7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
Size

184KB
MD5

875039183e48285e9bea0ac1749bcd31
SHA1

1a26455397b75c59287285ae3637ca5f839587b5
SHA256

7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e
SHA512

64c75f88ca3ddfd25bc9c3f2a887abc6986c80eca412d3f000301133cd4fe70d7414fc862687c0a8af569adee8024b70b7bb6af56fd52eb06dc189827c420ef8
SSDEEP

1536:8BZ+6jZ5uzY8o5x1/lhAFawMRMeyvZc89mddjweR3VQRtXhl5hj5nizpvS:Y7ezY8ofBlhzdRxWevweRW3XhlnViFq

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-41949.exeUnicorn-29780.exeUnicorn-44725.exeUnicorn-34788.exeUnicorn-49733.exeUnicorn-34788.exeUnicorn-33479.exeUnicorn-8228.exeUnicorn-4144.exeUnicorn-27449.exeUnicorn-16672.exeUnicorn-51482.exeUnicorn-58259.exeUnicorn-47398.exeUnicorn-31616.exeUnicorn-60802.exeUnicorn-2042.exeUnicorn-51072.exeUnicorn-51072.exeUnicorn-480.exeUnicorn-46988.exeUnicorn-46988.exeUnicorn-61933.exeUnicorn-53293.exeUnicorn-14398.exeUnicorn-60070.exeUnicorn-47263.exeUnicorn-62208.exeUnicorn-59515.exeUnicorn-8923.exeUnicorn-55431.exeUnicorn-4839.exeUnicorn-2146.exeUnicorn-63599.exeUnicorn-63599.exeUnicorn-13007.exeUnicorn-2193.exeUnicorn-47865.exeUnicorn-6277.exeUnicorn-29390.exeUnicorn-49256.exeUnicorn-4331.exeUnicorn-16584.exeUnicorn-31528.exeUnicorn-44980.exeUnicorn-44980.exeUnicorn-26698.exeUnicorn-6832.exeUnicorn-2748.exeUnicorn-55.exeUnicorn-61508.exeUnicorn-41642.exeUnicorn-30782.exeUnicorn-30782.exeUnicorn-53895.exeUnicorn-43034.exeUnicorn-49811.exeUnicorn-38156.exeUnicorn-53101.exeUnicorn-19682.exeUnicorn-3153.exeUnicorn-44741.exeUnicorn-11321.exeUnicorn-18098.exe

pid	process
2268	Unicorn-41949.exe
1544	Unicorn-29780.exe
2676	Unicorn-44725.exe
2652	Unicorn-34788.exe
2840	Unicorn-49733.exe
2272	Unicorn-34788.exe
3044	Unicorn-33479.exe
2028	Unicorn-8228.exe
2852	Unicorn-4144.exe
2744	Unicorn-27449.exe
1444	Unicorn-16672.exe
1664	Unicorn-51482.exe
2076	Unicorn-58259.exe
2488	Unicorn-47398.exe
1564	Unicorn-31616.exe
320	Unicorn-60802.exe
1168	Unicorn-2042.exe
2192	Unicorn-51072.exe
1660	Unicorn-51072.exe
1916	Unicorn-480.exe
2036	Unicorn-46988.exe
2504	Unicorn-46988.exe
2388	Unicorn-61933.exe
1384	Unicorn-53293.exe
2120	Unicorn-14398.exe
1672	Unicorn-60070.exe
1904	Unicorn-47263.exe
2908	Unicorn-62208.exe
2320	Unicorn-59515.exe
1528	Unicorn-8923.exe
2296	Unicorn-55431.exe
1616	Unicorn-4839.exe
2300	Unicorn-2146.exe
1676	Unicorn-63599.exe
2400	Unicorn-63599.exe
1068	Unicorn-13007.exe
2760	Unicorn-2193.exe
2696	Unicorn-47865.exe
2600	Unicorn-6277.exe
1988	Unicorn-29390.exe
2808	Unicorn-49256.exe
772	Unicorn-4331.exe
2980	Unicorn-16584.exe
348	Unicorn-31528.exe
1760	Unicorn-44980.exe
2596	Unicorn-44980.exe
1604	Unicorn-26698.exe
2080	Unicorn-6832.exe
1748	Unicorn-2748.exe
2284	Unicorn-55.exe
2140	Unicorn-61508.exe
2248	Unicorn-41642.exe
484	Unicorn-30782.exe
332	Unicorn-30782.exe
1028	Unicorn-53895.exe
1612	Unicorn-43034.exe
556	Unicorn-49811.exe
1856	Unicorn-38156.exe
2376	Unicorn-53101.exe
2056	Unicorn-19682.exe
2108	Unicorn-3153.exe
2088	Unicorn-44741.exe
2576	Unicorn-11321.exe
768	Unicorn-18098.exe

Loads dropped DLL 64 IoCs

Processes:

7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exeUnicorn-41949.exeUnicorn-29780.exeUnicorn-44725.exeWerFault.exeUnicorn-49733.exeUnicorn-34788.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-4144.exeUnicorn-8228.exeUnicorn-27449.exeWerFault.exeUnicorn-16672.exeUnicorn-51482.exeUnicorn-31616.exe

pid	process
2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
2268	Unicorn-41949.exe
2268	Unicorn-41949.exe
2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
1544	Unicorn-29780.exe
2676	Unicorn-44725.exe
1544	Unicorn-29780.exe
2268	Unicorn-41949.exe
2268	Unicorn-41949.exe
2556	WerFault.exe
2556	WerFault.exe
2556	WerFault.exe
2556	WerFault.exe
2556	WerFault.exe
2676	Unicorn-44725.exe
2676	Unicorn-44725.exe
2840	Unicorn-49733.exe
2840	Unicorn-49733.exe
2272	Unicorn-34788.exe
2272	Unicorn-34788.exe
1544	Unicorn-29780.exe
1544	Unicorn-29780.exe
620	WerFault.exe
620	WerFault.exe
2016	WerFault.exe
620	WerFault.exe
2016	WerFault.exe
620	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
620	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2340	WerFault.exe
2852	Unicorn-4144.exe
2852	Unicorn-4144.exe
2028	Unicorn-8228.exe
2028	Unicorn-8228.exe
2272	Unicorn-34788.exe
2840	Unicorn-49733.exe
2840	Unicorn-49733.exe
2744	Unicorn-27449.exe
2272	Unicorn-34788.exe
2744	Unicorn-27449.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
2952	WerFault.exe
1444	Unicorn-16672.exe
1444	Unicorn-16672.exe
2852	Unicorn-4144.exe
2852	Unicorn-4144.exe
1664	Unicorn-51482.exe
1564	Unicorn-31616.exe
1564	Unicorn-31616.exe
1664	Unicorn-51482.exe
2028	Unicorn-8228.exe
2028	Unicorn-8228.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2720	2288	WerFault.exe	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
2556	2268	WerFault.exe	Unicorn-41949.exe
2016	1544	WerFault.exe	Unicorn-29780.exe
620	2676	WerFault.exe	Unicorn-44725.exe
2340	3044	WerFault.exe	Unicorn-33479.exe
2952	2272	WerFault.exe	Unicorn-34788.exe
2084	2852	WerFault.exe	Unicorn-4144.exe
1600	2028	WerFault.exe	Unicorn-8228.exe
1560	2744	WerFault.exe	Unicorn-27449.exe
2736	1444	WerFault.exe	Unicorn-16672.exe
380	1564	WerFault.exe	Unicorn-31616.exe
2816	1664	WerFault.exe	Unicorn-51482.exe
2788	2488	WerFault.exe	Unicorn-47398.exe
2708	2076	WerFault.exe	Unicorn-58259.exe
2040	320	WerFault.exe	Unicorn-60802.exe
1928	1168	WerFault.exe	Unicorn-2042.exe
1524	2192	WerFault.exe	Unicorn-51072.exe
876	1660	WerFault.exe	Unicorn-51072.exe
1796	2036	WerFault.exe	Unicorn-46988.exe
1728	1916	WerFault.exe	Unicorn-480.exe
2252	2504	WerFault.exe	Unicorn-46988.exe
2256	2388	WerFault.exe	Unicorn-61933.exe
2892	1384	WerFault.exe	Unicorn-53293.exe
2552	2120	WerFault.exe	Unicorn-14398.exe
1348	1672	WerFault.exe	Unicorn-60070.exe
1112	1904	WerFault.exe	Unicorn-47263.exe
1920	2908	WerFault.exe	Unicorn-62208.exe
1736	1528	WerFault.exe	Unicorn-8923.exe
2280	2296	WerFault.exe	Unicorn-55431.exe
2148	1676	WerFault.exe	Unicorn-63599.exe
2588	2320	WerFault.exe	Unicorn-59515.exe
2624	1616	WerFault.exe	Unicorn-4839.exe
2512	1068	WerFault.exe	Unicorn-13007.exe
1064	2300	WerFault.exe	Unicorn-2146.exe
2072	2400	WerFault.exe	Unicorn-63599.exe
3604	2760	WerFault.exe	Unicorn-2193.exe
3620	2696	WerFault.exe	Unicorn-47865.exe
3812	1988	WerFault.exe	Unicorn-29390.exe
3804	2600	WerFault.exe	Unicorn-6277.exe
3860	772	WerFault.exe	Unicorn-4331.exe
3868	2980	WerFault.exe	Unicorn-16584.exe
4084	1748	WerFault.exe	Unicorn-2748.exe
4092	1612	WerFault.exe	Unicorn-43034.exe
3124	2284	WerFault.exe	Unicorn-55.exe
3120	1028	WerFault.exe	Unicorn-53895.exe
3184	348	WerFault.exe	Unicorn-31528.exe
3204	2808	WerFault.exe	Unicorn-49256.exe
3352	1760	WerFault.exe	Unicorn-44980.exe
3432	2596	WerFault.exe	Unicorn-44980.exe
3472	2080	WerFault.exe	Unicorn-6832.exe
3592	484	WerFault.exe	Unicorn-30782.exe
3788	1604	WerFault.exe	Unicorn-26698.exe
3900	2108	WerFault.exe	Unicorn-3153.exe
3960	332	WerFault.exe	Unicorn-30782.exe
3996	2248	WerFault.exe	Unicorn-41642.exe
3308	2576	WerFault.exe	Unicorn-11321.exe
3344	556	WerFault.exe	Unicorn-49811.exe
3532	768	WerFault.exe	Unicorn-18098.exe
3584	2712	WerFault.exe	Unicorn-30350.exe
3780	1680	WerFault.exe	Unicorn-20236.exe
3520	2520	WerFault.exe	Unicorn-200.exe
3912	2200	WerFault.exe	Unicorn-5867.exe
4064	1724	WerFault.exe	Unicorn-14035.exe
3236	880	WerFault.exe	Unicorn-44762.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exeUnicorn-41949.exeUnicorn-29780.exeUnicorn-44725.exeUnicorn-49733.exeUnicorn-34788.exeUnicorn-33479.exeUnicorn-8228.exeUnicorn-4144.exeUnicorn-27449.exeUnicorn-16672.exeUnicorn-51482.exeUnicorn-58259.exeUnicorn-31616.exeUnicorn-47398.exeUnicorn-60802.exeUnicorn-2042.exeUnicorn-51072.exeUnicorn-51072.exeUnicorn-480.exeUnicorn-46988.exeUnicorn-46988.exeUnicorn-61933.exeUnicorn-53293.exeUnicorn-14398.exeUnicorn-60070.exeUnicorn-47263.exeUnicorn-62208.exeUnicorn-8923.exeUnicorn-59515.exeUnicorn-55431.exeUnicorn-4839.exeUnicorn-2146.exeUnicorn-63599.exeUnicorn-63599.exeUnicorn-13007.exeUnicorn-2193.exeUnicorn-47865.exeUnicorn-6277.exeUnicorn-29390.exeUnicorn-49256.exeUnicorn-4331.exeUnicorn-16584.exeUnicorn-31528.exeUnicorn-44980.exeUnicorn-44980.exeUnicorn-26698.exeUnicorn-6832.exeUnicorn-2748.exeUnicorn-61508.exeUnicorn-55.exeUnicorn-41642.exeUnicorn-30782.exeUnicorn-53895.exeUnicorn-30782.exeUnicorn-43034.exeUnicorn-49811.exeUnicorn-38156.exeUnicorn-53101.exeUnicorn-19682.exeUnicorn-3153.exeUnicorn-44741.exeUnicorn-11321.exeUnicorn-7237.exe

pid	process
2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
2268	Unicorn-41949.exe
1544	Unicorn-29780.exe
2676	Unicorn-44725.exe
2840	Unicorn-49733.exe
2272	Unicorn-34788.exe
3044	Unicorn-33479.exe
2028	Unicorn-8228.exe
2852	Unicorn-4144.exe
2744	Unicorn-27449.exe
1444	Unicorn-16672.exe
1664	Unicorn-51482.exe
2076	Unicorn-58259.exe
1564	Unicorn-31616.exe
2488	Unicorn-47398.exe
320	Unicorn-60802.exe
1168	Unicorn-2042.exe
2192	Unicorn-51072.exe
1660	Unicorn-51072.exe
1916	Unicorn-480.exe
2504	Unicorn-46988.exe
2036	Unicorn-46988.exe
2388	Unicorn-61933.exe
1384	Unicorn-53293.exe
2120	Unicorn-14398.exe
1672	Unicorn-60070.exe
1904	Unicorn-47263.exe
2908	Unicorn-62208.exe
1528	Unicorn-8923.exe
2320	Unicorn-59515.exe
2296	Unicorn-55431.exe
1616	Unicorn-4839.exe
2300	Unicorn-2146.exe
1676	Unicorn-63599.exe
2400	Unicorn-63599.exe
1068	Unicorn-13007.exe
2760	Unicorn-2193.exe
2696	Unicorn-47865.exe
2600	Unicorn-6277.exe
1988	Unicorn-29390.exe
2808	Unicorn-49256.exe
772	Unicorn-4331.exe
2980	Unicorn-16584.exe
348	Unicorn-31528.exe
1760	Unicorn-44980.exe
2596	Unicorn-44980.exe
1604	Unicorn-26698.exe
2080	Unicorn-6832.exe
1748	Unicorn-2748.exe
2140	Unicorn-61508.exe
2284	Unicorn-55.exe
2248	Unicorn-41642.exe
332	Unicorn-30782.exe
1028	Unicorn-53895.exe
484	Unicorn-30782.exe
1612	Unicorn-43034.exe
556	Unicorn-49811.exe
1856	Unicorn-38156.exe
2376	Unicorn-53101.exe
2056	Unicorn-19682.exe
2108	Unicorn-3153.exe
2088	Unicorn-44741.exe
2576	Unicorn-11321.exe
2424	Unicorn-7237.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

description	pid	process	target process
PID 2288 wrote to memory of 2268	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-41949.exe
PID 2288 wrote to memory of 2268	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-41949.exe
PID 2288 wrote to memory of 2268	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-41949.exe
PID 2288 wrote to memory of 2268	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-41949.exe
PID 2268 wrote to memory of 1544	2268	Unicorn-41949.exe	Unicorn-29780.exe
PID 2268 wrote to memory of 1544	2268	Unicorn-41949.exe	Unicorn-29780.exe
PID 2268 wrote to memory of 1544	2268	Unicorn-41949.exe	Unicorn-29780.exe
PID 2268 wrote to memory of 1544	2268	Unicorn-41949.exe	Unicorn-29780.exe
PID 2288 wrote to memory of 2676	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-44725.exe
PID 2288 wrote to memory of 2676	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-44725.exe
PID 2288 wrote to memory of 2676	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-44725.exe
PID 2288 wrote to memory of 2676	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	Unicorn-44725.exe
PID 2288 wrote to memory of 2720	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	WerFault.exe
PID 2288 wrote to memory of 2720	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	WerFault.exe
PID 2288 wrote to memory of 2720	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	WerFault.exe
PID 2288 wrote to memory of 2720	2288	7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe	WerFault.exe
PID 1544 wrote to memory of 2272	1544	Unicorn-29780.exe	Unicorn-34788.exe
PID 1544 wrote to memory of 2272	1544	Unicorn-29780.exe	Unicorn-34788.exe
PID 1544 wrote to memory of 2272	1544	Unicorn-29780.exe	Unicorn-34788.exe
PID 1544 wrote to memory of 2272	1544	Unicorn-29780.exe	Unicorn-34788.exe
PID 2268 wrote to memory of 2840	2268	Unicorn-41949.exe	Unicorn-49733.exe
PID 2268 wrote to memory of 2840	2268	Unicorn-41949.exe	Unicorn-49733.exe
PID 2268 wrote to memory of 2840	2268	Unicorn-41949.exe	Unicorn-49733.exe
PID 2268 wrote to memory of 2840	2268	Unicorn-41949.exe	Unicorn-49733.exe
PID 2268 wrote to memory of 2556	2268	Unicorn-41949.exe	WerFault.exe
PID 2268 wrote to memory of 2556	2268	Unicorn-41949.exe	WerFault.exe
PID 2268 wrote to memory of 2556	2268	Unicorn-41949.exe	WerFault.exe
PID 2268 wrote to memory of 2556	2268	Unicorn-41949.exe	WerFault.exe
PID 2676 wrote to memory of 3044	2676	Unicorn-44725.exe	Unicorn-33479.exe
PID 2676 wrote to memory of 3044	2676	Unicorn-44725.exe	Unicorn-33479.exe
PID 2676 wrote to memory of 3044	2676	Unicorn-44725.exe	Unicorn-33479.exe
PID 2676 wrote to memory of 3044	2676	Unicorn-44725.exe	Unicorn-33479.exe
PID 2840 wrote to memory of 2028	2840	Unicorn-49733.exe	Unicorn-8228.exe
PID 2840 wrote to memory of 2028	2840	Unicorn-49733.exe	Unicorn-8228.exe
PID 2840 wrote to memory of 2028	2840	Unicorn-49733.exe	Unicorn-8228.exe
PID 2840 wrote to memory of 2028	2840	Unicorn-49733.exe	Unicorn-8228.exe
PID 2272 wrote to memory of 2852	2272	Unicorn-34788.exe	Unicorn-4144.exe
PID 2272 wrote to memory of 2852	2272	Unicorn-34788.exe	Unicorn-4144.exe
PID 2272 wrote to memory of 2852	2272	Unicorn-34788.exe	Unicorn-4144.exe
PID 2272 wrote to memory of 2852	2272	Unicorn-34788.exe	Unicorn-4144.exe
PID 1544 wrote to memory of 2744	1544	Unicorn-29780.exe	Unicorn-27449.exe
PID 1544 wrote to memory of 2744	1544	Unicorn-29780.exe	Unicorn-27449.exe
PID 1544 wrote to memory of 2744	1544	Unicorn-29780.exe	Unicorn-27449.exe
PID 1544 wrote to memory of 2744	1544	Unicorn-29780.exe	Unicorn-27449.exe
PID 1544 wrote to memory of 2016	1544	Unicorn-29780.exe	WerFault.exe
PID 1544 wrote to memory of 2016	1544	Unicorn-29780.exe	WerFault.exe
PID 1544 wrote to memory of 2016	1544	Unicorn-29780.exe	WerFault.exe
PID 1544 wrote to memory of 2016	1544	Unicorn-29780.exe	WerFault.exe
PID 2676 wrote to memory of 620	2676	Unicorn-44725.exe	WerFault.exe
PID 2676 wrote to memory of 620	2676	Unicorn-44725.exe	WerFault.exe
PID 2676 wrote to memory of 620	2676	Unicorn-44725.exe	WerFault.exe
PID 2676 wrote to memory of 620	2676	Unicorn-44725.exe	WerFault.exe
PID 3044 wrote to memory of 2340	3044	Unicorn-33479.exe	WerFault.exe
PID 3044 wrote to memory of 2340	3044	Unicorn-33479.exe	WerFault.exe
PID 3044 wrote to memory of 2340	3044	Unicorn-33479.exe	WerFault.exe
PID 3044 wrote to memory of 2340	3044	Unicorn-33479.exe	WerFault.exe
PID 2852 wrote to memory of 1444	2852	Unicorn-4144.exe	Unicorn-16672.exe
PID 2852 wrote to memory of 1444	2852	Unicorn-4144.exe	Unicorn-16672.exe
PID 2852 wrote to memory of 1444	2852	Unicorn-4144.exe	Unicorn-16672.exe
PID 2852 wrote to memory of 1444	2852	Unicorn-4144.exe	Unicorn-16672.exe
PID 2028 wrote to memory of 1664	2028	Unicorn-8228.exe	Unicorn-51482.exe
PID 2028 wrote to memory of 1664	2028	Unicorn-8228.exe	Unicorn-51482.exe
PID 2028 wrote to memory of 1664	2028	Unicorn-8228.exe	Unicorn-51482.exe
PID 2028 wrote to memory of 1664	2028	Unicorn-8228.exe	Unicorn-51482.exe

C:\Users\Admin\AppData\Local\Temp\7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe
"C:\Users\Admin\AppData\Local\Temp\7b35f7c6c63d5408c229a14a70c72b4b359d457dd81d63f5c1d811a9896e474e.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60802.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53293.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2193.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38431.exe
11⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10610.exe
12⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53501.exe
13⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14793.exe
14⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10652.exe
15⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5476.exe
16⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
16⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
15⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
14⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
13⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
12⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4066.exe
11⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22775.exe
12⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-41436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41436.exe
13⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51493.exe
14⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47339.exe
15⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
15⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
14⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
13⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
12⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
11⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
10⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23932.exe
11⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46895.exe
12⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57964.exe
13⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
14⤵
PID:9560

C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28035.exe
15⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9560 -s 216
15⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
14⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
13⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
12⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
11⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
10⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53101.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11788.exe
10⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17025.exe
11⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
12⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
13⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16683.exe
14⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54677.exe
15⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
15⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
14⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
13⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
12⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36053.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16169.exe
11⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35406.exe
12⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20959.exe
13⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37032.exe
14⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
14⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
13⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
12⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
11⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
10⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1384 -s 240
9⤵
- Program crash
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47865.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19682.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46599.exe
10⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52520.exe
11⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64876.exe
12⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21400.exe
13⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17259.exe
14⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
15⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
15⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
14⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
13⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
12⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
11⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10288.exe
10⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46402.exe
11⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17316.exe
12⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25619.exe
13⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
14⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
14⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
13⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
12⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
11⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38985.exe
9⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
10⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55639.exe
11⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64378.exe
12⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39817.exe
13⤵
PID:9704

C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7422.exe
14⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9704 -s 216
14⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
13⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
12⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
11⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
10⤵
PID:4984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
9⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
8⤵
- Program crash
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49256.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
10⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5239.exe
11⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
12⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37819.exe
13⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17041.exe
14⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52835.exe
15⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
15⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
14⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
13⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
12⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 216
11⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 216
10⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24979.exe
9⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37720.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2712.exe
11⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
12⤵
PID:8148

C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22529.exe
13⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 220
14⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8148 -s 216
13⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
11⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
10⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
9⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18098.exe
8⤵
- Executes dropped EXE
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-57097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57097.exe
9⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58908.exe
10⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17295.exe
11⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39246.exe
12⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55585.exe
13⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
14⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 216
14⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 216
13⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
12⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
11⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 236
9⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
8⤵
- Program crash
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
7⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2042.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32571.exe
9⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46874.exe
10⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59422.exe
11⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
12⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16766.exe
13⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57199.exe
14⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
14⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 220
13⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 216
12⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
11⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 216
10⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 216
9⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44741.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32017.exe
9⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27798.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61451.exe
11⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
12⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62842.exe
13⤵
PID:9764

C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56898.exe
14⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9764 -s 216
14⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 236
13⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 236
12⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
11⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 216
10⤵
PID:5276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
8⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29390.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3153.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-21711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21711.exe
9⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43750.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
11⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4954.exe
12⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17677.exe
13⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2373.exe
14⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
14⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
13⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
12⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
11⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
10⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
9⤵
- Program crash
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14097.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12063.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11783.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
11⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-237.exe
12⤵
PID:10124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
13⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 216
13⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
12⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
11⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
9⤵
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
8⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
7⤵
- Program crash
PID:1928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
6⤵
- Program crash
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47263.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4331.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7237.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18203.exe
10⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
11⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28504.exe
12⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4186.exe
13⤵
PID:7100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 220
14⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
13⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
12⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
11⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
10⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61752.exe
11⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60377.exe
12⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52487.exe
13⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33100.exe
14⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
14⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
13⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
12⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
11⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 220
10⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6505.exe
9⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-771.exe
10⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63698.exe
11⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
12⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-704.exe
13⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49820.exe
14⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
14⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
13⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
12⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
11⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
10⤵
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
9⤵
- Program crash
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30350.exe
8⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8088.exe
9⤵
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49775.exe
11⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1529.exe
12⤵
PID:7260

C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40619.exe
13⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27838.exe
14⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
14⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7260 -s 216
13⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
12⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
11⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 216
10⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
9⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 240
8⤵
- Program crash
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31528.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
8⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22287.exe
9⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2717.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41140.exe
11⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3008.exe
12⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64739.exe
13⤵
PID:9460

C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10541.exe
14⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9460 -s 216
14⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
13⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
11⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51638.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55909.exe
11⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19480.exe
12⤵
PID:9588

C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40178.exe
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9588 -s 216
13⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 236
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 236
10⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37231.exe
8⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9323.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12826.exe
10⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
11⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61039.exe
12⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19286.exe
13⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
13⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
12⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
11⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 216
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 348 -s 240
8⤵
- Program crash
PID:3184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62208.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16584.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19490.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
9⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
10⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57668.exe
11⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22277.exe
12⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43408.exe
13⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30557.exe
14⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
14⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
13⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 236
11⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 236
10⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-23692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23692.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64082.exe
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-10600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10600.exe
11⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45.exe
12⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15975.exe
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
13⤵
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
12⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
11⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
9⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 216
8⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26266.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12810.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50870.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
10⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22220.exe
11⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25897.exe
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 220
12⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
10⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
7⤵
- Program crash
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
6⤵
- Program crash
PID:380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47398.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43034.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18949.exe
9⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62224.exe
10⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
11⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
12⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53714.exe
13⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46208.exe
14⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
14⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
13⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
12⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
11⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
10⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 216
9⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16728.exe
8⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
10⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59526.exe
11⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18437.exe
12⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-54101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54101.exe
13⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 236
12⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 236
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
9⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
8⤵
- Program crash
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49811.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14035.exe
8⤵
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-57481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57481.exe
9⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14668.exe
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12250.exe
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
12⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35767.exe
13⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54288.exe
14⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
14⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
13⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
12⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
11⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
10⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
9⤵
- Program crash
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29739.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
11⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
12⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20708.exe
13⤵
PID:8160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
12⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
10⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
9⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
8⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
7⤵
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
8⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24809.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61731.exe
10⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12935.exe
11⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17290.exe
12⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
13⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47874.exe
14⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
14⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 236
13⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
12⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
11⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
10⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47922.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17191.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56381.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41851.exe
11⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-45445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45445.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41128.exe
13⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 220
8⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
7⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28893.exe
8⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50543.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4518.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64220.exe
12⤵
PID:11040

C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26655.exe
13⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11040 -s 216
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 236
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
11⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
10⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
8⤵
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
7⤵
- Program crash
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
6⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61933.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63599.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55068.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15156.exe
11⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52951.exe
12⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61698.exe
13⤵
PID:10904

C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3857.exe
14⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10904 -s 216
14⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 216
13⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
12⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
11⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
10⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39753.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-278.exe
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5234.exe
10⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53527.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
12⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51626.exe
13⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 236
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4460 -s 216
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
8⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
7⤵
- Program crash
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2748.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 220
7⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
6⤵
- Program crash
PID:2256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
5⤵
- Program crash
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51072.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59515.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
9⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10226.exe
10⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35774.exe
11⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7289.exe
12⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19236.exe
13⤵
PID:7828

C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23899.exe
14⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58756.exe
15⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
15⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7828 -s 216
14⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
13⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
12⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
11⤵
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26598.exe
10⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-958.exe
11⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32640.exe
12⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
13⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30168.exe
14⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
14⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
13⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
12⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
11⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
10⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
9⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
8⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8472.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49033.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43190.exe
11⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24659.exe
12⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11122.exe
13⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
13⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 236
12⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
11⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
10⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
9⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
8⤵
- Program crash
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-41642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41642.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32510.exe
8⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37061.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1534.exe
11⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30035.exe
12⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13976.exe
13⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51958.exe
14⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
14⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
13⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
12⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
11⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
10⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
9⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55898.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25359.exe
9⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7372.exe
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23377.exe
11⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62357.exe
12⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35098.exe
13⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 236
12⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 236
11⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 236
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
9⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
8⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
7⤵
- Program crash
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8923.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-7813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7813.exe
8⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
9⤵
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
11⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
12⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30889.exe
13⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7500.exe
14⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 236
14⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
13⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
11⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 216
10⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35093.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64938.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-958.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58706.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57723.exe
12⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26276.exe
13⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 236
11⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 216
9⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
8⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-200.exe
7⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59043.exe
8⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27497.exe
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38675.exe
10⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14248.exe
11⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
12⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61548.exe
13⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 236
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
11⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
9⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 220
7⤵
- Program crash
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
6⤵
- Program crash
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-480.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2146.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30782.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
8⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26755.exe
9⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44373.exe
10⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15832.exe
12⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16878.exe
13⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
13⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
12⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
11⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10973.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49479.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50076.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36257.exe
11⤵
PID:7596

C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58325.exe
12⤵
PID:9512

C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56234.exe
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9512 -s 216
13⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7596 -s 216
12⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
9⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 220
8⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41040.exe
7⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-48597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48597.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
11⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2959.exe
12⤵
PID:10960

C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46115.exe
13⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10960 -s 216
13⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 236
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 216
9⤵
PID:5924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
8⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 220
7⤵
- Program crash
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53895.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52930.exe
7⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24420.exe
9⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63309.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45354.exe
11⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63229.exe
12⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
11⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 216
7⤵
- Program crash
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
6⤵
- Program crash
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
5⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55431.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44980.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31934.exe
8⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9842.exe
9⤵
PID:712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57948.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2053.exe
11⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14108.exe
12⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30964.exe
13⤵
PID:9968

C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18305.exe
14⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9968 -s 216
14⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
13⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
12⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 236
11⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 236
10⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44689.exe
9⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57284.exe
10⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45219.exe
11⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-41462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41462.exe
12⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43831.exe
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
13⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
12⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
11⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
10⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57652.exe
8⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19822.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35769.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28940.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8029.exe
12⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56291.exe
13⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 216
9⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
8⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20236.exe
7⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16257.exe
8⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4554.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13018.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28447.exe
11⤵
PID:7392

C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28834.exe
12⤵
PID:10868

C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19234.exe
13⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10868 -s 216
13⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7392 -s 216
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
11⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
9⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 236
8⤵
- Program crash
PID:3780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
7⤵
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6832.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
7⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4196.exe
8⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47725.exe
9⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14772.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7559.exe
11⤵
PID:7504

C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
12⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58839.exe
13⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 216
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7504 -s 216
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4664 -s 216
10⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
9⤵
PID:5676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
8⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45784.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34020.exe
8⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35385.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51908.exe
10⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
11⤵
PID:9624

C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
12⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
8⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
7⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
6⤵
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4839.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61508.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
7⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49313.exe
8⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32951.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
10⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46262.exe
11⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
12⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 236
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
11⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
8⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49868.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46765.exe
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
9⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61114.exe
10⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64791.exe
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
10⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 220
8⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
7⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
6⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19416.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16252.exe
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28608.exe
9⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64129.exe
10⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15206.exe
11⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
11⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 236
10⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 236
9⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 216
7⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
6⤵
- Program crash
PID:2624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 220
5⤵
- Program crash
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
3⤵
- Executes dropped EXE
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
3⤵
- Loads dropped DLL
- Program crash
PID:620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 240
2⤵
- Program crash
PID:2720

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10084.exe
Filesize
184KB

MD5
5bf2eca2dd3918fe8672c89490afd1a5

SHA1
0ba1aa67b9fc6c51dc24a2642e9a0f69e67104f2

SHA256
13526a5a6f3fe5974db4231666adb8d7ae5ed5dead1070f2ee6b17f682052cec

SHA512
21be9dd295b12e1f8ad1b00fcb2b2ba475a9ee9640b66ff4db059e5f5336943e077c47cd1a59781e79ed63028cb5debe6f85d27b2d678dc6c587f7907652e104

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10276.exe
Filesize
184KB

MD5
9abbace919f1505ba2edff8465541499

SHA1
de0c2e30dd61fafcc20ee0324617afc05380c2cd

SHA256
b133349271ae6571eadc9fd26e53e1679764dc38c2a2919553af6792133a59e2

SHA512
e9e5aa3219ead91c87ae20335798bf06f1f17de8ec3cb33b6af935a3d0f12286b95b56a7ce7a125089f702c421918cf87688af9fe805710ec2e37d380a1cc68a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-10826.exe
Filesize
184KB

MD5
57562b3b234864323a6e151867c28060

SHA1
2e59927e39fbafe24ba26ddc1de96f793e3e7ab6

SHA256
03fae4b39cb97f2bfa6466e7c640f7ac6e70e20aeaab12def19dd2424bd31470

SHA512
29353e92021ce7f5aa7f3bdc13e3d933a226733c6516a5d6101d119312c2ed90824fff3e7deae7f6ab147e0750cba2eaa91e1ad5020cb9dd74ee0ad446ad05fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-16672.exe
Filesize
184KB

MD5
13905ec1b2d6910b486479ac13a67bcf

SHA1
39c7f692ac73bc5fd7bd8c6245722eb1cf5561ea

SHA256
215364b66a8ffee7da028646b5b440dc45ced18fe7c8ecc17c0ccbca047a1ebd

SHA512
735cdd08e9c45e52feca2d5899ba6eb5fb000f1a90cd18d3434da97663daac3916a520c82aaee6aa77274f91737a14016643884520a7df60e6887ebe1d7d439d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27449.exe
Filesize
184KB

MD5
7d9d3baa4987f3dd7221f7bd3e128a7d

SHA1
99b48840fe38bb3e9521905d19b763e3b9e32be8

SHA256
8d5f14976e567949c0c1b980a80bd05d5ce7b629a7a6cb3865e1d79293c215df

SHA512
1ea18fce6e759122f7a980f996329dd293a67ead4ec3ae66ea9028e606d55ba8d137a7652cf9d2f0bc6bffbd8e042cb65c9bda8fd35e38678e3299bd17fade3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32173.exe
Filesize
184KB

MD5
cf58274383c1f20dcdf1996282fa80f6

SHA1
52d147fc07783f8a771c9f04f084a92354c3595a

SHA256
16794a64a9ba0e2c9398d6625d686f2f17179a5777fcd3957aff00ae0054587d

SHA512
05db3425628fa2e0ba506c273e53cbe2c20e7aa7f0b1262b6199146ff9ada2ea0694e609bbf33304fbfce4916bc0cc3fc28ff64c4fc1dc4eab376f22183cac26

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
Filesize
184KB

MD5
164732748536c4d6772c65303daa61bf

SHA1
823a4821492e1727e8f222c78676462086bd4aa1

SHA256
5b1af4b5db7dfb0761d053cfc9e9cb1470cd67f2225e30ba68c5aa6c1de50116

SHA512
e122302b6ce10b26d3b6b991d33b94f1bb85cd40979acc60b73aa4aa3e00884499860eb3b3b7858983206af8eaa3104451ed26d23f3fd872ccf145ff1a679c3c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40977.exe
Filesize
184KB

MD5
0bb6e352b6d5e96519ca2bb064139708

SHA1
6042f5a8030cb12dfdbc5d7754198396423f5a05

SHA256
060b25d17b73324a9cfe4156af31feccd47d789eaabfff3fd00cc68b94038b16

SHA512
ed4a95211e937f5b586002f8c057bebcdb051af899bb275b2d8f4c76543b5c98128accbfe35e4426ff17d1592d67d803da640e3c07b4de661bdc8fbb568ca120

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45445.exe
Filesize
184KB

MD5
988b62849e10faaba45715bb60a1a8cc

SHA1
582fb267c5578c70ccd0f4791d378848011f4720

SHA256
4184f4a389f769b3f5dbfc7f2621dd03000fa7b450009bf7c97b36b5ec9fe47e

SHA512
05622a46e7a11855375b88555860bc679f0c652c715e959df6d8d65694b74bdeca3c7f098d21a93cfb6d0fa6441e636420e5b40f802379bd5378185fcebe1625

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5618.exe
Filesize
184KB

MD5
efb3e5aacbfacd2754ccd20c74da1d93

SHA1
cd062d29ea8a989749cf3d4e59a546a1548a2d84

SHA256
f4aec19406f0ae945db9071d4b5ad44f78af1615f6ca23bf2c32e79cb919d1c9

SHA512
18e0884b8d6709455fd7f46b191f01c642f8b45057bfa720e617a9aac705727e0e4989e8440959fc788ff7d268a52d64c599d33fdf3fc0b529e6a282b487a0bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5867.exe
Filesize
184KB

MD5
bc83b01bb6b9362f5691f7479f1b3cd4

SHA1
f9986113b37f6b656db1063d44d50ea0bc51f61b

SHA256
d9c7bdddd3ca7f5a1bef63b21ded41735d2124b0b3d39f3ce759667d1fb9bbdb

SHA512
9c49310aa96f22932134dcf278f04322c590f374d91b104601cf3e8ae54377b3b0fe69c5f16f35fcdc6326ed7688846c83190935989eff07c55aabe740e3a30e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59692.exe
Filesize
184KB

MD5
5cb52d64eb1997187b8f43998e11bfdc

SHA1
1f0c8c272aca488349ce57055a6edcee55922dd5

SHA256
4219fd47af98290ced30b84b7e879b3ee2638f83e205d891b7d1500da54fdda5

SHA512
93c5805e2ceb40172c16af15ecbd5e7bb021df1b1b13997103a8d39db3b7365c19364778e5f1225a96417a163bb2295764284142225cb320255353965a204a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59910.exe
Filesize
184KB

MD5
47efc052d767cb33437b2ebdda79c6bf

SHA1
38907f22cd14e821a92de96d9b3412d04e89de9a

SHA256
be22c7d1af60530c1e48f47a5d8955647801d5b00c8b7dc07f9c71836894f724

SHA512
4a8d44035279ee6b4972261931ee53a00d61b7741a045432864f279168b4b88f5a53275081eb97c23e3ee0efb58078abfbe0c0a2e0585bdce55109a1d9e44bea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6277.exe
Filesize
184KB

MD5
72fbf0fd782de4f4b628d061522b32ca

SHA1
6147a9ab34d1a8eea7af239335abd65ae304fbb0

SHA256
6f30a02caab215deecf683e266d187c3cd38e442c35ff2fc4b76548b4298da87

SHA512
d58161c592f89083ae0fe73f6a86034dab45a8316aa455c908e51e068c7dd6fed2c8a5463bd6403e5c92b4404396d7a6470ef765b4743c8c4578512709644132

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29780.exe
Filesize
184KB

MD5
333941b0c1502cafe9951b188f66a383

SHA1
27b7c3fac220a07ccec34d94433c283c224ee868

SHA256
383328fda9109df72acfaf3b3ca3b2ad130c00a1e8b69f1794824373c9d80434

SHA512
03a4f68267f7f5b29ceffe80d737e20d0f478290f5f5cc539b1f757092a067627afbaee31f2bb7c559edb8c6ba6920763bdc2ff8a315c80183eac8e3e06f2c57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31616.exe
Filesize
184KB

MD5
59e5e56daffca07296c323f15f7ec2ee

SHA1
424e5d0797a65bfa44a35d02eb438004cf930b01

SHA256
eddfab6900cfb3623964dcbb66d74ecebbc0a088f5e253f0f2a7493ff6e753a6

SHA512
1d9d2b6e23f19b6ccb31703a6ed1d60e09d3f33fef36005cc51502a33f28c114aac60a2b4e6386cf7f3e4ac98535a9352f822021d08a090ca15ddc09e6b0047c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
Filesize
184KB

MD5
3d7c5f54d195899721a03058bb546cee

SHA1
07004582967ed2b2ce93f4b7c53dbef8565bc3bd

SHA256
a42c68a55729d5880dfb21fdb8b7cb8ba0ed80093781690348c9e368ce01ba99

SHA512
db1e5eef863de3c1b06bfdb671d075970dd9c22a061ddc0b2298166e02fa61abf53d826c25bf9c72fef67ea447747a1d71ab001d3c3f70eaf48758a96f2c38d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
Filesize
184KB

MD5
72d8a580346868627115748490358c98

SHA1
e19c91bdd721518ccf40182307224eec962ac2a6

SHA256
02e38a5874adebe9e53a7e5991ea6262a0da6974f857079dd1db8bd779dee5b0

SHA512
7f4a6bc9f802feedcc175b419755edb9c6505975941ce3dc1d8c478738a230bf7271345849a91ba0bc21ad5074cc25d0b8760fd86f48702233741a43d1635680

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4144.exe
Filesize
184KB

MD5
b985dbb316426b20611beb551dfc2c21

SHA1
ec15c9b144b959ccb683ccdbdf192361b5c46a96

SHA256
fa97a6680f49bf819b253cf87939d9f8f2483b05a3744978ea8266be7e919306

SHA512
5a0756b14167e26f30f72e2e82c593c029d39f8cfa39bf6e1f71f56b40a9dddbd6a19028a5b2a9b6385d83691197c83804a8c49d5b977fe0fb0cc1fa58ea6cf4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41949.exe
Filesize
184KB

MD5
fbd29c3c24a986aee31ce0fba2ac0f90

SHA1
e6485a9d1fd692ff0076405680d17478aa96308f

SHA256
25502b7cc7eed5aa444c1438c3ec963dbba5a195eb668b1fd72ddff0a67e1747

SHA512
aa1ad86bc89cc48e5f3233f357917b15ef7e9ca19d82f1dd3cf8106ae2e1d658b3efbc3c5e4a0b4dd772fe856596d575aa101e39fae51fa9c0f240cb8a4a2cde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44725.exe
Filesize
184KB

MD5
7bf037890e64f822eb2030f1e38292bf

SHA1
f5c091cf7b7e92afd73726d8bb5c8f1448b5e625

SHA256
323cde45082925d1186c9039af62468fb5267c48eea24f80f5853e61b13d8ec8

SHA512
96328c0a7d83c761ce04603f9518b1b9429aa6b42d0b39e964f1481a7690dfd46b4a74563028b5cb6cecee2605d58256b394925d0e50bd1abcd9f9db90dc8c5f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49733.exe
Filesize
184KB

MD5
114ea04a25a267b88c73e3284f542b86

SHA1
9b39ace4520e35cb426f3f65a6c3e9c4f24cd320

SHA256
758b55791c6ba39550bef96ec7c434c570d4611d4e53840e4896c2f963853a5d

SHA512
6d40fa62cc2b833f6cb420b417ec8ab615d6989df90fe15eb88afe9d9a36987334a3b5f8ae8080b242b6638a995db72090c81cfd9ba33e8cedcc7063fc93b633

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-51482.exe
Filesize
184KB

MD5
053f7d33ffe478dd5e216128d07ded15

SHA1
7d44b5ac1d1a339aeb6fe05dddccd86a5586ae85

SHA256
be5d8566954814f45ee31b883f53cc7d5b1983f978b8e1b1a167f6a8d4fcc0ee

SHA512
d1ffde3540d5c0ad5a451ba8e70a34866c9cbdd161015b578f4618cf98e1f809868c2b6c34d97751ed1f4323e4a3f57dd3cf76fd7153350d4f553ee4413f8c22

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58259.exe
Filesize
184KB

MD5
093b338374f2c7398edfdef4dfcf5bfd

SHA1
0f975388c2bb3af458e59a1bfd415d764caed4eb

SHA256
8c00667adb80b225ed028a4510779cacf3a220c9e02a0d36a1c58f00f2b94030

SHA512
7a83c8428b8782d3357826df9e6cc771bd65aed41620e7f4702aac86151883468d2de4ac46107960aac9a4bc67914294aee620fc9567b5fa96d46c374f7d568f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8228.exe
Filesize
184KB

MD5
adaad3648c35a5108c2f027358b34ad6

SHA1
62bb1779b4d7930332026eb72f784b1f720fbd75

SHA256
e00b62535296c10fd68b30b8c16e5523da447d2cf2df3e0e59a40a55d0070989

SHA512
ce99992c386b33bd4fe93b73fbfaa0e72acc06f3a3b1f2f02b910e2817a83c6539a1f7b6068e53287fd599f288512c7323c07ccb63389b71f65f9f9417f983b8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads