80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
Size

184KB
MD5

5b67cfa4932e1f49b0b92c55964d4e2b
SHA1

40027dfec45942c43473afee2e4c8b05de994560
SHA256

80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9
SHA512

b1655098aac475ced07c3968f2fe2edd5e60a39d6780695e678010ed70d67a0b3ae39aa7145535df518006f52ca6315dc670c6080fa88664b0add0ad8c8369cf
SSDEEP

3072:+hHBJxoWbJMRdyuWqh7LoHsPhlnViF7nl:+h9oJfyuzL+sPhlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-3197.exeUnicorn-48361.exeUnicorn-59222.exeUnicorn-9549.exeUnicorn-20410.exeUnicorn-21610.exeUnicorn-61656.exeUnicorn-37706.exeUnicorn-4287.exeUnicorn-203.exeUnicorn-27400.exeUnicorn-26929.exeUnicorn-12730.exeUnicorn-58402.exeUnicorn-43457.exeUnicorn-8646.exeUnicorn-35843.exeUnicorn-35843.exeUnicorn-23120.exeUnicorn-47302.exeUnicorn-42148.exeUnicorn-47624.exeUnicorn-5776.exeUnicorn-21558.exeUnicorn-13944.exeUnicorn-33810.exeUnicorn-29726.exeUnicorn-60452.exeUnicorn-22112.exeUnicorn-7167.exeUnicorn-63166.exeUnicorn-8490.exeUnicorn-9881.exeUnicorn-5797.exeUnicorn-60177.exeUnicorn-14505.exeUnicorn-18590.exeUnicorn-61568.exeUnicorn-49871.exeUnicorn-47370.exeUnicorn-43286.exeUnicorn-54147.exeUnicorn-55538.exeUnicorn-31588.exeUnicorn-51454.exeUnicorn-62315.exeUnicorn-16644.exeUnicorn-63706.exeUnicorn-9030.exeUnicorn-59705.exeUnicorn-6420.exeUnicorn-48008.exeUnicorn-2336.exeUnicorn-14588.exeUnicorn-22757.exeUnicorn-18673.exeUnicorn-41977.exeUnicorn-8558.exeUnicorn-8921.exeUnicorn-2144.exeUnicorn-60068.exeUnicorn-14396.exeUnicorn-30925.exeUnicorn-30925.exe

pid	process
2488	Unicorn-3197.exe
2608	Unicorn-48361.exe
2748	Unicorn-59222.exe
2172	Unicorn-9549.exe
1868	Unicorn-20410.exe
2868	Unicorn-21610.exe
1844	Unicorn-61656.exe
2712	Unicorn-37706.exe
1600	Unicorn-4287.exe
1696	Unicorn-203.exe
920	Unicorn-27400.exe
2796	Unicorn-26929.exe
3032	Unicorn-12730.exe
3028	Unicorn-58402.exe
2228	Unicorn-43457.exe
2484	Unicorn-8646.exe
1928	Unicorn-35843.exe
1064	Unicorn-35843.exe
1088	Unicorn-23120.exe
2192	Unicorn-47302.exe
1596	Unicorn-42148.exe
768	Unicorn-47624.exe
276	Unicorn-5776.exe
608	Unicorn-21558.exe
2092	Unicorn-13944.exe
1944	Unicorn-33810.exe
1200	Unicorn-29726.exe
2104	Unicorn-60452.exe
900	Unicorn-22112.exe
2156	Unicorn-7167.exe
2632	Unicorn-63166.exe
2520	Unicorn-8490.exe
2116	Unicorn-9881.exe
2448	Unicorn-5797.exe
2628	Unicorn-60177.exe
2396	Unicorn-14505.exe
1764	Unicorn-18590.exe
2704	Unicorn-61568.exe
1896	Unicorn-49871.exe
1848	Unicorn-47370.exe
1580	Unicorn-43286.exe
2148	Unicorn-54147.exe
2364	Unicorn-55538.exe
780	Unicorn-31588.exe
336	Unicorn-51454.exe
1704	Unicorn-62315.exe
272	Unicorn-16644.exe
2064	Unicorn-63706.exe
1028	Unicorn-9030.exe
996	Unicorn-59705.exe
696	Unicorn-6420.exe
2216	Unicorn-48008.exe
1900	Unicorn-2336.exe
2952	Unicorn-14588.exe
896	Unicorn-22757.exe
1520	Unicorn-18673.exe
2740	Unicorn-41977.exe
2512	Unicorn-8558.exe
2452	Unicorn-8921.exe
2468	Unicorn-2144.exe
2284	Unicorn-60068.exe
2648	Unicorn-14396.exe
280	Unicorn-30925.exe
1608	Unicorn-30925.exe

Loads dropped DLL 64 IoCs

Processes:

80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exeUnicorn-3197.exeUnicorn-48361.exeUnicorn-59222.exeWerFault.exeUnicorn-9549.exeUnicorn-20410.exeUnicorn-21610.exeWerFault.exeWerFault.exeUnicorn-37706.exeUnicorn-61656.exeUnicorn-27400.exeUnicorn-4287.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
2488	Unicorn-3197.exe
2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
2488	Unicorn-3197.exe
2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
2608	Unicorn-48361.exe
2608	Unicorn-48361.exe
2488	Unicorn-3197.exe
2488	Unicorn-3197.exe
2748	Unicorn-59222.exe
2748	Unicorn-59222.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
1452	WerFault.exe
2172	Unicorn-9549.exe
2172	Unicorn-9549.exe
2608	Unicorn-48361.exe
2608	Unicorn-48361.exe
1868	Unicorn-20410.exe
1868	Unicorn-20410.exe
2868	Unicorn-21610.exe
2868	Unicorn-21610.exe
2748	Unicorn-59222.exe
2748	Unicorn-59222.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
324	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
356	WerFault.exe
2712	Unicorn-37706.exe
2712	Unicorn-37706.exe
2172	Unicorn-9549.exe
1844	Unicorn-61656.exe
1844	Unicorn-61656.exe
2172	Unicorn-9549.exe
920	Unicorn-27400.exe
920	Unicorn-27400.exe
1600	Unicorn-4287.exe
1600	Unicorn-4287.exe
2868	Unicorn-21610.exe
1868	Unicorn-20410.exe
2868	Unicorn-21610.exe
1868	Unicorn-20410.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
1556	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
320	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe
3064	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2652	2876	WerFault.exe	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
1452	2488	WerFault.exe	Unicorn-3197.exe
324	2608	WerFault.exe	Unicorn-48361.exe
356	2748	WerFault.exe	Unicorn-59222.exe
1556	2172	WerFault.exe	Unicorn-9549.exe
320	1868	WerFault.exe	Unicorn-20410.exe
3064	2868	WerFault.exe	Unicorn-21610.exe
1280	1696	WerFault.exe	Unicorn-203.exe
2164	2712	WerFault.exe	Unicorn-37706.exe
2944	1844	WerFault.exe	Unicorn-61656.exe
2588	920	WerFault.exe	Unicorn-27400.exe
2856	1600	WerFault.exe	Unicorn-4287.exe
800	1596	WerFault.exe	Unicorn-42148.exe
2124	2796	WerFault.exe	Unicorn-26929.exe
2728	3032	WerFault.exe	Unicorn-12730.exe
2924	2228	WerFault.exe	Unicorn-43457.exe
1908	3028	WerFault.exe	Unicorn-58402.exe
960	1064	WerFault.exe	Unicorn-35843.exe
640	2484	WerFault.exe	Unicorn-8646.exe
2012	1928	WerFault.exe	Unicorn-35843.exe
2480	2448	WerFault.exe	Unicorn-5797.exe
564	1088	WerFault.exe	Unicorn-23120.exe
2356	2192	WerFault.exe	Unicorn-47302.exe
2780	768	WerFault.exe	Unicorn-47624.exe
1492	276	WerFault.exe	Unicorn-5776.exe
2672	608	WerFault.exe	Unicorn-21558.exe
2560	2092	WerFault.exe	Unicorn-13944.exe
2424	1944	WerFault.exe	Unicorn-33810.exe
2916	900	WerFault.exe	Unicorn-22112.exe
2556	2156	WerFault.exe	Unicorn-7167.exe
1388	2104	WerFault.exe	Unicorn-60452.exe
1752	1200	WerFault.exe	Unicorn-29726.exe
720	1900	WerFault.exe	Unicorn-2336.exe
3224	2632	WerFault.exe	Unicorn-63166.exe
3240	2116	WerFault.exe	Unicorn-9881.exe
3276	2520	WerFault.exe	Unicorn-8490.exe
3300	2628	WerFault.exe	Unicorn-60177.exe
3324	2396	WerFault.exe	Unicorn-14505.exe
3348	1764	WerFault.exe	Unicorn-18590.exe
3400	2704	WerFault.exe	Unicorn-61568.exe
3456	1896	WerFault.exe	Unicorn-49871.exe
3520	780	WerFault.exe	Unicorn-31588.exe
3544	2148	WerFault.exe	Unicorn-54147.exe
3536	2064	WerFault.exe	Unicorn-63706.exe
3552	272	WerFault.exe	Unicorn-16644.exe
3528	1580	WerFault.exe	Unicorn-43286.exe
3616	1028	WerFault.exe	Unicorn-9030.exe
3648	1704	WerFault.exe	Unicorn-62315.exe
3656	1848	WerFault.exe	Unicorn-47370.exe
3692	336	WerFault.exe	Unicorn-51454.exe
3708	2364	WerFault.exe	Unicorn-55538.exe
3952	2216	WerFault.exe	Unicorn-48008.exe
3852	896	WerFault.exe	Unicorn-22757.exe
3808	996	WerFault.exe	Unicorn-59705.exe
3820	2952	WerFault.exe	Unicorn-14588.exe
3156	2512	WerFault.exe	Unicorn-8558.exe
3148	696	WerFault.exe	Unicorn-6420.exe
3940	2468	WerFault.exe	Unicorn-2144.exe
4108	1608	WerFault.exe	Unicorn-30925.exe
4148	1664	WerFault.exe	Unicorn-19227.exe
4140	2760	WerFault.exe	Unicorn-12450.exe
4156	1520	WerFault.exe	Unicorn-18673.exe
4188	2648	WerFault.exe	Unicorn-14396.exe
4448	2920	WerFault.exe	Unicorn-18756.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exeUnicorn-3197.exeUnicorn-48361.exeUnicorn-59222.exeUnicorn-9549.exeUnicorn-20410.exeUnicorn-21610.exeUnicorn-61656.exeUnicorn-37706.exeUnicorn-4287.exeUnicorn-203.exeUnicorn-27400.exeUnicorn-26929.exeUnicorn-12730.exeUnicorn-43457.exeUnicorn-58402.exeUnicorn-8646.exeUnicorn-35843.exeUnicorn-35843.exeUnicorn-23120.exeUnicorn-47302.exeUnicorn-42148.exeUnicorn-47624.exeUnicorn-5776.exeUnicorn-21558.exeUnicorn-33810.exeUnicorn-13944.exeUnicorn-29726.exeUnicorn-60452.exeUnicorn-22112.exeUnicorn-7167.exeUnicorn-63166.exeUnicorn-8490.exeUnicorn-9881.exeUnicorn-5797.exeUnicorn-14505.exeUnicorn-60177.exeUnicorn-18590.exeUnicorn-61568.exeUnicorn-49871.exeUnicorn-47370.exeUnicorn-43286.exeUnicorn-55538.exeUnicorn-54147.exeUnicorn-31588.exeUnicorn-62315.exeUnicorn-51454.exeUnicorn-63706.exeUnicorn-16644.exeUnicorn-9030.exeUnicorn-59705.exeUnicorn-14588.exeUnicorn-48008.exeUnicorn-6420.exeUnicorn-2336.exeUnicorn-22757.exeUnicorn-18673.exeUnicorn-41977.exeUnicorn-8558.exeUnicorn-8921.exeUnicorn-2144.exeUnicorn-14396.exeUnicorn-60068.exeUnicorn-30925.exe

pid	process
2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
2488	Unicorn-3197.exe
2608	Unicorn-48361.exe
2748	Unicorn-59222.exe
2172	Unicorn-9549.exe
1868	Unicorn-20410.exe
2868	Unicorn-21610.exe
1844	Unicorn-61656.exe
2712	Unicorn-37706.exe
1600	Unicorn-4287.exe
1696	Unicorn-203.exe
920	Unicorn-27400.exe
2796	Unicorn-26929.exe
3032	Unicorn-12730.exe
2228	Unicorn-43457.exe
3028	Unicorn-58402.exe
2484	Unicorn-8646.exe
1064	Unicorn-35843.exe
1928	Unicorn-35843.exe
1088	Unicorn-23120.exe
2192	Unicorn-47302.exe
1596	Unicorn-42148.exe
768	Unicorn-47624.exe
276	Unicorn-5776.exe
608	Unicorn-21558.exe
1944	Unicorn-33810.exe
2092	Unicorn-13944.exe
1200	Unicorn-29726.exe
2104	Unicorn-60452.exe
900	Unicorn-22112.exe
2156	Unicorn-7167.exe
2632	Unicorn-63166.exe
2520	Unicorn-8490.exe
2116	Unicorn-9881.exe
2448	Unicorn-5797.exe
2396	Unicorn-14505.exe
2628	Unicorn-60177.exe
1764	Unicorn-18590.exe
2704	Unicorn-61568.exe
1896	Unicorn-49871.exe
1848	Unicorn-47370.exe
1580	Unicorn-43286.exe
2364	Unicorn-55538.exe
2148	Unicorn-54147.exe
780	Unicorn-31588.exe
1704	Unicorn-62315.exe
336	Unicorn-51454.exe
2064	Unicorn-63706.exe
272	Unicorn-16644.exe
1028	Unicorn-9030.exe
996	Unicorn-59705.exe
2952	Unicorn-14588.exe
2216	Unicorn-48008.exe
696	Unicorn-6420.exe
1900	Unicorn-2336.exe
896	Unicorn-22757.exe
1520	Unicorn-18673.exe
2740	Unicorn-41977.exe
2512	Unicorn-8558.exe
2452	Unicorn-8921.exe
2468	Unicorn-2144.exe
2648	Unicorn-14396.exe
2284	Unicorn-60068.exe
1740	Unicorn-30925.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exeUnicorn-3197.exeUnicorn-48361.exeUnicorn-59222.exeUnicorn-9549.exeUnicorn-20410.exeUnicorn-21610.exeUnicorn-37706.exe

description	pid	process	target process
PID 2876 wrote to memory of 2488	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-3197.exe
PID 2876 wrote to memory of 2488	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-3197.exe
PID 2876 wrote to memory of 2488	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-3197.exe
PID 2876 wrote to memory of 2488	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-3197.exe
PID 2488 wrote to memory of 2608	2488	Unicorn-3197.exe	Unicorn-48361.exe
PID 2488 wrote to memory of 2608	2488	Unicorn-3197.exe	Unicorn-48361.exe
PID 2488 wrote to memory of 2608	2488	Unicorn-3197.exe	Unicorn-48361.exe
PID 2488 wrote to memory of 2608	2488	Unicorn-3197.exe	Unicorn-48361.exe
PID 2876 wrote to memory of 2748	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-59222.exe
PID 2876 wrote to memory of 2748	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-59222.exe
PID 2876 wrote to memory of 2748	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-59222.exe
PID 2876 wrote to memory of 2748	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	Unicorn-59222.exe
PID 2876 wrote to memory of 2652	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	WerFault.exe
PID 2876 wrote to memory of 2652	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	WerFault.exe
PID 2876 wrote to memory of 2652	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	WerFault.exe
PID 2876 wrote to memory of 2652	2876	80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe	WerFault.exe
PID 2608 wrote to memory of 2172	2608	Unicorn-48361.exe	Unicorn-9549.exe
PID 2608 wrote to memory of 2172	2608	Unicorn-48361.exe	Unicorn-9549.exe
PID 2608 wrote to memory of 2172	2608	Unicorn-48361.exe	Unicorn-9549.exe
PID 2608 wrote to memory of 2172	2608	Unicorn-48361.exe	Unicorn-9549.exe
PID 2488 wrote to memory of 1868	2488	Unicorn-3197.exe	Unicorn-20410.exe
PID 2488 wrote to memory of 1868	2488	Unicorn-3197.exe	Unicorn-20410.exe
PID 2488 wrote to memory of 1868	2488	Unicorn-3197.exe	Unicorn-20410.exe
PID 2488 wrote to memory of 1868	2488	Unicorn-3197.exe	Unicorn-20410.exe
PID 2748 wrote to memory of 2868	2748	Unicorn-59222.exe	Unicorn-21610.exe
PID 2748 wrote to memory of 2868	2748	Unicorn-59222.exe	Unicorn-21610.exe
PID 2748 wrote to memory of 2868	2748	Unicorn-59222.exe	Unicorn-21610.exe
PID 2748 wrote to memory of 2868	2748	Unicorn-59222.exe	Unicorn-21610.exe
PID 2488 wrote to memory of 1452	2488	Unicorn-3197.exe	WerFault.exe
PID 2488 wrote to memory of 1452	2488	Unicorn-3197.exe	WerFault.exe
PID 2488 wrote to memory of 1452	2488	Unicorn-3197.exe	WerFault.exe
PID 2488 wrote to memory of 1452	2488	Unicorn-3197.exe	WerFault.exe
PID 2172 wrote to memory of 1844	2172	Unicorn-9549.exe	Unicorn-61656.exe
PID 2172 wrote to memory of 1844	2172	Unicorn-9549.exe	Unicorn-61656.exe
PID 2172 wrote to memory of 1844	2172	Unicorn-9549.exe	Unicorn-61656.exe
PID 2172 wrote to memory of 1844	2172	Unicorn-9549.exe	Unicorn-61656.exe
PID 2608 wrote to memory of 2712	2608	Unicorn-48361.exe	Unicorn-37706.exe
PID 2608 wrote to memory of 2712	2608	Unicorn-48361.exe	Unicorn-37706.exe
PID 2608 wrote to memory of 2712	2608	Unicorn-48361.exe	Unicorn-37706.exe
PID 2608 wrote to memory of 2712	2608	Unicorn-48361.exe	Unicorn-37706.exe
PID 1868 wrote to memory of 1600	1868	Unicorn-20410.exe	Unicorn-4287.exe
PID 1868 wrote to memory of 1600	1868	Unicorn-20410.exe	Unicorn-4287.exe
PID 1868 wrote to memory of 1600	1868	Unicorn-20410.exe	Unicorn-4287.exe
PID 1868 wrote to memory of 1600	1868	Unicorn-20410.exe	Unicorn-4287.exe
PID 2868 wrote to memory of 1696	2868	Unicorn-21610.exe	Unicorn-203.exe
PID 2868 wrote to memory of 1696	2868	Unicorn-21610.exe	Unicorn-203.exe
PID 2868 wrote to memory of 1696	2868	Unicorn-21610.exe	Unicorn-203.exe
PID 2868 wrote to memory of 1696	2868	Unicorn-21610.exe	Unicorn-203.exe
PID 2748 wrote to memory of 920	2748	Unicorn-59222.exe	Unicorn-27400.exe
PID 2748 wrote to memory of 920	2748	Unicorn-59222.exe	Unicorn-27400.exe
PID 2748 wrote to memory of 920	2748	Unicorn-59222.exe	Unicorn-27400.exe
PID 2748 wrote to memory of 920	2748	Unicorn-59222.exe	Unicorn-27400.exe
PID 2608 wrote to memory of 324	2608	Unicorn-48361.exe	WerFault.exe
PID 2608 wrote to memory of 324	2608	Unicorn-48361.exe	WerFault.exe
PID 2608 wrote to memory of 324	2608	Unicorn-48361.exe	WerFault.exe
PID 2608 wrote to memory of 324	2608	Unicorn-48361.exe	WerFault.exe
PID 2748 wrote to memory of 356	2748	Unicorn-59222.exe	WerFault.exe
PID 2748 wrote to memory of 356	2748	Unicorn-59222.exe	WerFault.exe
PID 2748 wrote to memory of 356	2748	Unicorn-59222.exe	WerFault.exe
PID 2748 wrote to memory of 356	2748	Unicorn-59222.exe	WerFault.exe
PID 2712 wrote to memory of 2796	2712	Unicorn-37706.exe	Unicorn-26929.exe
PID 2712 wrote to memory of 2796	2712	Unicorn-37706.exe	Unicorn-26929.exe
PID 2712 wrote to memory of 2796	2712	Unicorn-37706.exe	Unicorn-26929.exe
PID 2712 wrote to memory of 2796	2712	Unicorn-37706.exe	Unicorn-26929.exe

C:\Users\Admin\AppData\Local\Temp\80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe
"C:\Users\Admin\AppData\Local\Temp\80fc0d333a275650771386e0a4719a6c5178a4510fa24054f7c048c5d41574d9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47624.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14505.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18673.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
10⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
11⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20998.exe
12⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
13⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20046.exe
14⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14493.exe
15⤵
PID:13760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 220
15⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 216
14⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
13⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
12⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
11⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
10⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
11⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52391.exe
12⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27939.exe
13⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47627.exe
13⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 240
13⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
11⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 220
10⤵
- Program crash
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
9⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
9⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37457.exe
10⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
11⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53107.exe
12⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24509.exe
13⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 220
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 220
12⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
11⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18900.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52108.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
11⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45318.exe
12⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27213.exe
13⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
13⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 236
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 220
9⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
8⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22757.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59596.exe
9⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12953.exe
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
11⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
12⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
13⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
13⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 220
12⤵
PID:9768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 236
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59933.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22897.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-800.exe
11⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7134.exe
12⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
13⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 220
13⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
12⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
11⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 220
9⤵
- Program crash
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
8⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
7⤵
- Program crash
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5776.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8558.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10587.exe
9⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
10⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12782.exe
11⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34158.exe
12⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33777.exe
13⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
14⤵
PID:1792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
14⤵
PID:14156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
13⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
11⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19367.exe
10⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7707.exe
11⤵
PID:6976

C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7326.exe
12⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
13⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6976 -s 216
12⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
11⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45543.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57707.exe
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44272.exe
11⤵
PID:7056

C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58473.exe
12⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50751.exe
12⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-440.exe
13⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10536 -s 236
13⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7056 -s 240
12⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
11⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
9⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58781.exe
8⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33373.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
11⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12256.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 220
12⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 220
11⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
9⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
8⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8921.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23416.exe
8⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14920.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9173.exe
11⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14015.exe
12⤵
PID:10896

C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5038.exe
13⤵
PID:14060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10896 -s 236
13⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 240
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
10⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18682.exe
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44607.exe
10⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35422.exe
11⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58027.exe
12⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
12⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4940 -s 216
10⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
9⤵
PID:6340

C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8786.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3099.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19610.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49293.exe
11⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61888.exe
12⤵
PID:13940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 236
12⤵
PID:13972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
10⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
8⤵
PID:4824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
7⤵
- Program crash
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
6⤵
- Program crash
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43286.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
8⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2611.exe
9⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7546.exe
10⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5128.exe
11⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
12⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-34047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34047.exe
13⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 220
13⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
12⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
11⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49134.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64936.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50310.exe
11⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10227.exe
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 220
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56643.exe
8⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42077.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
11⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58660.exe
12⤵
PID:11572

C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24679.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 220
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 216
9⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 220
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
7⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53950.exe
8⤵
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18899.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57181.exe
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
12⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 236
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 216
8⤵
- Program crash
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
7⤵
- Program crash
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54147.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
7⤵
- Executes dropped EXE
PID:280

C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55896.exe
8⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17381.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
11⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-113.exe
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64059.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16953.exe
10⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33580.exe
11⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3419.exe
12⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
11⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
10⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 280 -s 220
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44199.exe
7⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54137.exe
9⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12868.exe
10⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
11⤵
PID:11796

C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1058.exe
12⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11796 -s 216
12⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 216
11⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 220
7⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
6⤵
- Program crash
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23120.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63166.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59705.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41122.exe
9⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44988.exe
10⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52409.exe
11⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34301.exe
12⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25801.exe
13⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
14⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 220
14⤵
PID:14236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
13⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
12⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
11⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 236
10⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37374.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-530.exe
10⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
11⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
12⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18147.exe
13⤵
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
13⤵
PID:14196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
12⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
10⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
9⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53156.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
10⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 244
11⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 216
9⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
8⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
7⤵
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8490.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14588.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37038.exe
8⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22430.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-8698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8698.exe
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39695.exe
11⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23471.exe
12⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22231.exe
13⤵
PID:13344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 216
13⤵
PID:14204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 236
12⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 236
11⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
10⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58454.exe
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30074.exe
10⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15494.exe
11⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46735.exe
12⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
11⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
10⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
9⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
8⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29616.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-61324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61324.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20422.exe
9⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44223.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5572.exe
11⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
12⤵
PID:13412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 220
12⤵
PID:14228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 236
11⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
8⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 240
7⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
6⤵
- Program crash
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47302.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9881.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3296.exe
8⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7463.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26981.exe
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17630.exe
11⤵
PID:7092

C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60227.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40705.exe
13⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
13⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7092 -s 216
12⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
11⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42117.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11791.exe
10⤵
PID:6948

C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61981.exe
11⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32537.exe
12⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
12⤵
PID:14188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6948 -s 216
11⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
9⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26684.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38385.exe
10⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64202.exe
11⤵
PID:10312

C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24369.exe
12⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10312 -s 216
12⤵
PID:13336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
8⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13088.exe
7⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36244.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53623.exe
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7131.exe
10⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 220
11⤵
PID:9776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
10⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31811.exe
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62938.exe
9⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37285.exe
10⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52573.exe
11⤵
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
11⤵
PID:14104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 236
10⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
9⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48008.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29939.exe
7⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25938.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56747.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
10⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52147.exe
11⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15489.exe
12⤵
PID:11804

C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
13⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
12⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 220
11⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
10⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32797.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48299.exe
9⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
10⤵
PID:9100

C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44846.exe
11⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9100 -s 216
11⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 220
10⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
9⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 240
8⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
7⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13768.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46353.exe
9⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
10⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47067.exe
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 220
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 220
10⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
9⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
8⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
7⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
6⤵
- Program crash
PID:2356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
5⤵
- Program crash
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-8646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8646.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16644.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:272

C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
9⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46249.exe
10⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-23328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23328.exe
11⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35344.exe
12⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9184.exe
13⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63445.exe
14⤵
PID:13956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
12⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
11⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3825.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41008.exe
10⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
11⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29496.exe
12⤵
PID:11464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10819.exe
13⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 216
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
11⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
10⤵
PID:6844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42252.exe
8⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8592.exe
11⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10118.exe
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
12⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 220
11⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
9⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 272 -s 220
8⤵
- Program crash
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
7⤵
- Program crash
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
7⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29254.exe
8⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25637.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46737.exe
10⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
11⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10014.exe
12⤵
PID:11744

C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20140.exe
13⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 220
11⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
10⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
9⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44858.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11926.exe
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4892.exe
10⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
11⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
11⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 220
10⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
8⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-52367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52367.exe
7⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46161.exe
9⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
10⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46325.exe
11⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1525.exe
12⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
10⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 216
8⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
7⤵
- Program crash
PID:3648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
6⤵
- Program crash
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55538.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35236.exe
8⤵
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 216
8⤵
- Program crash
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
7⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44111.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
9⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34502.exe
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 220
11⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
10⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 236
8⤵
PID:4408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
7⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23311.exe
6⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
7⤵
PID:588

C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39895.exe
10⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
11⤵
PID:11720

C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13917.exe
12⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
10⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 236
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38635.exe
7⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
8⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12977.exe
9⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28702.exe
10⤵
PID:11944

C:\Users\Admin\AppData\Local\Temp\Unicorn-55282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55282.exe
11⤵
PID:13624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11944 -s 236
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
10⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
9⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
8⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
7⤵
PID:4644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
6⤵
- Program crash
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
5⤵
- Program crash
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29726.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63706.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26841.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49866.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58501.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49023.exe
11⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22646.exe
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
12⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 220
11⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
10⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 216
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8485.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
9⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-27643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27643.exe
10⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13735.exe
11⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 220
11⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
10⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
9⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
8⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
7⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
9⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37565.exe
10⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43995.exe
11⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26606.exe
12⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
11⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 220
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
8⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
7⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19227.exe
6⤵
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21086.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62585.exe
8⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63823.exe
10⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
11⤵
PID:11360

C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26772.exe
12⤵
PID:14036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
11⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5128 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50888.exe
7⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29633.exe
8⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
9⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20617.exe
10⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
10⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
9⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
8⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
7⤵
PID:4960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
6⤵
- Program crash
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9030.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
6⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
7⤵
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52279.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48107.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59931.exe
10⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
11⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 220
11⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 236
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
7⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20012.exe
8⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3055.exe
9⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60881.exe
10⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 220
10⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
9⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
8⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
7⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
6⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11438.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33909.exe
8⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43595.exe
9⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58577.exe
10⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13009.exe
11⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 236
11⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
10⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
9⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
8⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 236
7⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
6⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
5⤵
- Program crash
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42148.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2336.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18756.exe
8⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38766.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
10⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42277.exe
11⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51073.exe
12⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
13⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
13⤵
PID:14220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 236
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
11⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
9⤵
- Program crash
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 236
8⤵
- Program crash
PID:720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
7⤵
- Program crash
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
6⤵
- Program crash
PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
5⤵
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35843.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7167.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51454.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19607.exe
9⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52767.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
11⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65157.exe
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 220
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
11⤵
PID:9848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 216
10⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
9⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43295.exe
8⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17333.exe
9⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17612.exe
10⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18946.exe
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
11⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 236
10⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 216
9⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
8⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38168.exe
7⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46010.exe
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38242.exe
9⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57897.exe
10⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40129.exe
11⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
11⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 236
10⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
9⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 236
8⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 240
7⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58122.exe
6⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
7⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38081.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31579.exe
9⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
10⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25604.exe
11⤵
PID:11300

C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9065.exe
12⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
11⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
10⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57110.exe
7⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21657.exe
8⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
9⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52521.exe
10⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
10⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
9⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
8⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
6⤵
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31588.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30925.exe
6⤵
- Executes dropped EXE
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2372.exe
7⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
8⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3574.exe
9⤵
PID:7500

C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10040.exe
10⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13870.exe
11⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 220
11⤵
PID:14268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7500 -s 236
10⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
8⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
7⤵
- Program crash
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13472.exe
6⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
7⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32539.exe
8⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25313.exe
9⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39091.exe
10⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 220
10⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
9⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
8⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
7⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 220
6⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
5⤵
- Program crash
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21558.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2144.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17002.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9300.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5512.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29589.exe
11⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36569.exe
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:9740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
8⤵
- Program crash
PID:3940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
7⤵
- Program crash
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15247.exe
7⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55294.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23089.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44031.exe
10⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1296.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53341.exe
12⤵
PID:13468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:14304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
11⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1817.exe
8⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28908.exe
9⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50663.exe
10⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34286.exe
11⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 236
11⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
10⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
9⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
8⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47681.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16914.exe
8⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58997.exe
9⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27830.exe
10⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55095.exe
11⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
11⤵
PID:14296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 236
10⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
9⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
8⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
7⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
6⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14396.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62310.exe
7⤵
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41179.exe
9⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25990.exe
10⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25609.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
12⤵
PID:5412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
12⤵
PID:14128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34141.exe
8⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 240
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
8⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59741.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28590.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33917.exe
9⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42329.exe
10⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
11⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 220
11⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 236
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
9⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
8⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
7⤵
- Program crash
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19886.exe
6⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51594.exe
7⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56467.exe
8⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8784.exe
9⤵
PID:7288

C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64690.exe
10⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7288 -s 216
10⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
9⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
8⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
7⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
6⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
5⤵
- Program crash
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13944.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47370.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35009.exe
6⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
7⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3462.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1729.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58732.exe
10⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56906.exe
11⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 220
11⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
9⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 236
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61386.exe
7⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-852.exe
8⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47487.exe
9⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62744.exe
10⤵
PID:11532

C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
11⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
10⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 220
9⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
8⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 220
7⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58589.exe
6⤵
PID:1188

C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29036.exe
7⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9404.exe
8⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13252.exe
9⤵
PID:8616

C:\Users\Admin\AppData\Local\Temp\Unicorn-25521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25521.exe
10⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61307.exe
11⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8616 -s 216
10⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
9⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
8⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1188 -s 236
7⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
6⤵
- Program crash
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
5⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-665.exe
6⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29913.exe
7⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26509.exe
8⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58753.exe
9⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
10⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9068 -s 216
10⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 220
9⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
8⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
7⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40773.exe
6⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23795.exe
7⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10922.exe
8⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13543.exe
9⤵
PID:11628

C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9449.exe
10⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
9⤵
PID:2096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 220
8⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
7⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
6⤵
PID:5308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
5⤵
- Program crash
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 920 -s 240
4⤵
- Program crash
PID:2588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
2⤵
- Program crash
PID:2652

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
Filesize
184KB

MD5
3227e028dc73cde5b41ee0f369a62427

SHA1
8a052ac489d010f2b851f4d001a40b21abe1758e

SHA256
ce1aa3f37340de71186e7e192b2ca9d1597de136e17735dcf4ecbdca33a94680

SHA512
e4113a5ef3d4fa2cb6a4850d79dfdc1a5afd21e5a413264ebc3d82636f396b3a4e644f72c1c7dfa85b954b3b41d05e7cc3f3d2cedf55ec11994c108fbae6efce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38131.exe
Filesize
184KB

MD5
94b1a9eb8bbbaf7f3e366ee7299bddf1

SHA1
08edc7e657816af12f235796607e60d7c345e530

SHA256
16783a491c4f0a16b7a7ef214e9e59fb8d6293be56b4b2d08344ff935a889924

SHA512
5c19a7e51be4aca9267787c94bc81e8a1b7aceb3873731f2b186185ad3d459fec7e12aab1c8dacc3052a54ca0b790d5330b0764a18f9b331d3c19888e4203f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
Filesize
184KB

MD5
b022e8961eff7e527084c3d316b9df8d

SHA1
60a1d866a05335521d19691fe2b31a2812427a93

SHA256
784b2f7b84e4b94cbb3f8761b855f464664e5f0e9811c607d9a75af52692fb5e

SHA512
0c87b8e97b632625d2f5c06b8e24b99cd41dee66d883fe10c7efe5a29643791b7a1afce6e90c44bf1817f8cceeb47786db5d796340bca4e224ead9c33a481a33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43457.exe
Filesize
184KB

MD5
59b6f46eab73800d6901c410be702837

SHA1
6597c94e1f608452ef16c4b9a42e064d74718a1c

SHA256
0e76ddc4d8b448eddbec4c22b2a26cc013170af071e210588b4161753487b7ee

SHA512
8cd60bb3575cc7b5708da98163f7cfa08acb489e7cc1ef6055e99eb01510ad39d98d624d7a533be23f4907e3f7eca8cf0a02889a2c59579c97d0a1fd940a62be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5797.exe
Filesize
184KB

MD5
eb60bb7d0859ea0c35fe2e70061e55b8

SHA1
4174eab3a4ffb0f24021b505b81967e4e5a909a5

SHA256
f9941bfef5aecf4df2102391f230b49024dbd532d43909cdb347f21ede9a256c

SHA512
7d69f02253c53114d9c88582a22c9c359114066ef88d2fe8ca2062b00adb6eaf3f0e006cd516136b139e8d1e0600e39f313a4123bd7aced7d2d5d48431d16846

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61566.exe
Filesize
184KB

MD5
206b4a2f0c47a5a6122c9c7c1239dea1

SHA1
12336dbab16a70d82b455b72bacf3adf178cc8f3

SHA256
dbf6116cb7c2e801e5c28dbccabecdb32b42e02b63ee1e93d3a440129e0a594d

SHA512
b51dbf51b5b8acafe81c3850b8d9ec16ec6673d2b918f6bd52376832add29115dc3055e87ddaa77fef4cf4b21927408bce5830f72ae45eb889ec8485e9f9c13e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6420.exe
Filesize
184KB

MD5
9c8125a27af518a676509c9f5f0be9ac

SHA1
1ac927a2b84d6ca9fe8156361dedc7bcbe52cb5f

SHA256
88d9cf06858b7ea8e3bd9d4aff7d85f51e835435e695c93c5016f46761121380

SHA512
0dd07eddfc30558141ced7d7571ed94e2f9f481f321d872d9bb76ccc246766d5efc8d9ab1eb60408d45e4e3f313e1ceb021d2f39ffdcff81bfe59423193be526

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12730.exe
Filesize
184KB

MD5
80e82adcc3bb217ecdb8cfbf63b48d92

SHA1
49f8f83222af4860b16e9ff93be101854a3a4ed6

SHA256
f0074ff8f36a0eb0f03b76903873cf2a6447eddba0e9e4fdbdbc0ab14fa9526a

SHA512
0c2bb5d616194d102b04507ec40679ea794f7c232aeb4dbefe82f90c4921733b959c15f86a4beaf0f1012a1f34f634c451a92948f61bbb949137cec89d3feda1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
Filesize
184KB

MD5
738a65bb21ab8aca8260a0cd669426fa

SHA1
5d4fda826882a15ccbe23a8758efb5124a70094c

SHA256
3d31a6aff27fe6538a9de793c89294d169b9984b33c3fff433df3947335bf847

SHA512
eeadd0b705c53719df324f5f255dc92a7bb144f00e34754200b41f9e456382355e7cbbb4e3db243da1833fbfa81e95a488f6bf8fd7cf02af8a0bfb2c132d1e24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21610.exe
Filesize
184KB

MD5
fc1bbb0627f0c2d37296a84060be7789

SHA1
354315ce5254396ef76bde8bd808289d55994cf7

SHA256
2bfc7155225c11e3891b0f8aaedcb06147fc5011637ff39feb4ecb652a326239

SHA512
800d6d26bb0bdc0afeae6c96ce9f977cc89b583352f7617101de51cc0f3f2d760cb6e5e9c25fbffa260f5ffeba1c867a59778c1bb0d9ed8fc72a32f93a594090

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26929.exe
Filesize
184KB

MD5
40153ecdf922c3ef9d8583503d948fb7

SHA1
fadf04cefd097656c89c6601b0bd27c39ca02633

SHA256
a0c09fc9e8a860daa78e84e051bb6fd92a7c2b8e6f91122bc028df659d60792d

SHA512
5abb5bb06a30d6623addfc67fcfd5b3e26d18363920dfa09e8d6a810e51b272e1c4edeaafe94c443b37b7f8d904525f87150138a2d6c805e218fa3227237577c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27400.exe
Filesize
184KB

MD5
6aa0b1ff31ca080fa98064db79b3b6e0

SHA1
7f592df1bb75adfd7824f7078a9b25481cb5b683

SHA256
5ef544e105f95027bb04f531e9ae3bedfc83dfc81acb3d507dec9c04c377dcba

SHA512
9b846908ea36a948c13ab155414d88a3aa6e1100012c7c1b17bfc219e6d3fc5154065ea7aff47aff7c3135fee2592931ed944c1b11a6acadd4ca2c992d92297f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3197.exe
Filesize
184KB

MD5
7eb39a90bf24e027912fe76ba263a093

SHA1
f0ab14761636f147673371bbd959079293df42fd

SHA256
b6f931e0ee6eb33c11ba2fc2ae9c3da1efd998f5e33e5acd9eb7eb874b9c2cd0

SHA512
9db32c9ffa96882ba8e8789b6630727859de59d36d6e38dacc4aee4382951278c049680644c7de7af20d668681c1c7e1c841dbc29ed4c3eafb4142c32b86a0f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37706.exe
Filesize
184KB

MD5
83d2394b615d9f2b1473e5c33ef46bfa

SHA1
f62bac5d8ae209571e8f345628bda6653eceba26

SHA256
e68263bb0c25e0e4d061b00b86efadf730d5be92239b948cd0b84fecbf6194d1

SHA512
fc7cbd5569085364f4c90cbdae287a456c1efdb2fa7616f56d1e1471bf05ecc27a8a9dc43d6d49119f64c50cbd75fcc2be302dc5e34f740b1fcd75861b130803

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48361.exe
Filesize
184KB

MD5
2c7fff9ab8bc3dae026ce6e8300187ee

SHA1
04d0d419570ad1651b991c1b9783e53fae1234c7

SHA256
47b468fe44fb7cd4ce754f427b4301bf035a82766633d7afe44a3898ea405108

SHA512
24d995ceafcac67b5f56e61a1105280e4a55343221a0be214e4aa558b04f78cecee96dc7c8d55df6ddb6f8b99cde175cc792d49d69557af2e17905b8c36c17be

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58402.exe
Filesize
184KB

MD5
910effa9660695cfd454fe5f3cc506b9

SHA1
4e47de1817eed5da6a509ef9b6c850ea659b9bf4

SHA256
2d7a2675de2eaf08f833a17f7b760027680af2b35523d7045c11dbabafccd833

SHA512
d9b4148bc70d391b720ff29d86c34d8dc1de20672d99e1106dca33c83ba09728718661d3b2aba9c491f48b2ebc0626d1761433705f64d622b5d42244373afaed

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59222.exe
Filesize
184KB

MD5
7a096556af9c1435bf372977b5e1c74b

SHA1
3bd76f979ce97c7d35910a1fef708c83a3078d50

SHA256
f3061679701ba92f94d8d84ad1fe5e1c2b99b80e0e9fe2b6d1eedd869da71512

SHA512
22faeef645f61ff74f196b0923903cecdf1c23c82d8fefdf77a7a2b3fed45d974524569cd2cb43b1696b20f256b2d7ff31d7f3de271efa452fff49d3e420b5df

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
Filesize
184KB

MD5
af6a7c0268ca2c7175f8410be9731098

SHA1
cc359f1eaa534851b2ddfa945df4247f08f8cf16

SHA256
fcfa8665227d35a8276435960cda7c4855f621699f8db4c0f6753f3e9cf117f0

SHA512
7a43aa49f712bf32349f08e6902b53afaf59884d3c91431befdfbee9e4b7ece8448e473194817ea4dd4406e9c39fcdae469d57595cc81253ee0d57f95259d9ae

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
Filesize
184KB

MD5
468d938098d1ffe2263ddf3024955aec

SHA1
7dbebad6c55f2a70df469123c1b879d1516594ce

SHA256
fb4677f98f8904912b0b96e9ba154db32540850175059847382c7617a0b1748d

SHA512
83e8e2199d87b0a2afc24ed42f065791bcdc1d8fdf89ce738c978f42c0a68aec8e7d8f8a09487816b5fc70a5e5677b622d44baeba35761d7783155f37f557c4f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads