7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
Size

184KB
MD5

af5d17059e4c7f8ca10cd8bf8a1ce9a9
SHA1

8e5d868db24bc45004bde1868817a60237f4d531
SHA256

7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912
SHA512

e79f6266edcc0672bbed9e7c6666ae8dc93cbf2a2a07e9b92980cfe06490f91b1b80c53fe18e7123638ca2cb7c66618a69fdd6b9afd6b89b7bf5e60d0d62307c
SSDEEP

3072:+ReJr8oTc4eTdRaWevwLRDsohlnViFwny:+RvomJRaGLlsohlnViFw

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-59878.exeUnicorn-16983.exeUnicorn-31927.exeUnicorn-41055.exeUnicorn-60921.exeUnicorn-60921.exeUnicorn-34362.exeUnicorn-41138.exeUnicorn-41138.exeUnicorn-61004.exeUnicorn-64813.exeUnicorn-39754.exeUnicorn-2483.exeUnicorn-22349.exeUnicorn-35670.exeUnicorn-63936.exeUnicorn-18265.exeUnicorn-11056.exeUnicorn-39837.exeUnicorn-942.exeUnicorn-58866.exeUnicorn-21939.exeUnicorn-36883.exeUnicorn-63526.exeUnicorn-30107.exeUnicorn-45052.exeUnicorn-26023.exeUnicorn-37974.exeUnicorn-61087.exeUnicorn-62478.exeUnicorn-20630.exeUnicorn-9769.exeUnicorn-55441.exeUnicorn-16546.exeUnicorn-5685.exeUnicorn-60916.exeUnicorn-53495.exeUnicorn-7823.exeUnicorn-15992.exeUnicorn-57579.exeUnicorn-11907.exeUnicorn-26852.exeUnicorn-46718.exeUnicorn-55462.exeUnicorn-13038.exeUnicorn-2177.exeUnicorn-19090.exeUnicorn-46287.exeUnicorn-31342.exeUnicorn-4891.exeUnicorn-45410.exeUnicorn-47870.exeUnicorn-22851.exeUnicorn-58861.exeUnicorn-12353.exeUnicorn-62945.exeUnicorn-9660.exeUnicorn-51248.exeUnicorn-5576.exeUnicorn-63500.exeUnicorn-44471.exeUnicorn-13744.exeUnicorn-13744.exeUnicorn-6323.exe

pid	process
2380	Unicorn-59878.exe
1420	Unicorn-16983.exe
2684	Unicorn-31927.exe
2780	Unicorn-41055.exe
2652	Unicorn-60921.exe
2644	Unicorn-60921.exe
2308	Unicorn-34362.exe
2820	Unicorn-41138.exe
2864	Unicorn-41138.exe
1968	Unicorn-61004.exe
2724	Unicorn-64813.exe
1616	Unicorn-39754.exe
1436	Unicorn-2483.exe
2180	Unicorn-22349.exe
1456	Unicorn-35670.exe
592	Unicorn-63936.exe
2440	Unicorn-18265.exe
1056	Unicorn-11056.exe
1160	Unicorn-39837.exe
452	Unicorn-942.exe
2052	Unicorn-58866.exe
1712	Unicorn-21939.exe
1164	Unicorn-36883.exe
1452	Unicorn-63526.exe
1168	Unicorn-30107.exe
1176	Unicorn-45052.exe
1148	Unicorn-26023.exe
2736	Unicorn-37974.exe
944	Unicorn-61087.exe
3036	Unicorn-62478.exe
2436	Unicorn-20630.exe
2700	Unicorn-9769.exe
2580	Unicorn-55441.exe
2152	Unicorn-16546.exe
2604	Unicorn-5685.exe
2500	Unicorn-60916.exe
2524	Unicorn-53495.exe
2432	Unicorn-7823.exe
768	Unicorn-15992.exe
1320	Unicorn-57579.exe
2536	Unicorn-11907.exe
2828	Unicorn-26852.exe
1608	Unicorn-46718.exe
2116	Unicorn-55462.exe
1200	Unicorn-13038.exe
1960	Unicorn-2177.exe
672	Unicorn-19090.exe
1792	Unicorn-46287.exe
1116	Unicorn-31342.exe
1580	Unicorn-4891.exe
1668	Unicorn-45410.exe
1676	Unicorn-47870.exe
312	Unicorn-22851.exe
2232	Unicorn-58861.exe
772	Unicorn-12353.exe
1632	Unicorn-62945.exe
2316	Unicorn-9660.exe
1840	Unicorn-51248.exe
2884	Unicorn-5576.exe
1876	Unicorn-63500.exe
2760	Unicorn-44471.exe
2608	Unicorn-13744.exe
2496	Unicorn-13744.exe
2816	Unicorn-6323.exe

Loads dropped DLL 64 IoCs

Processes:

7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exeUnicorn-59878.exeUnicorn-16983.exeUnicorn-31927.exeWerFault.exeUnicorn-60921.exeUnicorn-60921.exeWerFault.exeWerFault.exeUnicorn-41055.exeUnicorn-34362.exeUnicorn-41138.exeUnicorn-41138.exeUnicorn-61004.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
2380	Unicorn-59878.exe
2380	Unicorn-59878.exe
2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
2380	Unicorn-59878.exe
2380	Unicorn-59878.exe
1420	Unicorn-16983.exe
2684	Unicorn-31927.exe
1420	Unicorn-16983.exe
2684	Unicorn-31927.exe
960	WerFault.exe
960	WerFault.exe
960	WerFault.exe
960	WerFault.exe
960	WerFault.exe
2652	Unicorn-60921.exe
2652	Unicorn-60921.exe
2684	Unicorn-31927.exe
1420	Unicorn-16983.exe
1420	Unicorn-16983.exe
2684	Unicorn-31927.exe
2644	Unicorn-60921.exe
2644	Unicorn-60921.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2520	WerFault.exe
2376	WerFault.exe
2780	Unicorn-41055.exe
2780	Unicorn-41055.exe
2308	Unicorn-34362.exe
2652	Unicorn-60921.exe
2308	Unicorn-34362.exe
2652	Unicorn-60921.exe
2820	Unicorn-41138.exe
2820	Unicorn-41138.exe
2864	Unicorn-41138.exe
2864	Unicorn-41138.exe
1968	Unicorn-61004.exe
1968	Unicorn-61004.exe
2644	Unicorn-60921.exe
2644	Unicorn-60921.exe
304	WerFault.exe
304	WerFault.exe
304	WerFault.exe
304	WerFault.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
892	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
892	WerFault.exe
304	WerFault.exe
1496	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2752	2740	WerFault.exe	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
960	2380	WerFault.exe	Unicorn-59878.exe
2376	1420	WerFault.exe	Unicorn-16983.exe
2520	2684	WerFault.exe	Unicorn-31927.exe
304	2652	WerFault.exe	Unicorn-60921.exe
892	2644	WerFault.exe	Unicorn-60921.exe
1496	2780	WerFault.exe	Unicorn-41055.exe
2948	2308	WerFault.exe	Unicorn-34362.exe
2712	2820	WerFault.exe	Unicorn-41138.exe
2108	2864	WerFault.exe	Unicorn-41138.exe
1788	1968	WerFault.exe	Unicorn-61004.exe
776	2724	WerFault.exe	Unicorn-64813.exe
2988	1436	WerFault.exe	Unicorn-2483.exe
2836	1616	WerFault.exe	Unicorn-39754.exe
2272	1456	WerFault.exe	Unicorn-35670.exe
1068	2180	WerFault.exe	Unicorn-22349.exe
540	2440	WerFault.exe	Unicorn-18265.exe
2612	592	WerFault.exe	Unicorn-63936.exe
1992	1056	WerFault.exe	Unicorn-11056.exe
2540	1160	WerFault.exe	Unicorn-39837.exe
2728	452	WerFault.exe	Unicorn-942.exe
1476	2052	WerFault.exe	Unicorn-58866.exe
1884	1712	WerFault.exe	Unicorn-21939.exe
108	1164	WerFault.exe	Unicorn-36883.exe
1060	1452	WerFault.exe	Unicorn-63526.exe
2992	1148	WerFault.exe	Unicorn-26023.exe
2208	1168	WerFault.exe	Unicorn-30107.exe
2228	1176	WerFault.exe	Unicorn-45052.exe
2868	2736	WerFault.exe	Unicorn-37974.exe
956	944	WerFault.exe	Unicorn-61087.exe
344	3036	WerFault.exe	Unicorn-62478.exe
2944	2436	WerFault.exe	Unicorn-20630.exe
3000	2152	WerFault.exe	Unicorn-16546.exe
2664	2604	WerFault.exe	Unicorn-5685.exe
2492	2500	WerFault.exe	Unicorn-60916.exe
1780	2700	WerFault.exe	Unicorn-9769.exe
1652	2524	WerFault.exe	Unicorn-53495.exe
2140	2432	WerFault.exe	Unicorn-7823.exe
2692	2536	WerFault.exe	Unicorn-11907.exe
3092	1320	WerFault.exe	Unicorn-57579.exe
3084	2828	WerFault.exe	Unicorn-26852.exe
3120	768	WerFault.exe	Unicorn-15992.exe
3112	1608	WerFault.exe	Unicorn-46718.exe
3180	2580	WerFault.exe	Unicorn-55441.exe
3936	1200	WerFault.exe	Unicorn-13038.exe
3804	2608	WerFault.exe	Unicorn-13744.exe
3772	2316	WerFault.exe	Unicorn-9660.exe
3956	3244	WerFault.exe	Unicorn-34164.exe
3220	2884	WerFault.exe	Unicorn-5576.exe
3276	672	WerFault.exe	Unicorn-19090.exe
3416	1792	WerFault.exe	Unicorn-46287.exe
3704	1668	WerFault.exe	Unicorn-45410.exe
3952	1840	WerFault.exe	Unicorn-51248.exe
4016	312	WerFault.exe	Unicorn-22851.exe
3188	2496	WerFault.exe	Unicorn-13744.exe
3260	772	WerFault.exe	Unicorn-12353.exe
3436	2760	WerFault.exe	Unicorn-44471.exe
3528	2816	WerFault.exe	Unicorn-6323.exe
3596	1580	WerFault.exe	Unicorn-4891.exe
3104	1488	WerFault.exe	Unicorn-52831.exe
3444	1676	WerFault.exe	Unicorn-47870.exe
4248	1876	WerFault.exe	Unicorn-63500.exe
4444	1960	WerFault.exe	Unicorn-2177.exe
4520	2264	WerFault.exe	Unicorn-41731.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exeUnicorn-59878.exeUnicorn-16983.exeUnicorn-31927.exeUnicorn-60921.exeUnicorn-41055.exeUnicorn-60921.exeUnicorn-34362.exeUnicorn-41138.exeUnicorn-61004.exeUnicorn-41138.exeUnicorn-64813.exeUnicorn-39754.exeUnicorn-2483.exeUnicorn-35670.exeUnicorn-22349.exeUnicorn-18265.exeUnicorn-63936.exeUnicorn-11056.exeUnicorn-39837.exeUnicorn-942.exeUnicorn-58866.exeUnicorn-36883.exeUnicorn-63526.exeUnicorn-21939.exeUnicorn-30107.exeUnicorn-45052.exeUnicorn-26023.exeUnicorn-37974.exeUnicorn-61087.exeUnicorn-62478.exeUnicorn-20630.exeUnicorn-55441.exeUnicorn-9769.exeUnicorn-5685.exeUnicorn-16546.exeUnicorn-60916.exeUnicorn-53495.exeUnicorn-7823.exeUnicorn-15992.exeUnicorn-11907.exeUnicorn-26852.exeUnicorn-57579.exeUnicorn-46718.exeUnicorn-55462.exeUnicorn-13038.exeUnicorn-2177.exeUnicorn-19090.exeUnicorn-46287.exeUnicorn-31342.exeUnicorn-4891.exeUnicorn-47870.exeUnicorn-45410.exeUnicorn-22851.exeUnicorn-58861.exeUnicorn-12353.exeUnicorn-62945.exeUnicorn-9660.exeUnicorn-51248.exeUnicorn-5576.exeUnicorn-13744.exeUnicorn-13744.exeUnicorn-44471.exeUnicorn-63500.exe

pid	process
2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
2380	Unicorn-59878.exe
1420	Unicorn-16983.exe
2684	Unicorn-31927.exe
2644	Unicorn-60921.exe
2780	Unicorn-41055.exe
2652	Unicorn-60921.exe
2308	Unicorn-34362.exe
2820	Unicorn-41138.exe
1968	Unicorn-61004.exe
2864	Unicorn-41138.exe
2724	Unicorn-64813.exe
1616	Unicorn-39754.exe
1436	Unicorn-2483.exe
1456	Unicorn-35670.exe
2180	Unicorn-22349.exe
2440	Unicorn-18265.exe
592	Unicorn-63936.exe
1056	Unicorn-11056.exe
1160	Unicorn-39837.exe
452	Unicorn-942.exe
2052	Unicorn-58866.exe
1164	Unicorn-36883.exe
1452	Unicorn-63526.exe
1712	Unicorn-21939.exe
1168	Unicorn-30107.exe
1176	Unicorn-45052.exe
1148	Unicorn-26023.exe
2736	Unicorn-37974.exe
944	Unicorn-61087.exe
3036	Unicorn-62478.exe
2436	Unicorn-20630.exe
2580	Unicorn-55441.exe
2700	Unicorn-9769.exe
2604	Unicorn-5685.exe
2152	Unicorn-16546.exe
2500	Unicorn-60916.exe
2524	Unicorn-53495.exe
2432	Unicorn-7823.exe
768	Unicorn-15992.exe
2536	Unicorn-11907.exe
2828	Unicorn-26852.exe
1320	Unicorn-57579.exe
1608	Unicorn-46718.exe
2116	Unicorn-55462.exe
1200	Unicorn-13038.exe
1960	Unicorn-2177.exe
672	Unicorn-19090.exe
1792	Unicorn-46287.exe
1116	Unicorn-31342.exe
1580	Unicorn-4891.exe
1676	Unicorn-47870.exe
1668	Unicorn-45410.exe
312	Unicorn-22851.exe
2232	Unicorn-58861.exe
772	Unicorn-12353.exe
1632	Unicorn-62945.exe
2316	Unicorn-9660.exe
1840	Unicorn-51248.exe
2884	Unicorn-5576.exe
2608	Unicorn-13744.exe
2496	Unicorn-13744.exe
2760	Unicorn-44471.exe
1876	Unicorn-63500.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exeUnicorn-59878.exeUnicorn-16983.exeUnicorn-31927.exeUnicorn-60921.exeUnicorn-60921.exeUnicorn-41055.exeUnicorn-34362.exe

description	pid	process	target process
PID 2740 wrote to memory of 2380	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-59878.exe
PID 2740 wrote to memory of 2380	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-59878.exe
PID 2740 wrote to memory of 2380	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-59878.exe
PID 2740 wrote to memory of 2380	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-59878.exe
PID 2380 wrote to memory of 1420	2380	Unicorn-59878.exe	Unicorn-16983.exe
PID 2380 wrote to memory of 1420	2380	Unicorn-59878.exe	Unicorn-16983.exe
PID 2380 wrote to memory of 1420	2380	Unicorn-59878.exe	Unicorn-16983.exe
PID 2380 wrote to memory of 1420	2380	Unicorn-59878.exe	Unicorn-16983.exe
PID 2740 wrote to memory of 2684	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-31927.exe
PID 2740 wrote to memory of 2684	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-31927.exe
PID 2740 wrote to memory of 2684	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-31927.exe
PID 2740 wrote to memory of 2684	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	Unicorn-31927.exe
PID 2740 wrote to memory of 2752	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	WerFault.exe
PID 2740 wrote to memory of 2752	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	WerFault.exe
PID 2740 wrote to memory of 2752	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	WerFault.exe
PID 2740 wrote to memory of 2752	2740	7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe	WerFault.exe
PID 2380 wrote to memory of 2780	2380	Unicorn-59878.exe	Unicorn-41055.exe
PID 2380 wrote to memory of 2780	2380	Unicorn-59878.exe	Unicorn-41055.exe
PID 2380 wrote to memory of 2780	2380	Unicorn-59878.exe	Unicorn-41055.exe
PID 2380 wrote to memory of 2780	2380	Unicorn-59878.exe	Unicorn-41055.exe
PID 1420 wrote to memory of 2644	1420	Unicorn-16983.exe	Unicorn-60921.exe
PID 1420 wrote to memory of 2644	1420	Unicorn-16983.exe	Unicorn-60921.exe
PID 1420 wrote to memory of 2644	1420	Unicorn-16983.exe	Unicorn-60921.exe
PID 1420 wrote to memory of 2644	1420	Unicorn-16983.exe	Unicorn-60921.exe
PID 2684 wrote to memory of 2652	2684	Unicorn-31927.exe	Unicorn-60921.exe
PID 2684 wrote to memory of 2652	2684	Unicorn-31927.exe	Unicorn-60921.exe
PID 2684 wrote to memory of 2652	2684	Unicorn-31927.exe	Unicorn-60921.exe
PID 2684 wrote to memory of 2652	2684	Unicorn-31927.exe	Unicorn-60921.exe
PID 2380 wrote to memory of 960	2380	Unicorn-59878.exe	WerFault.exe
PID 2380 wrote to memory of 960	2380	Unicorn-59878.exe	WerFault.exe
PID 2380 wrote to memory of 960	2380	Unicorn-59878.exe	WerFault.exe
PID 2380 wrote to memory of 960	2380	Unicorn-59878.exe	WerFault.exe
PID 2652 wrote to memory of 2308	2652	Unicorn-60921.exe	Unicorn-34362.exe
PID 2652 wrote to memory of 2308	2652	Unicorn-60921.exe	Unicorn-34362.exe
PID 2652 wrote to memory of 2308	2652	Unicorn-60921.exe	Unicorn-34362.exe
PID 2652 wrote to memory of 2308	2652	Unicorn-60921.exe	Unicorn-34362.exe
PID 1420 wrote to memory of 2820	1420	Unicorn-16983.exe	Unicorn-41138.exe
PID 1420 wrote to memory of 2820	1420	Unicorn-16983.exe	Unicorn-41138.exe
PID 1420 wrote to memory of 2820	1420	Unicorn-16983.exe	Unicorn-41138.exe
PID 1420 wrote to memory of 2820	1420	Unicorn-16983.exe	Unicorn-41138.exe
PID 2684 wrote to memory of 2864	2684	Unicorn-31927.exe	Unicorn-41138.exe
PID 2684 wrote to memory of 2864	2684	Unicorn-31927.exe	Unicorn-41138.exe
PID 2684 wrote to memory of 2864	2684	Unicorn-31927.exe	Unicorn-41138.exe
PID 2684 wrote to memory of 2864	2684	Unicorn-31927.exe	Unicorn-41138.exe
PID 2644 wrote to memory of 1968	2644	Unicorn-60921.exe	Unicorn-61004.exe
PID 2644 wrote to memory of 1968	2644	Unicorn-60921.exe	Unicorn-61004.exe
PID 2644 wrote to memory of 1968	2644	Unicorn-60921.exe	Unicorn-61004.exe
PID 2644 wrote to memory of 1968	2644	Unicorn-60921.exe	Unicorn-61004.exe
PID 2684 wrote to memory of 2520	2684	Unicorn-31927.exe	WerFault.exe
PID 2684 wrote to memory of 2520	2684	Unicorn-31927.exe	WerFault.exe
PID 2684 wrote to memory of 2520	2684	Unicorn-31927.exe	WerFault.exe
PID 2684 wrote to memory of 2520	2684	Unicorn-31927.exe	WerFault.exe
PID 1420 wrote to memory of 2376	1420	Unicorn-16983.exe	WerFault.exe
PID 1420 wrote to memory of 2376	1420	Unicorn-16983.exe	WerFault.exe
PID 1420 wrote to memory of 2376	1420	Unicorn-16983.exe	WerFault.exe
PID 1420 wrote to memory of 2376	1420	Unicorn-16983.exe	WerFault.exe
PID 2780 wrote to memory of 2724	2780	Unicorn-41055.exe	Unicorn-64813.exe
PID 2780 wrote to memory of 2724	2780	Unicorn-41055.exe	Unicorn-64813.exe
PID 2780 wrote to memory of 2724	2780	Unicorn-41055.exe	Unicorn-64813.exe
PID 2780 wrote to memory of 2724	2780	Unicorn-41055.exe	Unicorn-64813.exe
PID 2308 wrote to memory of 1616	2308	Unicorn-34362.exe	Unicorn-39754.exe
PID 2308 wrote to memory of 1616	2308	Unicorn-34362.exe	Unicorn-39754.exe
PID 2308 wrote to memory of 1616	2308	Unicorn-34362.exe	Unicorn-39754.exe
PID 2308 wrote to memory of 1616	2308	Unicorn-34362.exe	Unicorn-39754.exe

C:\Users\Admin\AppData\Local\Temp\7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe
"C:\Users\Admin\AppData\Local\Temp\7b1aefa1c7c8b781beedb2c8d912c6493cb18218f11d46b227ea171132aa1912.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18265.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30107.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11907.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
10⤵
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54990.exe
11⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
12⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
13⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 220
14⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 236
13⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
12⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 216
11⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29199.exe
11⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46900.exe
12⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
13⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42399.exe
14⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
14⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
13⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
12⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
11⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
10⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
9⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-58882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58882.exe
10⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47673.exe
11⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41891.exe
12⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13288.exe
13⤵
PID:10728

C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52129.exe
14⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10728 -s 216
14⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
13⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 216
12⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
11⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26864.exe
11⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-33460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33460.exe
12⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
13⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
12⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
11⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
10⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
9⤵
- Program crash
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63500.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37995.exe
9⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
10⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31337.exe
11⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
12⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
13⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52757.exe
14⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 236
14⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 220
13⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
11⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62426.exe
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38575.exe
11⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57165.exe
12⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
13⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11512 -s 216
13⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
12⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31040.exe
9⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33745.exe
11⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37684.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52596.exe
13⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
11⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
10⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
9⤵
- Program crash
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
8⤵
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26852.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60568.exe
8⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63158.exe
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63817.exe
10⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48690.exe
11⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33792.exe
12⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24631.exe
13⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
11⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60480.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
10⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39682.exe
11⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43193.exe
12⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 216
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
9⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
- Program crash
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
7⤵
- Program crash
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46718.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56469.exe
9⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23688.exe
10⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
11⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
12⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44897.exe
13⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
14⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
13⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
12⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
11⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57766.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40979.exe
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16309.exe
12⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62331.exe
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 236
13⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
11⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47377.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34.exe
10⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61482.exe
11⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56895.exe
12⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42643.exe
13⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
13⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6164 -s 216
12⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
11⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
10⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
9⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
8⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-58882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58882.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1056.exe
10⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50657.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25344.exe
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 220
12⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
11⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43952.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59728.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
11⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34667.exe
12⤵
PID:976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 236
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
11⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
9⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
8⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-32965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32965.exe
7⤵
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
7⤵
- Program crash
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
6⤵
- Program crash
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63936.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26023.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13744.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29827.exe
9⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11819.exe
10⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14123.exe
11⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49038.exe
12⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
13⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16001.exe
14⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 236
14⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
13⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 236
12⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
11⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 236
10⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4206.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
10⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1975.exe
11⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25244.exe
12⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50318.exe
13⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
13⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
12⤵
PID:11060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
10⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
9⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
8⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29391.exe
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61591.exe
11⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54786.exe
13⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
13⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
12⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 216
9⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 220
8⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6323.exe
7⤵
- Executes dropped EXE
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
8⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47517.exe
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54985.exe
11⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
12⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62871.exe
13⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 236
13⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
12⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 236
11⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
10⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 216
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16423.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1223.exe
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
10⤵
PID:9048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
8⤵
- Program crash
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
7⤵
- Program crash
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57579.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44471.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64637.exe
8⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23553.exe
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-714.exe
11⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37845.exe
12⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19784.exe
13⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9820 -s 236
13⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
11⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
9⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
10⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61340.exe
12⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 236
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6728.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62058.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
11⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 220
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 216
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
8⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18129.exe
7⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46822.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
9⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38597.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63662.exe
11⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
8⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
7⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
6⤵
- Program crash
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55441.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52831.exe
7⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33911.exe
8⤵
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30486.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43672.exe
10⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
11⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64539.exe
12⤵
PID:11764

C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46483.exe
13⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11764 -s 216
13⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 236
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
11⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 236
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49515.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32982.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25494.exe
10⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7502.exe
11⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30474.exe
12⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
12⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
11⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
9⤵
PID:6672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 240
8⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48856.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3843.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15384.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-413.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21784.exe
11⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
12⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 236
12⤵
PID:8900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 220
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
8⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
7⤵
- Program crash
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
6⤵
- Program crash
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63526.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45410.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47953.exe
7⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49152.exe
8⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54087.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41721.exe
10⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33901.exe
11⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63909.exe
12⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
10⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22645.exe
9⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61441.exe
10⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34641.exe
11⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11416 -s 216
11⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 216
10⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
9⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
8⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25202.exe
7⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61871.exe
8⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
9⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
10⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
11⤵
PID:3012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 220
10⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 220
9⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
8⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
7⤵
- Program crash
PID:3704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
6⤵
- Program crash
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
5⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11056.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37974.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55462.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37647.exe
8⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13765.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39972.exe
10⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1181.exe
11⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43961.exe
13⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
13⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
12⤵
PID:11096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
11⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
9⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2068.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57870.exe
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-989.exe
10⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
11⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53883.exe
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 216
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
10⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52592.exe
7⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38161.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28535.exe
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65317.exe
11⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45440.exe
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
12⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
11⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61850.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21929.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30699.exe
10⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34174.exe
11⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 236
11⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
10⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
8⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
- Program crash
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13038.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33563.exe
7⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49946.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54689.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44056.exe
10⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38732.exe
11⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
12⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7448.exe
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
13⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
12⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60397.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25006.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41119.exe
10⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
11⤵
PID:12272

C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17506.exe
12⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34164.exe
7⤵
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 240
8⤵
- Program crash
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 220
7⤵
- Program crash
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
6⤵
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61087.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2177.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41731.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1705.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33174.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29.exe
10⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
11⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
12⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
10⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
- Program crash
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16650.exe
7⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
8⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-304.exe
9⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
10⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46727.exe
11⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
11⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
10⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
9⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
8⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56676.exe
6⤵
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
7⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13760.exe
8⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19516.exe
9⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10992.exe
10⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 236
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
9⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
8⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1180 -s 216
7⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 240
6⤵
- Program crash
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
5⤵
- Program crash
PID:776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9769.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58861.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64097.exe
9⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
10⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
11⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16366.exe
12⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
13⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 220
14⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
13⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
12⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
11⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61954.exe
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40434.exe
11⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9775.exe
12⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44232.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13957.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
11⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
12⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63203.exe
13⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
13⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
12⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
11⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
9⤵
PID:4608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
8⤵
- Program crash
PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 236
7⤵
- Program crash
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4891.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
8⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61020.exe
9⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60392.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1565.exe
11⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12904.exe
12⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64298.exe
13⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 220
13⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
10⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10428.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20538.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42873.exe
10⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
11⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 220
11⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 220
8⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
7⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50003.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
10⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62733.exe
11⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
12⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 220
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 236
11⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 236
10⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63386.exe
8⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44051.exe
9⤵
PID:7408

C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63942.exe
10⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64189.exe
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 220
11⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7408 -s 204
10⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
9⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
8⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:3000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
6⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47870.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52037.exe
8⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37175.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48654.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13340.exe
12⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22773.exe
13⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 236
13⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
11⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33837.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51944.exe
10⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5063.exe
11⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34283.exe
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 216
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 216
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61570.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27283.exe
10⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25152.exe
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 236
11⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 220
10⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
8⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58814.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45919.exe
9⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34046.exe
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 212
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32659.exe
8⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4170.exe
9⤵
PID:8124

C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2510.exe
10⤵
PID:11720

C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61963.exe
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8124 -s 216
10⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
9⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
8⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
7⤵
- Program crash
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22851.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:312

C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25203.exe
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
8⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57678.exe
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1840.exe
10⤵
PID:7376

C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42640.exe
11⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7376 -s 216
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 220
10⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
7⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39889.exe
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37253.exe
9⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
10⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52643.exe
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 220
10⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 220
9⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
8⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 312 -s 240
7⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
6⤵
- Program crash
PID:1476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
5⤵
- Program crash
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39837.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19090.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:672

C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
8⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36516.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55924.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34705.exe
11⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12297.exe
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 220
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 220
11⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
10⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37070.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24923.exe
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13495.exe
10⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61721.exe
11⤵
PID:10412

C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45056.exe
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10412 -s 236
12⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 220
11⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
10⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 672 -s 240
8⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3583.exe
7⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
9⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-688.exe
10⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-735.exe
11⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57687.exe
12⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 204
11⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
8⤵
PID:4620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
7⤵
- Program crash
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46287.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54175.exe
7⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35805.exe
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7118.exe
11⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56265.exe
12⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 236
12⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
10⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35032.exe
9⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48426.exe
10⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 220
11⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
10⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
9⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 220
8⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59437.exe
7⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27061.exe
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41446.exe
9⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58493.exe
10⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25295.exe
11⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 220
11⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
10⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
9⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
8⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 240
7⤵
- Program crash
PID:3416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1160 -s 240
6⤵
- Program crash
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20630.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31342.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1116

C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62343.exe
7⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
9⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28566.exe
10⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20684.exe
11⤵
PID:11980

C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2840.exe
12⤵
PID:9800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
11⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
10⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
9⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6152.exe
7⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21498.exe
8⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59593.exe
9⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56729.exe
10⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 220
10⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
9⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
8⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1116 -s 240
7⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54730.exe
6⤵
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
7⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12753.exe
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64471.exe
9⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41060.exe
10⤵
PID:12628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48180.exe
11⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12628 -s 236
11⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
10⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
9⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
8⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 236
7⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
6⤵
- Program crash
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
5⤵
- Program crash
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35670.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21939.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60916.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1253.exe
7⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19988.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31036.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3361.exe
11⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 220
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
9⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 216
7⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12353.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49707.exe
7⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42546.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45530.exe
10⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27430.exe
11⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28637.exe
12⤵
PID:2384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 236
12⤵
PID:7488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
11⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57491.exe
7⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56033.exe
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32375.exe
9⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
10⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
9⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
8⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
7⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
6⤵
- Program crash
PID:1884

C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53495.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62945.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13490.exe
7⤵
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30294.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22676.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6635.exe
10⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42505.exe
11⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51361.exe
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10064 -s 216
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 236
8⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30848.exe
7⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43973.exe
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43392.exe
9⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65063.exe
10⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
11⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 236
11⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
10⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
9⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
8⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55078.exe
6⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32240.exe
7⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34928.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64388.exe
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6520 -s 220
10⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
9⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
8⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
7⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
6⤵
- Program crash
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
5⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36883.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7823.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9660.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16266.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
10⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33728.exe
8⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
9⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22028.exe
10⤵
PID:11544

C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12378.exe
11⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
10⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
9⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 240
8⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 216
7⤵
- Program crash
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
6⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15904.exe
7⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37367.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55369.exe
9⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56511.exe
10⤵
PID:9764

C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30339.exe
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 216
11⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
10⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
9⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
8⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46282.exe
7⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20834.exe
8⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19454.exe
9⤵
PID:9388

C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24828.exe
10⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9388 -s 236
10⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
9⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 236
8⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
7⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
6⤵
- Program crash
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51248.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
6⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24264.exe
7⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18976.exe
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29770.exe
9⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34695.exe
10⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3011.exe
11⤵
PID:2420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10276 -s 216
11⤵
PID:10164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
10⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
9⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
8⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
7⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12374.exe
6⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50195.exe
7⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47860.exe
8⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16522.exe
9⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18881.exe
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 204
9⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
8⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
7⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 220
6⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
5⤵
- Program crash
PID:108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
4⤵
- Program crash
PID:2108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
2⤵
- Program crash
PID:2752

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10257.exe
Filesize
184KB

MD5
ba122a48c406b1ffb4fcc3f3ff019166

SHA1
c697af247bcd3d6d585e986af4d11fb072443637

SHA256
b90141389707f0e87a41000a51e3462421eac4820088cbafdb4237f105763996

SHA512
e6167873262ae099694cb14264dc621a7bb0f6152201b7f267c36eb3161529357afd0ab9c96e33cff1beea9af87e0f0f7491f8e7923cd099148f4e8ad01b444b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16983.exe
Filesize
184KB

MD5
e6f0501376dd1cff760da7d726209414

SHA1
dafefc180a5123c9f1e6a778b1df4c9420b35304

SHA256
f2c267928f37ceb6d1609ff01796b3cb1457b781f18ae9e9e6af8874a5acfdc5

SHA512
173e124e0348613e63a9fe7e2026729aff4ea6cdbb3fe5c1b428eacf15aea88fc8dacdc8b773032108b50cfe70e52a03e1f96973082ae6dea689970754d2ba94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19732.exe
Filesize
184KB

MD5
0276460469e1850b9234ac7f667d1f2a

SHA1
7b54c42d7aef3f5b81e877fd3ef7381b62a21121

SHA256
35819ed58e48319bab8568da577aee779d03ab10823af3a557c4c59b9be8bd03

SHA512
36d68a8baf28a380e5b374ad6a3273cb7a3a5deb5e83f2202e995766fff51c2e70d784149869223ca81319f5d81979951f8f708df8587b294f7fb0f01e5fb53d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40059.exe
Filesize
184KB

MD5
c87f8092381d5ac254fa0f458e246fe5

SHA1
e1ec485f68984bceeed46909a4ed7eafd1ddea02

SHA256
e3f6fdd42cd44032673523b64e4fb7c5938f3e62f4d6562eba3a7fcf44172b4f

SHA512
64f4854bdca1b7512c6091f9c36253e839ea6358ed988e0c5b144581236332fabb8c9689b650ca16ebc9aba87a9a7d5512d02824077c93b359f2eb245d7b6756

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40853.exe
Filesize
184KB

MD5
7460b51b34de3014c90e085240f681c3

SHA1
e4119cadac7f3cd06eea9881452bc6bcda9bfbf1

SHA256
6afa7f518baabe1d02fb511fe93143cb53eb1fb0796d2ca249a988ec2e427fc0

SHA512
63bedd5f014162c6f3664b0679e5178845356824eb79a4e4d10e14e9cda02112ac1713db3720063204cf2008a54b3ec00f36faa8d6551574ba1b6c09b2430a54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41055.exe
Filesize
184KB

MD5
e92a0820149a42e1ec15807174ff0f56

SHA1
4c14e4b5c0f47cc0459dc0ef324d327b72d2ceeb

SHA256
db058b518c493363408fa6f2bec27b205e5c96330e1f63c306d157e339184b1c

SHA512
11db9adc0f8576ad3bfca7d4e564dbeb9f1051e3506f6996becea341ef214ff1ba59ee9669334ad884569733c2eb9f04e0688ee6ba7c6bfdfaf27a55c8bacd6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41138.exe
Filesize
184KB

MD5
5f3e42073a4ed160705fc56df29bbaf3

SHA1
9631b1eb4d54027166b278b6b6d5a4724b074f8e

SHA256
43f915858f1b588b7b8b49eacfa79af595e9be3795ab63128b0026ab5823b8d0

SHA512
b38aaa4679e3903f2f441dea3d7e079712ef32bfe8f8d6cc6d10f1858dac70a842057a954e0f4e0f5659366c36fb09d306dd84c5edefe8694f4ce6a83f285002

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-44570.exe
Filesize
184KB

MD5
598e2d932cb39515ead8bda196d14278

SHA1
3613929da8ae43ddb32cc4768711eb5f069a5554

SHA256
c66a7dfa4a1c8e0af3032a323a8d126baad0fa8956add5451bbc226bda8b93f9

SHA512
f289b26964fc30b3d2202013d666ea44b4a192872e80e234781b75f30a68416f97af04ce028e352a979ed7e7597a2fc3f6baf354e5b126796d9d6720bdeee197

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5576.exe
Filesize
184KB

MD5
baf30b1ba081ecd4e293decb5ee9f4ba

SHA1
6c4488494b019435c91ca98f62ac8efe8008526e

SHA256
38d94157d43da9bc6d50ccb00b376fce6ce0105394d30358aeb0c0cb8568a1f6

SHA512
4a216a57929025abbc69fc2232c938a0a11f3de4ad376391d0206782ca7ac5d22ad73272a9c4034e992db6ffd22cc4bbdd27452fa18f918e6c5ae3fc7c32205d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5685.exe
Filesize
184KB

MD5
5f65ac34c330633f19aa57d72c622b87

SHA1
7fb69aa740d6db23ae48ea56ac07f47e3c5e64ec

SHA256
d6be9c03752ce46986f3444c3d13f3260dac7fcb04430f0c39cff57e0e975c1d

SHA512
73b753fad5150747ae3af330d7c5ff73e590db3286a0da7aefe22d152253231d66c34e86e32eb4b8f3a9961ee9f279d3f969dee483c003ec50b20a7ee7f502ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59474.exe
Filesize
184KB

MD5
39409003f38481dbbed476e70d42e0ed

SHA1
e719ad0633addc05935def6df72faba689a006ba

SHA256
1126df9ecbb110b502df1723f383d0a8ecd2eda913bada894a0b9100a2bd0f1b

SHA512
229ce7cd3c894c99f6fe529b99fc9191255e20dc9b2623259098de1ccfa8656c5efbbf5965dae3a6876dc0939a210d280f679dcef4ee6a7f68782152882b3a0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59863.exe
Filesize
184KB

MD5
726830fb969def4be645975a7773a2c0

SHA1
7be519ea47fd52469c6709894fac20536d4c0ea9

SHA256
54d956040fc6788f2809dd6631067bd1d3866eff719a44a5caea35e792a460bb

SHA512
5a5eb2d2dbfd2e8010a4fd9a4c16aaedbc64960f45a6f53aca5aea8bcf3b4feb733dca650968ce765b10302c3ef49389da91b90d79401a68db5780916303f7b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59878.exe
Filesize
184KB

MD5
359cfe0c746684cced3aec72a492ea41

SHA1
ac7e9fa41fb1670be4785507d96fd7a71ade8dc1

SHA256
7b83aefb50293b57564b8c69a6c3cdf3024e08f370b5b2b0c34bec05d0032253

SHA512
606d661adbc7985e30e05984df87ac81195dae6bb67b1e2d88d94692803bfd54a5de4b3106fdf50114b7a000de2b925ca1a6febcfe3859d0c045c3304d027125

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63542.exe
Filesize
184KB

MD5
1339ba65ae6cdd3110784a376af82f0b

SHA1
f6b150333e35783bb83e1628941fedcccd2e085c

SHA256
33e3ba895bb7b86f6d7c4902d2d5ad5ae8d2ce65d5774a70baf30e5ef22df16b

SHA512
639388fdea6ff56cefd5c61ebf8e835528c33f0cd5d77e19917fd43fcb088f1b6ce09741e7bac87a4e6666e81cd0a041d8cbf422017192c14de1cb045fbcd637

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22349.exe
Filesize
184KB

MD5
fb3e22d0055ce1d75f6feafbca84dcf3

SHA1
9ea7b54a78f991e8f74a57a676469e91a229258d

SHA256
2f462fe2baab14462fa72c9bee9c9fec7a6405c9422995652b8cbab4455efcc4

SHA512
1ea72ed74e8f2e4a28ee8446761f8db85cf8048354a0d6fa05e1c6c88999ee9080dfcb6826a63f5241ca36eec258c7526297b208f36aac01f9aedb25786a0891

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2483.exe
Filesize
184KB

MD5
d7b5c93dbee73dc71d4f410083cdf5be

SHA1
285f3dd01f83b020bcff8124f0f81c716905d5ad

SHA256
8284b80f79a69ea6d9810e7c2716af3c3040bfaa484b63a491a1bf4398a34a64

SHA512
68808b5ba09741a1eb5a0cd6d477712ef822aeabc08a3cd27cebcacac1e6c63a2978fe512d143078f2b4e413789b487d6ca3ccdd067594cb420a25ce6dc76a3f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31927.exe
Filesize
184KB

MD5
6793b99f6def90a6b096b998152a2276

SHA1
dc6e4f9ad5314ebcffc759a19199d55c8cc5c5d2

SHA256
336477b12c2708d190ccb6ca0911dcadf4b96ed92411f11299804fae03ea4fa1

SHA512
e48f722d53189fdf155e1562e7af0f01a22103d8bbdfc55d7629dbe4c1356413eab128cc84d5327f530e5b9b43c0d34767ed52616fb19d6185eeed592fdaff3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34362.exe
Filesize
184KB

MD5
f99d0acb479a5c56b0bf81269c6e4ec5

SHA1
ad5b5baba86e79fd136ae89272f027d087f54c72

SHA256
bcc4cb6c6957ba4bef529e09e85c82fbfba4b952139f805d93ec452839cc8afd

SHA512
7f563126c4672949065df5657c56b2a11342e7e130e7926ebe6bb46e5a6f4a0d2195ac34b64ef4dd0f4809d3b96b96f1a4c92ea8171fabfecee89995a05b5a39

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39754.exe
Filesize
184KB

MD5
ae16e678d4b7d56637271f40cc7d3723

SHA1
05b6ff73127a11e2ee9da9804eb22c3a4cf43232

SHA256
1104e30587a8b4d8d06e9c81ec098501da9643c7efd33bc7ba3e7cc758a8bdbd

SHA512
89a1b7bd69b9a5d5e7c016092ff2ea7b34cba3e3d2e78e338c6cdb5bf7834f6341f5796492893265af2455d2fe3cb1afc5ab40330bc8151f7b163709bafdfebe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60921.exe
Filesize
184KB

MD5
676c015de220345ec34ab9a92ba52bc4

SHA1
63eed3b41675d0f9eadf7992d6c0c767f3ac545a

SHA256
140dd897f7f4cc5117d53122ffbbcda0c6acfaf1f9d7ace208fcb1811ca8dfc1

SHA512
61ca487d3128e1b7ec0c055e1822dd56f40c1c8ab1ba70b93b086b6facb01012d862048301adb203fbb6b1f5beb7f232502e7d79d6a9ab870243a9c4e295828d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
Filesize
184KB

MD5
6c9050c3deaeded461be8cdf5de98a8c

SHA1
e35efa79bfb3fdb7e8ec84a095a1850d046a0559

SHA256
79954f93cfa58cc8d6a7ce62a238d08c5943ec0f235eb7ea4d5c4079b287376b

SHA512
1e78dbd278427df6c19e560f1bd97bfafb65031df4f37cb2123bbca46ad19969f26808083a02b977bc8a06c2f27d69e0e8a5af8046c34045abd712fd2b4cfa4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64813.exe
Filesize
184KB

MD5
a7ab2ff9984b886a4c168d6cd8ce08d2

SHA1
fffe8d495727b01e9ba4afadef0936ebefe91f73

SHA256
6ecf819ef415e1063a175d231d2719ebc2362989fbb1a564e0ec592045499a71

SHA512
93daf7185a64c62e93bbbf25276789cc263a05a3ccde283451eedb703b1a22fee1600b0f149e57b4ae33fc37dca9d313b832a11241628441d67663ef4220c798

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads