvG:5Ru36xo3ZyhbdHzteOcwRw+2hlnniFO

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-58229.exeUnicorn-16367.exeUnicorn-31311.exeUnicorn-12365.exeUnicorn-55152.exeUnicorn-35286.exeUnicorn-33746.exeUnicorn-9796.exeUnicorn-41914.exeUnicorn-48691.exeUnicorn-3019.exeUnicorn-25661.exeUnicorn-44690.exeUnicorn-7378.exeUnicorn-3294.exeUnicorn-38105.exeUnicorn-61218.exeUnicorn-50357.exeUnicorn-57134.exeUnicorn-13491.exeUnicorn-28436.exeUnicorn-25936.exeUnicorn-3377.exeUnicorn-22406.exeUnicorn-50440.exeUnicorn-26490.exeUnicorn-15630.exeUnicorn-39318.exeUnicorn-28458.exeUnicorn-8592.exeUnicorn-55100.exeUnicorn-55100.exeUnicorn-22968.exeUnicorn-37912.exeUnicorn-18884.exeUnicorn-33828.exeUnicorn-41996.exeUnicorn-61862.exeUnicorn-39304.exeUnicorn-48048.exeUnicorn-58909.exeUnicorn-21406.exeUnicorn-21406.exeUnicorn-52687.exeUnicorn-41826.exeUnicorn-48603.exeUnicorn-15375.exeUnicorn-15375.exeUnicorn-30320.exeUnicorn-50186.exeUnicorn-56963.exeUnicorn-11291.exeUnicorn-17575.exeUnicorn-37441.exeUnicorn-29827.exeUnicorn-17405.exeUnicorn-5707.exeUnicorn-56299.exeUnicorn-60575.exeUnicorn-54353.exeUnicorn-876.exeUnicorn-46548.exeUnicorn-7653.exeUnicorn-39771.exe

pid	process
2268	Unicorn-58229.exe
2952	Unicorn-16367.exe
2616	Unicorn-31311.exe
2688	Unicorn-12365.exe
2452	Unicorn-55152.exe
2420	Unicorn-35286.exe
2576	Unicorn-33746.exe
2644	Unicorn-9796.exe
1252	Unicorn-41914.exe
1544	Unicorn-48691.exe
980	Unicorn-3019.exe
3064	Unicorn-25661.exe
3060	Unicorn-44690.exe
2352	Unicorn-7378.exe
2064	Unicorn-3294.exe
488	Unicorn-38105.exe
588	Unicorn-61218.exe
1768	Unicorn-50357.exe
1708	Unicorn-57134.exe
864	Unicorn-13491.exe
1676	Unicorn-28436.exe
1304	Unicorn-25936.exe
332	Unicorn-3377.exe
608	Unicorn-22406.exe
1992	Unicorn-50440.exe
2112	Unicorn-26490.exe
2380	Unicorn-15630.exe
2488	Unicorn-39318.exe
1416	Unicorn-28458.exe
756	Unicorn-8592.exe
2916	Unicorn-55100.exe
1512	Unicorn-55100.exe
2528	Unicorn-22968.exe
2572	Unicorn-37912.exe
2432	Unicorn-18884.exe
2416	Unicorn-33828.exe
2400	Unicorn-41996.exe
1836	Unicorn-61862.exe
2668	Unicorn-39304.exe
2676	Unicorn-48048.exe
296	Unicorn-58909.exe
2356	Unicorn-21406.exe
2772	Unicorn-21406.exe
1528	Unicorn-52687.exe
1736	Unicorn-41826.exe
1352	Unicorn-48603.exe
2000	Unicorn-15375.exe
2244	Unicorn-15375.exe
3040	Unicorn-30320.exe
2992	Unicorn-50186.exe
1940	Unicorn-56963.exe
2260	Unicorn-11291.exe
1472	Unicorn-17575.exe
1000	Unicorn-37441.exe
956	Unicorn-29827.exe
2088	Unicorn-17405.exe
1888	Unicorn-5707.exe
2924	Unicorn-56299.exe
2148	Unicorn-60575.exe
2556	Unicorn-54353.exe
2632	Unicorn-876.exe
2536	Unicorn-46548.exe
2664	Unicorn-7653.exe
2660	Unicorn-39771.exe

Loads dropped DLL 64 IoCs

Processes:

79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exeUnicorn-58229.exeUnicorn-16367.exeUnicorn-31311.exeWerFault.exeUnicorn-12365.exeUnicorn-55152.exeUnicorn-35286.exeWerFault.exeWerFault.exeUnicorn-33746.exeUnicorn-9796.exeUnicorn-48691.exeUnicorn-41914.exeUnicorn-3019.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
2268	Unicorn-58229.exe
2268	Unicorn-58229.exe
2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
2952	Unicorn-16367.exe
2268	Unicorn-58229.exe
2268	Unicorn-58229.exe
2952	Unicorn-16367.exe
2616	Unicorn-31311.exe
2616	Unicorn-31311.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2328	WerFault.exe
2688	Unicorn-12365.exe
2688	Unicorn-12365.exe
2952	Unicorn-16367.exe
2952	Unicorn-16367.exe
2452	Unicorn-55152.exe
2452	Unicorn-55152.exe
2616	Unicorn-31311.exe
2616	Unicorn-31311.exe
2420	Unicorn-35286.exe
2420	Unicorn-35286.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
2788	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
1268	WerFault.exe
2788	WerFault.exe
2576	Unicorn-33746.exe
2576	Unicorn-33746.exe
2688	Unicorn-12365.exe
2688	Unicorn-12365.exe
2644	Unicorn-9796.exe
2644	Unicorn-9796.exe
1544	Unicorn-48691.exe
1544	Unicorn-48691.exe
1252	Unicorn-41914.exe
1252	Unicorn-41914.exe
2452	Unicorn-55152.exe
2452	Unicorn-55152.exe
980	Unicorn-3019.exe
980	Unicorn-3019.exe
2420	Unicorn-35286.exe
2420	Unicorn-35286.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2960	WerFault.exe
696	WerFault.exe
2960	WerFault.exe
696	WerFault.exe
696	WerFault.exe
696	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2708	2872	WerFault.exe	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
2328	2268	WerFault.exe	Unicorn-58229.exe
2788	2952	WerFault.exe	Unicorn-16367.exe
1268	2616	WerFault.exe	Unicorn-31311.exe
2116	2688	WerFault.exe	Unicorn-12365.exe
696	2420	WerFault.exe	Unicorn-35286.exe
2960	2452	WerFault.exe	Unicorn-55152.exe
2956	2576	WerFault.exe	Unicorn-33746.exe
1444	2644	WerFault.exe	Unicorn-9796.exe
2584	1544	WerFault.exe	Unicorn-48691.exe
2608	1252	WerFault.exe	Unicorn-41914.exe
2692	980	WerFault.exe	Unicorn-3019.exe
1052	3064	WerFault.exe	Unicorn-25661.exe
564	3060	WerFault.exe	Unicorn-44690.exe
2092	2352	WerFault.exe	Unicorn-7378.exe
2276	2064	WerFault.exe	Unicorn-3294.exe
892	488	WerFault.exe	Unicorn-38105.exe
2836	1768	WerFault.exe	Unicorn-50357.exe
2480	1708	WerFault.exe	Unicorn-57134.exe
2156	588	WerFault.exe	Unicorn-61218.exe
2552	864	WerFault.exe	Unicorn-13491.exe
2412	1676	WerFault.exe	Unicorn-28436.exe
2424	1304	WerFault.exe	Unicorn-25936.exe
2444	332	WerFault.exe	Unicorn-3377.exe
1440	608	WerFault.exe	Unicorn-22406.exe
828	1992	WerFault.exe	Unicorn-50440.exe
2212	2112	WerFault.exe	Unicorn-26490.exe
1884	2380	WerFault.exe	Unicorn-15630.exe
1820	1416	WerFault.exe	Unicorn-28458.exe
544	2916	WerFault.exe	Unicorn-55100.exe
580	2488	WerFault.exe	Unicorn-39318.exe
452	1512	WerFault.exe	Unicorn-55100.exe
1648	756	WerFault.exe	Unicorn-8592.exe
3464	2528	WerFault.exe	Unicorn-22968.exe
3488	2432	WerFault.exe	Unicorn-18884.exe
3504	2572	WerFault.exe	Unicorn-37912.exe
3648	2416	WerFault.exe	Unicorn-33828.exe
3708	2668	WerFault.exe	Unicorn-39304.exe
3716	1836	WerFault.exe	Unicorn-61862.exe
3740	2400	WerFault.exe	Unicorn-41996.exe
3788	2356	WerFault.exe	Unicorn-21406.exe
3780	2676	WerFault.exe	Unicorn-48048.exe
3820	1940	WerFault.exe	Unicorn-56963.exe
3812	2000	WerFault.exe	Unicorn-15375.exe
3864	296	WerFault.exe	Unicorn-58909.exe
3896	2260	WerFault.exe	Unicorn-11291.exe
3912	2992	WerFault.exe	Unicorn-50186.exe
3904	2772	WerFault.exe	Unicorn-21406.exe
3924	3040	WerFault.exe	Unicorn-30320.exe
3972	1528	WerFault.exe	Unicorn-52687.exe
3980	2244	WerFault.exe	Unicorn-15375.exe
4024	1736	WerFault.exe	Unicorn-41826.exe
3144	1352	WerFault.exe	Unicorn-48603.exe
4192	1344	WerFault.exe	Unicorn-29657.exe
4200	1404	WerFault.exe	Unicorn-11182.exe
4276	2344	WerFault.exe	Unicorn-3014.exe
4300	1388	WerFault.exe	Unicorn-11182.exe
4316	1000	WerFault.exe	Unicorn-37441.exe
4388	1472	WerFault.exe	Unicorn-17575.exe
4408	820	WerFault.exe	Unicorn-58245.exe
4480	3036	WerFault.exe	Unicorn-65022.exe
4488	2736	WerFault.exe	Unicorn-37524.exe
4504	2732	WerFault.exe	Unicorn-10881.exe
4520	2132	WerFault.exe	Unicorn-44602.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exeUnicorn-58229.exeUnicorn-16367.exeUnicorn-31311.exeUnicorn-12365.exeUnicorn-35286.exeUnicorn-55152.exeUnicorn-33746.exeUnicorn-9796.exeUnicorn-48691.exeUnicorn-3019.exeUnicorn-41914.exeUnicorn-25661.exeUnicorn-44690.exeUnicorn-7378.exeUnicorn-3294.exeUnicorn-38105.exeUnicorn-61218.exeUnicorn-50357.exeUnicorn-57134.exeUnicorn-13491.exeUnicorn-28436.exeUnicorn-25936.exeUnicorn-3377.exeUnicorn-22406.exeUnicorn-50440.exeUnicorn-26490.exeUnicorn-15630.exeUnicorn-28458.exeUnicorn-39318.exeUnicorn-55100.exeUnicorn-8592.exeUnicorn-55100.exeUnicorn-22968.exeUnicorn-37912.exeUnicorn-33828.exeUnicorn-18884.exeUnicorn-61862.exeUnicorn-41996.exeUnicorn-39304.exeUnicorn-48048.exeUnicorn-58909.exeUnicorn-21406.exeUnicorn-21406.exeUnicorn-41826.exeUnicorn-52687.exeUnicorn-48603.exeUnicorn-15375.exeUnicorn-15375.exeUnicorn-30320.exeUnicorn-50186.exeUnicorn-11291.exeUnicorn-56963.exeUnicorn-17575.exeUnicorn-37441.exeUnicorn-29827.exeUnicorn-17405.exeUnicorn-5707.exeUnicorn-56299.exeUnicorn-60575.exeUnicorn-54353.exeUnicorn-876.exeUnicorn-46548.exeUnicorn-39771.exe

pid	process
2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
2268	Unicorn-58229.exe
2952	Unicorn-16367.exe
2616	Unicorn-31311.exe
2688	Unicorn-12365.exe
2420	Unicorn-35286.exe
2452	Unicorn-55152.exe
2576	Unicorn-33746.exe
2644	Unicorn-9796.exe
1544	Unicorn-48691.exe
980	Unicorn-3019.exe
1252	Unicorn-41914.exe
3064	Unicorn-25661.exe
3060	Unicorn-44690.exe
2352	Unicorn-7378.exe
2064	Unicorn-3294.exe
488	Unicorn-38105.exe
588	Unicorn-61218.exe
1768	Unicorn-50357.exe
1708	Unicorn-57134.exe
864	Unicorn-13491.exe
1676	Unicorn-28436.exe
1304	Unicorn-25936.exe
332	Unicorn-3377.exe
608	Unicorn-22406.exe
1992	Unicorn-50440.exe
2112	Unicorn-26490.exe
2380	Unicorn-15630.exe
1416	Unicorn-28458.exe
2488	Unicorn-39318.exe
2916	Unicorn-55100.exe
756	Unicorn-8592.exe
1512	Unicorn-55100.exe
2528	Unicorn-22968.exe
2572	Unicorn-37912.exe
2416	Unicorn-33828.exe
2432	Unicorn-18884.exe
1836	Unicorn-61862.exe
2400	Unicorn-41996.exe
2668	Unicorn-39304.exe
2676	Unicorn-48048.exe
296	Unicorn-58909.exe
2356	Unicorn-21406.exe
2772	Unicorn-21406.exe
1736	Unicorn-41826.exe
1528	Unicorn-52687.exe
1352	Unicorn-48603.exe
2244	Unicorn-15375.exe
2000	Unicorn-15375.exe
3040	Unicorn-30320.exe
2992	Unicorn-50186.exe
2260	Unicorn-11291.exe
1940	Unicorn-56963.exe
1472	Unicorn-17575.exe
1000	Unicorn-37441.exe
956	Unicorn-29827.exe
2088	Unicorn-17405.exe
1888	Unicorn-5707.exe
2924	Unicorn-56299.exe
2148	Unicorn-60575.exe
2556	Unicorn-54353.exe
2632	Unicorn-876.exe
2536	Unicorn-46548.exe
2660	Unicorn-39771.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exeUnicorn-58229.exeUnicorn-16367.exeUnicorn-31311.exeUnicorn-12365.exeUnicorn-55152.exeUnicorn-35286.exeUnicorn-33746.exe

description	pid	process	target process
PID 2872 wrote to memory of 2268	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-58229.exe
PID 2872 wrote to memory of 2268	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-58229.exe
PID 2872 wrote to memory of 2268	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-58229.exe
PID 2872 wrote to memory of 2268	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-58229.exe
PID 2268 wrote to memory of 2952	2268	Unicorn-58229.exe	Unicorn-16367.exe
PID 2268 wrote to memory of 2952	2268	Unicorn-58229.exe	Unicorn-16367.exe
PID 2268 wrote to memory of 2952	2268	Unicorn-58229.exe	Unicorn-16367.exe
PID 2268 wrote to memory of 2952	2268	Unicorn-58229.exe	Unicorn-16367.exe
PID 2872 wrote to memory of 2616	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-31311.exe
PID 2872 wrote to memory of 2616	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-31311.exe
PID 2872 wrote to memory of 2616	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-31311.exe
PID 2872 wrote to memory of 2616	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	Unicorn-31311.exe
PID 2872 wrote to memory of 2708	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	WerFault.exe
PID 2872 wrote to memory of 2708	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	WerFault.exe
PID 2872 wrote to memory of 2708	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	WerFault.exe
PID 2872 wrote to memory of 2708	2872	79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe	WerFault.exe
PID 2268 wrote to memory of 2420	2268	Unicorn-58229.exe	Unicorn-35286.exe
PID 2268 wrote to memory of 2420	2268	Unicorn-58229.exe	Unicorn-35286.exe
PID 2268 wrote to memory of 2420	2268	Unicorn-58229.exe	Unicorn-35286.exe
PID 2268 wrote to memory of 2420	2268	Unicorn-58229.exe	Unicorn-35286.exe
PID 2952 wrote to memory of 2688	2952	Unicorn-16367.exe	Unicorn-12365.exe
PID 2952 wrote to memory of 2688	2952	Unicorn-16367.exe	Unicorn-12365.exe
PID 2952 wrote to memory of 2688	2952	Unicorn-16367.exe	Unicorn-12365.exe
PID 2952 wrote to memory of 2688	2952	Unicorn-16367.exe	Unicorn-12365.exe
PID 2616 wrote to memory of 2452	2616	Unicorn-31311.exe	Unicorn-55152.exe
PID 2616 wrote to memory of 2452	2616	Unicorn-31311.exe	Unicorn-55152.exe
PID 2616 wrote to memory of 2452	2616	Unicorn-31311.exe	Unicorn-55152.exe
PID 2616 wrote to memory of 2452	2616	Unicorn-31311.exe	Unicorn-55152.exe
PID 2268 wrote to memory of 2328	2268	Unicorn-58229.exe	WerFault.exe
PID 2268 wrote to memory of 2328	2268	Unicorn-58229.exe	WerFault.exe
PID 2268 wrote to memory of 2328	2268	Unicorn-58229.exe	WerFault.exe
PID 2268 wrote to memory of 2328	2268	Unicorn-58229.exe	WerFault.exe
PID 2688 wrote to memory of 2576	2688	Unicorn-12365.exe	Unicorn-33746.exe
PID 2688 wrote to memory of 2576	2688	Unicorn-12365.exe	Unicorn-33746.exe
PID 2688 wrote to memory of 2576	2688	Unicorn-12365.exe	Unicorn-33746.exe
PID 2688 wrote to memory of 2576	2688	Unicorn-12365.exe	Unicorn-33746.exe
PID 2952 wrote to memory of 2644	2952	Unicorn-16367.exe	Unicorn-9796.exe
PID 2952 wrote to memory of 2644	2952	Unicorn-16367.exe	Unicorn-9796.exe
PID 2952 wrote to memory of 2644	2952	Unicorn-16367.exe	Unicorn-9796.exe
PID 2952 wrote to memory of 2644	2952	Unicorn-16367.exe	Unicorn-9796.exe
PID 2452 wrote to memory of 1252	2452	Unicorn-55152.exe	Unicorn-41914.exe
PID 2452 wrote to memory of 1252	2452	Unicorn-55152.exe	Unicorn-41914.exe
PID 2452 wrote to memory of 1252	2452	Unicorn-55152.exe	Unicorn-41914.exe
PID 2452 wrote to memory of 1252	2452	Unicorn-55152.exe	Unicorn-41914.exe
PID 2616 wrote to memory of 1544	2616	Unicorn-31311.exe	Unicorn-48691.exe
PID 2616 wrote to memory of 1544	2616	Unicorn-31311.exe	Unicorn-48691.exe
PID 2616 wrote to memory of 1544	2616	Unicorn-31311.exe	Unicorn-48691.exe
PID 2616 wrote to memory of 1544	2616	Unicorn-31311.exe	Unicorn-48691.exe
PID 2420 wrote to memory of 980	2420	Unicorn-35286.exe	Unicorn-3019.exe
PID 2420 wrote to memory of 980	2420	Unicorn-35286.exe	Unicorn-3019.exe
PID 2420 wrote to memory of 980	2420	Unicorn-35286.exe	Unicorn-3019.exe
PID 2420 wrote to memory of 980	2420	Unicorn-35286.exe	Unicorn-3019.exe
PID 2952 wrote to memory of 2788	2952	Unicorn-16367.exe	WerFault.exe
PID 2952 wrote to memory of 2788	2952	Unicorn-16367.exe	WerFault.exe
PID 2952 wrote to memory of 2788	2952	Unicorn-16367.exe	WerFault.exe
PID 2952 wrote to memory of 2788	2952	Unicorn-16367.exe	WerFault.exe
PID 2616 wrote to memory of 1268	2616	Unicorn-31311.exe	WerFault.exe
PID 2616 wrote to memory of 1268	2616	Unicorn-31311.exe	WerFault.exe
PID 2616 wrote to memory of 1268	2616	Unicorn-31311.exe	WerFault.exe
PID 2616 wrote to memory of 1268	2616	Unicorn-31311.exe	WerFault.exe
PID 2576 wrote to memory of 3064	2576	Unicorn-33746.exe	Unicorn-25661.exe
PID 2576 wrote to memory of 3064	2576	Unicorn-33746.exe	Unicorn-25661.exe
PID 2576 wrote to memory of 3064	2576	Unicorn-33746.exe	Unicorn-25661.exe
PID 2576 wrote to memory of 3064	2576	Unicorn-33746.exe	Unicorn-25661.exe

C:\Users\Admin\AppData\Local\Temp\79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe
"C:\Users\Admin\AppData\Local\Temp\79f48e0228f77f967ba46ff57dea79b2d4e8b0fe429aef40588cabac69453e8e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13491.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22968.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37524.exe
10⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63756.exe
11⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15646.exe
12⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8624.exe
13⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10617.exe
14⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 236
14⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
13⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
12⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
11⤵
- Program crash
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56143.exe
10⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62132.exe
11⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49657.exe
12⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1087.exe
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 236
13⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
12⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
11⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
10⤵
- Program crash
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52469.exe
9⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9807.exe
11⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
12⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63409.exe
13⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57730.exe
14⤵
PID:14076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 236
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
12⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
11⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
10⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
9⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
9⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49366.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
11⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
12⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35951.exe
13⤵
PID:11296

C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53599.exe
14⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
12⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
11⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 236
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37668.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12137.exe
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47986.exe
11⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13030.exe
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 236
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 236
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
9⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
8⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37912.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56299.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56574.exe
9⤵
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
10⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57145.exe
11⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57908.exe
12⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63474.exe
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
13⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
12⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
11⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52443.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28919.exe
10⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40477.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
12⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 216
12⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
11⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
10⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48961.exe
8⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16414.exe
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
11⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22935.exe
12⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
12⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
9⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
8⤵
- Program crash
PID:3504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
- Program crash
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28436.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17405.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48406.exe
9⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
10⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32174.exe
11⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
12⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
13⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60669.exe
14⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 236
14⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
13⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
12⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
11⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48359.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11945.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65500.exe
11⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6541.exe
12⤵
PID:11656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
13⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
12⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
10⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5982.exe
8⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60056.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1530.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44094.exe
11⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22678.exe
12⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49842.exe
13⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 236
12⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 216
9⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5707.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3289.exe
8⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
10⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8982.exe
11⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23036.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8516 -s 236
12⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
11⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60803.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34312.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11867.exe
10⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2807.exe
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11984 -s 188
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 236
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
10⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
8⤵
PID:4708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
6⤵
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25936.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17575.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10881.exe
8⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45282.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22330.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20221.exe
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
- Program crash
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21332.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34120.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40996.exe
10⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40449.exe
11⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
11⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 240
8⤵
- Program crash
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 216
7⤵
- Program crash
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33828.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60575.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34016.exe
8⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21162.exe
9⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
10⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45464.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40057.exe
12⤵
PID:11844

C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
13⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 236
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
11⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27938.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2485.exe
10⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55433.exe
11⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12706.exe
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
12⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 236
11⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
9⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
8⤵
PID:4612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
7⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
6⤵
- Program crash
PID:564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3377.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61862.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-876.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35770.exe
9⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20970.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52786.exe
11⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
12⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7576.exe
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 236
13⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
12⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
11⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
10⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45728.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
10⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46699.exe
11⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42086.exe
12⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 236
12⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 220
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
9⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
8⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-741.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1639.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14737.exe
11⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
12⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51954.exe
13⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
11⤵
PID:1876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
9⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
8⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7653.exe
7⤵
- Executes dropped EXE
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43938.exe
8⤵
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55116.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41572.exe
11⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
12⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
10⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 236
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59734.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26227.exe
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23757.exe
10⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
11⤵
PID:13144

C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7652.exe
12⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 236
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 220
10⤵
PID:10128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
8⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 240
7⤵
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41996.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39771.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
8⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-45557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45557.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11504.exe
11⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
12⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
11⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46839.exe
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
10⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44398.exe
11⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 216
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
10⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63735.exe
7⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
8⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
9⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23740.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60155.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50397.exe
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
11⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 236
10⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 220
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
8⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
7⤵
- Program crash
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
6⤵
- Program crash
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22406.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39304.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54353.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58328.exe
8⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33414.exe
9⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44509.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25620.exe
11⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15552.exe
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
12⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42755.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44369.exe
10⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44032.exe
11⤵
PID:12072

C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
12⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 216
11⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
10⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7736.exe
7⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41582.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13159.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58951.exe
10⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
11⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 236
8⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46548.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
7⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57425.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
9⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8131.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
10⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 236
8⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10725.exe
7⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19211.exe
8⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
9⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57169.exe
10⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
10⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
9⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
7⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
6⤵
- Program crash
PID:1440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
5⤵
- Program crash
PID:1444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50357.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28458.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41826.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
8⤵
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32070.exe
9⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55671.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60243.exe
11⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
12⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40034.exe
13⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
13⤵
PID:13892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3133.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58432.exe
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36720.exe
11⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59115.exe
12⤵
PID:12636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24819.exe
13⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
12⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
11⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
9⤵
- Program crash
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63543.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14254.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15017.exe
10⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53689.exe
11⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48913.exe
12⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
12⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 236
9⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
8⤵
- Program crash
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65022.exe
7⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26040.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15973.exe
11⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62680.exe
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
12⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
10⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-419.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25760.exe
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48972.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18101.exe
11⤵
PID:11228

C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19334.exe
12⤵
PID:13764

C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31617.exe
13⤵
PID:13540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11228 -s 216
12⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
11⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
10⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
8⤵
- Program crash
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
7⤵
- Program crash
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48603.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23435.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-28666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28666.exe
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
10⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18851.exe
11⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
11⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
10⤵
PID:1596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
7⤵
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35635.exe
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7752.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29787.exe
10⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27591.exe
11⤵
PID:11376

C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50247.exe
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
9⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 216
8⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
7⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
6⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11291.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
7⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58110.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14275.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27291.exe
10⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14976.exe
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 236
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
10⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 236
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
7⤵
- Program crash
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
6⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52682.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-539.exe
10⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24624.exe
11⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42063.exe
12⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 236
12⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
9⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21031.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65121.exe
8⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61089.exe
9⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2916.exe
10⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 236
10⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
9⤵
PID:10216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
8⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
7⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
6⤵
- Program crash
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
5⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50186.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
7⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44981.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60954.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51494.exe
11⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36575.exe
12⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34715.exe
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
13⤵
PID:13464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
9⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
8⤵
- Program crash
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 236
7⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60938.exe
6⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1343.exe
7⤵
PID:1172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26699.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30612.exe
9⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15505.exe
10⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41300.exe
11⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
11⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 236
10⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1172 -s 236
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
7⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22527.exe
8⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61281.exe
9⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26570.exe
10⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 236
11⤵
PID:11408

C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28167.exe
10⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 240
10⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
9⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
8⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
7⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
6⤵
- Program crash
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56963.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
6⤵
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56958.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51587.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27379.exe
9⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30254.exe
10⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
11⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62691.exe
12⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
11⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
10⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
9⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-995.exe
7⤵
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8987.exe
8⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34364.exe
9⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41108.exe
10⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 216
10⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
9⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 984 -s 216
8⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 220
7⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
6⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22147.exe
7⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
8⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57187.exe
9⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
10⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 216
10⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 236
9⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
8⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 236
7⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:3820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
5⤵
- Program crash
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38105.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15630.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 220
8⤵
- Program crash
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
7⤵
- Program crash
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52687.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
7⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48598.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63455.exe
9⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34862.exe
10⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50036.exe
11⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36959.exe
12⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8674.exe
13⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
10⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33283.exe
8⤵
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
8⤵
- Program crash
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41084.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33124.exe
10⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54063.exe
11⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
11⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
10⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
6⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39318.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29657.exe
7⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50544.exe
8⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4716.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10274.exe
10⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20633.exe
11⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
12⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6032 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
8⤵
- Program crash
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34762.exe
7⤵
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12692.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39522.exe
9⤵
PID:6424

C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37291.exe
10⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15805.exe
11⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 236
11⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6424 -s 216
10⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
8⤵
PID:5944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
7⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22043.exe
6⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9511.exe
7⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53637.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57581.exe
10⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14102.exe
11⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
11⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 216
8⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
7⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31655.exe
8⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
9⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61224.exe
10⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
10⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
9⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
8⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 220
7⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
6⤵
- Program crash
PID:580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
5⤵
- Program crash
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61218.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15375.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11182.exe
7⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19818.exe
8⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34452.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
11⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
12⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 216
12⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
10⤵
PID:8492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 216
9⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1404 -s 216
8⤵
- Program crash
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
7⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57233.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10658.exe
9⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43191.exe
10⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38498.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46355.exe
12⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
11⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
10⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
8⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 220
7⤵
- Program crash
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38379.exe
6⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34400.exe
7⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12500.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59392.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24852.exe
10⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
11⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40444.exe
12⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11200 -s 216
12⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
8⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-803.exe
7⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7368.exe
8⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
9⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
10⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 236
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
9⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
8⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 220
7⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 220
6⤵
- Program crash
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30320.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37825.exe
6⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17872.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4296.exe
10⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42395.exe
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
11⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5840 -s 216
10⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
9⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
8⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51115.exe
8⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4488.exe
9⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46775.exe
10⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
10⤵
PID:13500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
9⤵
PID:9896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
8⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
7⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59459.exe
6⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38759.exe
7⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4991.exe
8⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53113.exe
9⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50475.exe
10⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
10⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
9⤵
PID:9980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
8⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
7⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
6⤵
- Program crash
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 240
5⤵
- Program crash
PID:2156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-48691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48691.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3294.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50440.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25381.exe
7⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46460.exe
8⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40897.exe
9⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47607.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16793.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
12⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
11⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
10⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
9⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47991.exe
9⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-18002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18002.exe
10⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29152.exe
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
11⤵
PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
10⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 220
8⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
7⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2002.exe
8⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
9⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2973.exe
10⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56969.exe
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
11⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
10⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
9⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 216
8⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
7⤵
- Program crash
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-44602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44602.exe
6⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3201.exe
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-51110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51110.exe
9⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
10⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 216
10⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
9⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
8⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
7⤵
- Program crash
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
6⤵
- Program crash
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13128.exe
6⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
7⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34696.exe
9⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53357.exe
10⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49211.exe
11⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5404 -s 216
10⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
7⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29024.exe
8⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45568.exe
9⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9722.exe
10⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
10⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
9⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
8⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
7⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18618.exe
6⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55479.exe
7⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34011.exe
8⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
9⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56118.exe
10⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62231.exe
11⤵
PID:11708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23257.exe
12⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 236
11⤵
PID:12132

C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
10⤵
PID:11772

C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42655.exe
11⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 240
10⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 220
9⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
8⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 236
7⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 240
6⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
5⤵
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56107.exe
6⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58712.exe
7⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-248.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63367.exe
9⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3061.exe
10⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28900.exe
11⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
12⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 236
12⤵
PID:11792

C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
11⤵
PID:11636

C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-890.exe
12⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 220
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
10⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45920.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58707.exe
8⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52838.exe
9⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
10⤵
PID:12588

C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60937.exe
11⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
10⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5752 -s 216
9⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
8⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
7⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4036.exe
6⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61317.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12604.exe
8⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54566.exe
9⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9717.exe
10⤵
PID:12372

C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65021.exe
11⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 216
10⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
9⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
8⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
7⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 220
6⤵
- Program crash
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-44602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44602.exe
5⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3673.exe
6⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39335.exe
7⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24006.exe
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
9⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11987.exe
10⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32530.exe
11⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11184 -s 216
11⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
10⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
9⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
8⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
7⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31721.exe
6⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51966.exe
7⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60425.exe
8⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45576.exe
9⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
9⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 216
8⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
7⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 220
6⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
5⤵
- Program crash
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
4⤵
- Program crash
PID:2584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
2⤵
- Program crash
PID:2708

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-36668.exe
Filesize
184KB

MD5
72a0ee129205746befb47dcb77b00334

SHA1
d9a39e219b34d3b5ed6cb38cc39878fd00f4d93c

SHA256
157a8593c8321f198558e8241bc518ecd8281aa96681de47522b9fa2445c479b

SHA512
e32b239720f4e6baa5c22bb9e7173ec4d3062ab8595158b1771445cfc42a7c690ea8d0324a17ccdfcdb6f7cf7b411ddcb84820fbdff6999709b6407a183cd8d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37343.exe
Filesize
184KB

MD5
1803f5994091bc9d27bf484488b343bb

SHA1
56aea1eb120066e685e3f4b8d35655a7c05d1aaa

SHA256
c326d6495104b11f273bde5a912de2df1a516fc97c4104f96c42442c526efb31

SHA512
af9f34182aace2983edd262ed948b719e32fd3a0f2eaef589b0eb6d7f7cf281cf07e4b58f93570a372c72c2d400002605cbaf1df60a544391cc536b678474a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48691.exe
Filesize
184KB

MD5
38e1b93cd5f78933fd2f3604e7a531b3

SHA1
4c99a3903905b2d14f461ccd9e6c4a66a70e978a

SHA256
e8e728f946a00cf776bbfcf5c9aeb4a790f08c2fec23721271e513baff84b4d0

SHA512
47148f179ab0ba3e119bc95d40df8c93b0634e9d6132674b111a5b97621ba05fbc382af38a8896047b9e2ef141b13f44dbc4a49b56b35e58712fe6b1220d4c99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55152.exe
Filesize
184KB

MD5
a5e7e7e6eede01e16e7994f5e42df8a5

SHA1
83a3be6da8e2fbb1c4fb8a22c1f72754e23af2ec

SHA256
399cc1fb28be872f715fc78281d475c83b0ce07bb42ad04ea4585b547cdf0fb4

SHA512
a1a2cfd6ebf8f0d0c503af34663afe4887999f64bb36da1ffe1bfbd053af10b7733e454573b1addfeef1a3fa94780ebed597e80a517875df2995a908efd8c09a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5619.exe
Filesize
184KB

MD5
8b389183288eee5862f31ad9be1cf66d

SHA1
a8ad65602af45664c4f2654c24c7e2131edc66c1

SHA256
1d389d91d1bfed3799e31c55d099c5929cde18a2271c21dc739e47b0df43b425

SHA512
5f175ab7bfbfab29496694775a6654362cc44e1dd2d5f98ba0bd3c2aa3360c82fd9c9060d71da029e525a9c08c060482fc5e6ebe8ce397a0593119a9006cdf60

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59854.exe
Filesize
184KB

MD5
e487f261f43a95e35727e0e3be08b3e6

SHA1
55ac61666a957aa25cfcae440d2028bf7ef914f3

SHA256
b23c5af1260d8f2a42813b3820cfdb8f780f13dc708c16b8f1901a12e1bd3665

SHA512
75748622c958b3ce47a81c8e05d4efb3d504cc3b057a4e64313cfcfbc4bb72ee9f00a3b52773de3f7ffec59e5fc502cb7fb9b774ccdddbe237766352c68ae55f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6174.exe
Filesize
184KB

MD5
e328f5a0b475f53e0dc1ae4cc1d9f3a6

SHA1
369a7a83c8f6ea6b5151094f2d32c653ab22d946

SHA256
e98f5e2fb542e0e0a6fedafb7f92bd28bbb2d1b0c5e9277be8352f46881e35fd

SHA512
f515d88d01645e0bfdd15f439d52e5fef0e7a98b0a8f7cfce06691e7c31222459721c74f2e3cf02616d83d38268e06e3bd69b9c2216c29da38d88771a75aa97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6797.exe
Filesize
184KB

MD5
673820498f0940eca228b79f8c86c0ae

SHA1
c22bffe476568ab71cec8f3e7da7508836a09468

SHA256
bc7cee68d793669bad69c38d6524b85cd3577d055b325056cf53f1399b505005

SHA512
87ed429d72224cf1ebf2adbce04bfe1ffec48e7c1ecc1cc739217a8afefc6f06de63d418a682448c65b6793701f84bc0ee10986ae49e26f48b41b9c755217d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9796.exe
Filesize
184KB

MD5
2dd28836f60b94f7b62eddde13db964a

SHA1
ba37e61d97e2730a643b66981f2a44f0f8b6bbaf

SHA256
a375efe19c21a25bf34dcf20f9dd9b918833c9a58c1cfda08eaff4386a918c3d

SHA512
8f1b96642650fc63476e263d5d17cd0b8aec9a6e9fe72ed61ee6fda3bdac0bf13879753ff784678b9f5bc8cc4e376045606403ece57cb5a26413ee582154ef13

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
Filesize
184KB

MD5
45015707192bc8221735e36838b36c67

SHA1
3b67fc4d7454771ac97e6f16413e2fa5c8193607

SHA256
0455dd28718538384e3f1936b202d648422362dd806ac9b941b6b280bcbc3643

SHA512
47cfe4cf0eb71db88ca95ab637d8f63bcf1580a10a239602b9c420e84e2263349bb1419b47d4e0baff18e74c58a85abac2c5c2aad2e1aca7a5c4428cd4bf989b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16367.exe
Filesize
184KB

MD5
16c6e8c7aeaa8b6f3c1cfa0834c0f3a4

SHA1
7030a119873d72d2107ac88fc413270f9bd266a3

SHA256
d31b7b2cfeece73ad6ad7af130cdde5e1ef1c22bcc4a24bc4aee311615b67e1f

SHA512
aded47634dbb46dab436ce1b6fd042b61f4ca20126c77ee3ad7841bdcad07938289baa4b780157b9357bff5a9fbae898df0e6fd9af58606c0968777b940e7425

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25661.exe
Filesize
184KB

MD5
a41dd167ef657daab3f137c334d3d5b2

SHA1
73ef9118f319e96adeec57548a60baea9c450e6e

SHA256
ad275ac1f7f06ee542f04aaab0a4e474b61cbb31e79f6fd4992d8591f642063d

SHA512
494a5dc40e4108a766b749b4eddf3a9355e42aaf82aa370ddc9dc4c5cd1d332ab9883ae16de3287e7864ac2a6b7ed355c9b3063f124fb58a3f09dd378c33adc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3019.exe
Filesize
184KB

MD5
7bf65ad9a0fcb98758c08f07fbacc4cc

SHA1
de2036326c1a51ac335b9f55deeb0ee0ffaf5145

SHA256
f0ee28c74bf070439931138b075c5bbffbbd33eead44a7c3f8826b154308ab45

SHA512
0538217a8557d2b1a629fd2a88ca59c8eb013796bfcd574d2d707e1e8ab43f181455afae80ae3caec9eb8c7eecfa2de7cacc8c177f4fdc3f770b5892b4612a6d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31311.exe
Filesize
184KB

MD5
1ba9d4318889c126aef90074cbcdbb86

SHA1
5ad97c35b8eb4d34727d854ddbe97e53278e1b34

SHA256
eed8d0b492840c3e77ffee11ee0889203d2690ff4b274de383dc36a7c7b134e5

SHA512
4b547a8cdbf3b3df474ee37e822363e39b85ae66e8612c74c36c52e2dea952f0f5d8570bcb0a3aa76b9303bc888a1db9b88bbeb407b9f949e70dc407fae2f5dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33746.exe
Filesize
184KB

MD5
8e4b0954f55a219fe959e020710cd320

SHA1
f409afe947f8b71978002363e7baa7b78561b6f4

SHA256
d7f955a8e24649dc7327c7381ce8f3635b5ca83b1d63bedf31b49deee5489e96

SHA512
d3b628baa76f07268f7f7071c02a2f83ff9c3bc02605ed17f2e9946f58ed90f347ae6fd968cc5c714d3f17b11740686a9517eecb4f090ddc72391d8b17c819fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35286.exe
Filesize
184KB

MD5
54bf30711bac96fb146b38d215758d8d

SHA1
912d4c4c93b87d5378e6c21a1ef8430dfc750987

SHA256
b054a6cea2c031c07b365a2c8423ec9c1a3014f0190e2bda4fb5837f82787a5f

SHA512
dc9f58c15dac79b9eb4c055861faf2f5f8b2630cd637eae753bc364ce4013573c35a823b826006c5fe8770294825837d199f59917e37e575d13498101e468eba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41914.exe
Filesize
184KB

MD5
34d0864bdba61c515cabb10f41baba41

SHA1
48827ff5898a60a3696b8be021083c301a0a8291

SHA256
df120707c3fb770bb24d3a4af3b1dcb2fe3eac697190c9665250a4cb418ce086

SHA512
f23104ae6e9c90510106432c27f098a3d065cf5aa5dd5cba6ef37cc499d5359e973c583cff7ae8ab398da87322855109fc094a951c7a5ce2f534a2958e99b35e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44690.exe
Filesize
184KB

MD5
d9999c9b387129e3da7c906b85e0df5d

SHA1
cb107e6d570a90ae59f15fe721543637debf2b8c

SHA256
d0282cb8858f312fc020b45954598a864bef02f43f23b9228aca4d7c47ab18eb

SHA512
f9cedb12682c6cb069679d592e0df758bb55f9cd4ccfbf444d093ce93c2dab8215adc50029e5dfd7ceb89f5effeaf5ec7c3fd297559878f87a88b43685591838

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58229.exe
Filesize
184KB

MD5
957baedda266c1c3bea03402fc2645ab

SHA1
8c6c555fe8d6aa37d0a7db6577a14c30f0635b74

SHA256
c18b81575266659898b5ede95561b95a63dacebfe40c26cba2f78d15d870db4b

SHA512
f035c8969f564e10aba9c1962b17bb71a523f157b93891b7713ce5780f445c3a45cd023e54b31a94dfa2c4dd5a60a39aafd3045e4a1159b8cda92cfb3fe67e57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-7378.exe
Filesize
184KB

MD5
bd58108cc9e2b757b7d8579c31978132

SHA1
ad400daf469887b2bf143adbd196e2c36bbf04a2

SHA256
35ac3d035aedfebe963154d88756e73d2c5dc8f684d174069002e069c18da2fc

SHA512
c79318cddee13e68cb1b97ae20b9555c06aa68a4ea1e9172682999022554a4077df4187a3823429fabdd6261f9dd40920f9970a2835f94c9b2b2655eecbc3de6

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads