81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
Size

184KB
MD5

4a7f44a3275fdd0f365333cc48c84d24
SHA1

02071cd8d4331e771cd47eba4a0d1c834f0929c4
SHA256

81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74
SHA512

f9b5e530a33b641e62be1324ce2c4b24fddf71db213b4b4ac3c7e706f5fbef971a1879e7b2ee3c6eba89f740e5e3d046717594a1700fd49d69fbef2153a63deb
SSDEEP

3072:EBhyKgM+OpaSdw/Ye/CUaX1YCYxMBzXXMLBO5qAUBshlnVOFrnr:EByMK+w/eLX1YecV4hlnVOFr

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-27229.exeUnicorn-1738.exeUnicorn-12599.exeUnicorn-24188.exeUnicorn-51385.exeUnicorn-5713.exeUnicorn-17232.exeUnicorn-41413.exeUnicorn-47958.exeUnicorn-60210.exeUnicorn-40344.exeUnicorn-47548.exeUnicorn-59800.exeUnicorn-29074.exeUnicorn-35850.exeUnicorn-35850.exeUnicorn-37242.exeUnicorn-33158.exeUnicorn-51715.exeUnicorn-62576.exeUnicorn-29157.exeUnicorn-9291.exeUnicorn-10874.exeUnicorn-6790.exeUnicorn-64714.exeUnicorn-19043.exeUnicorn-49769.exeUnicorn-29903.exeUnicorn-58575.exeUnicorn-26225.exeUnicorn-18803.exeUnicorn-3858.exeUnicorn-29432.exeUnicorn-22887.exeUnicorn-60713.exeUnicorn-15041.exeUnicorn-31186.exeUnicorn-61912.exeUnicorn-7236.exeUnicorn-57828.exeUnicorn-2083.exeUnicorn-21949.exeUnicorn-35270.exeUnicorn-46131.exeUnicorn-18332.exeUnicorn-41444.exeUnicorn-8025.exeUnicorn-14802.exeUnicorn-12109.exeUnicorn-54896.exeUnicorn-30946.exeUnicorn-28254.exeUnicorn-51367.exeUnicorn-18140.exeUnicorn-34476.exeUnicorn-46728.exeUnicorn-11917.exeUnicorn-58129.exeUnicorn-58129.exeUnicorn-12457.exeUnicorn-43184.exeUnicorn-39100.exeUnicorn-8373.exeUnicorn-31486.exe

pid	process
2084	Unicorn-27229.exe
2620	Unicorn-1738.exe
2960	Unicorn-12599.exe
2844	Unicorn-24188.exe
2776	Unicorn-51385.exe
2056	Unicorn-5713.exe
1532	Unicorn-17232.exe
2916	Unicorn-41413.exe
2904	Unicorn-47958.exe
2088	Unicorn-60210.exe
624	Unicorn-40344.exe
860	Unicorn-47548.exe
1748	Unicorn-59800.exe
1252	Unicorn-29074.exe
1244	Unicorn-35850.exe
380	Unicorn-35850.exe
1992	Unicorn-37242.exe
668	Unicorn-33158.exe
1900	Unicorn-51715.exe
2500	Unicorn-62576.exe
2392	Unicorn-29157.exe
1776	Unicorn-9291.exe
928	Unicorn-10874.exe
304	Unicorn-6790.exe
684	Unicorn-64714.exe
2368	Unicorn-19043.exe
2388	Unicorn-49769.exe
1512	Unicorn-29903.exe
2852	Unicorn-58575.exe
1892	Unicorn-26225.exe
2636	Unicorn-18803.exe
2736	Unicorn-3858.exe
2752	Unicorn-29432.exe
2560	Unicorn-22887.exe
1028	Unicorn-60713.exe
2548	Unicorn-15041.exe
288	Unicorn-31186.exe
1728	Unicorn-61912.exe
2900	Unicorn-7236.exe
2892	Unicorn-57828.exe
544	Unicorn-2083.exe
1652	Unicorn-21949.exe
1660	Unicorn-35270.exe
2164	Unicorn-46131.exe
2052	Unicorn-18332.exe
2980	Unicorn-41444.exe
1292	Unicorn-8025.exe
604	Unicorn-14802.exe
2116	Unicorn-12109.exe
1328	Unicorn-54896.exe
344	Unicorn-30946.exe
908	Unicorn-28254.exe
1976	Unicorn-51367.exe
2436	Unicorn-18140.exe
1664	Unicorn-34476.exe
1580	Unicorn-46728.exe
2060	Unicorn-11917.exe
2724	Unicorn-58129.exe
2656	Unicorn-58129.exe
2728	Unicorn-12457.exe
2896	Unicorn-43184.exe
2580	Unicorn-39100.exe
2552	Unicorn-8373.exe
396	Unicorn-31486.exe

Loads dropped DLL 64 IoCs

Processes:

81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exeUnicorn-27229.exeUnicorn-1738.exeUnicorn-12599.exeWerFault.exeUnicorn-51385.exeUnicorn-5713.exeUnicorn-24188.exeWerFault.exeWerFault.exeUnicorn-60210.exeUnicorn-17232.exeUnicorn-47958.exeUnicorn-40344.exeUnicorn-41413.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
2084	Unicorn-27229.exe
2084	Unicorn-27229.exe
2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
2620	Unicorn-1738.exe
2620	Unicorn-1738.exe
2084	Unicorn-27229.exe
2084	Unicorn-27229.exe
2960	Unicorn-12599.exe
2960	Unicorn-12599.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
3032	WerFault.exe
2776	Unicorn-51385.exe
2776	Unicorn-51385.exe
2056	Unicorn-5713.exe
2960	Unicorn-12599.exe
2056	Unicorn-5713.exe
2960	Unicorn-12599.exe
2844	Unicorn-24188.exe
2844	Unicorn-24188.exe
2620	Unicorn-1738.exe
2620	Unicorn-1738.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2868	WerFault.exe
2512	WerFault.exe
2868	WerFault.exe
2088	Unicorn-60210.exe
1532	Unicorn-17232.exe
2088	Unicorn-60210.exe
2904	Unicorn-47958.exe
2904	Unicorn-47958.exe
1532	Unicorn-17232.exe
2776	Unicorn-51385.exe
2844	Unicorn-24188.exe
2776	Unicorn-51385.exe
2844	Unicorn-24188.exe
624	Unicorn-40344.exe
624	Unicorn-40344.exe
2916	Unicorn-41413.exe
2916	Unicorn-41413.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1104	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe
1612	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2680	2456	WerFault.exe	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
3032	2084	WerFault.exe	Unicorn-27229.exe
2512	2620	WerFault.exe	Unicorn-1738.exe
2868	2960	WerFault.exe	Unicorn-12599.exe
1484	2776	WerFault.exe	Unicorn-51385.exe
1104	2056	WerFault.exe	Unicorn-5713.exe
1612	2844	WerFault.exe	Unicorn-24188.exe
1712	1532	WerFault.exe	Unicorn-17232.exe
1508	2088	WerFault.exe	Unicorn-60210.exe
1592	2904	WerFault.exe	Unicorn-47958.exe
2448	624	WerFault.exe	Unicorn-40344.exe
2004	2916	WerFault.exe	Unicorn-41413.exe
2804	1748	WerFault.exe	Unicorn-59800.exe
1256	1252	WerFault.exe	Unicorn-29074.exe
1436	860	WerFault.exe	Unicorn-47548.exe
2100	1244	WerFault.exe	Unicorn-35850.exe
1984	1992	WerFault.exe	Unicorn-37242.exe
2120	668	WerFault.exe	Unicorn-33158.exe
692	380	WerFault.exe	Unicorn-35850.exe
2488	1900	WerFault.exe	Unicorn-51715.exe
752	2500	WerFault.exe	Unicorn-62576.exe
448	1776	WerFault.exe	Unicorn-9291.exe
1888	2392	WerFault.exe	Unicorn-29157.exe
984	928	WerFault.exe	Unicorn-10874.exe
2316	304	WerFault.exe	Unicorn-6790.exe
2172	684	WerFault.exe	Unicorn-64714.exe
1956	2368	WerFault.exe	Unicorn-19043.exe
2812	1512	WerFault.exe	Unicorn-29903.exe
2952	2388	WerFault.exe	Unicorn-49769.exe
3060	2852	WerFault.exe	Unicorn-58575.exe
1392	1892	WerFault.exe	Unicorn-26225.exe
2276	2636	WerFault.exe	Unicorn-18803.exe
1704	2736	WerFault.exe	Unicorn-3858.exe
2168	2752	WerFault.exe	Unicorn-29432.exe
1088	1028	WerFault.exe	Unicorn-60713.exe
2972	2548	WerFault.exe	Unicorn-15041.exe
2556	1728	WerFault.exe	Unicorn-61912.exe
1220	288	WerFault.exe	Unicorn-31186.exe
3080	544	WerFault.exe	Unicorn-2083.exe
1812	2560	WerFault.exe	Unicorn-22887.exe
3096	2892	WerFault.exe	Unicorn-57828.exe
3140	2164	WerFault.exe	Unicorn-46131.exe
3176	1660	WerFault.exe	Unicorn-35270.exe
3184	1652	WerFault.exe	Unicorn-21949.exe
3228	2900	WerFault.exe	Unicorn-7236.exe
3740	1664	WerFault.exe	Unicorn-34476.exe
3500	1632	WerFault.exe	Unicorn-27402.exe
3800	1976	WerFault.exe	Unicorn-51367.exe
3836	1292	WerFault.exe	Unicorn-8025.exe
3868	1628	WerFault.exe	Unicorn-47268.exe
3960	2552	WerFault.exe	Unicorn-8373.exe
4020	1328	WerFault.exe	Unicorn-54896.exe
4060	2980	WerFault.exe	Unicorn-41444.exe
3268	908	WerFault.exe	Unicorn-28254.exe
3888	2116	WerFault.exe	Unicorn-12109.exe
3364	604	WerFault.exe	Unicorn-14802.exe
3552	1208	WerFault.exe	Unicorn-63495.exe
3576	1324	WerFault.exe	Unicorn-64050.exe
3640	2580	WerFault.exe	Unicorn-39100.exe
3648	2896	WerFault.exe	Unicorn-43184.exe
3724	2632	WerFault.exe	Unicorn-63303.exe
3744	1836	WerFault.exe	Unicorn-10018.exe
3972	2568	WerFault.exe	Unicorn-20879.exe
4076	3036	WerFault.exe	Unicorn-51352.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exeUnicorn-27229.exeUnicorn-1738.exeUnicorn-12599.exeUnicorn-51385.exeUnicorn-24188.exeUnicorn-5713.exeUnicorn-17232.exeUnicorn-47958.exeUnicorn-60210.exeUnicorn-40344.exeUnicorn-41413.exeUnicorn-59800.exeUnicorn-47548.exeUnicorn-29074.exeUnicorn-37242.exeUnicorn-33158.exeUnicorn-35850.exeUnicorn-35850.exeUnicorn-51715.exeUnicorn-62576.exeUnicorn-9291.exeUnicorn-29157.exeUnicorn-10874.exeUnicorn-6790.exeUnicorn-64714.exeUnicorn-19043.exeUnicorn-29903.exeUnicorn-49769.exeUnicorn-58575.exeUnicorn-26225.exeUnicorn-18803.exeUnicorn-3858.exeUnicorn-29432.exeUnicorn-22887.exeUnicorn-60713.exeUnicorn-15041.exeUnicorn-61912.exeUnicorn-2083.exeUnicorn-31186.exeUnicorn-7236.exeUnicorn-57828.exeUnicorn-21949.exeUnicorn-35270.exeUnicorn-46131.exeUnicorn-18332.exeUnicorn-41444.exeUnicorn-8025.exeUnicorn-14802.exeUnicorn-12109.exeUnicorn-54896.exeUnicorn-30946.exeUnicorn-28254.exeUnicorn-51367.exeUnicorn-18140.exeUnicorn-34476.exeUnicorn-46728.exeUnicorn-11917.exeUnicorn-58129.exeUnicorn-58129.exeUnicorn-39100.exeUnicorn-43184.exeUnicorn-12457.exeUnicorn-31486.exe

pid	process
2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
2084	Unicorn-27229.exe
2620	Unicorn-1738.exe
2960	Unicorn-12599.exe
2776	Unicorn-51385.exe
2844	Unicorn-24188.exe
2056	Unicorn-5713.exe
1532	Unicorn-17232.exe
2904	Unicorn-47958.exe
2088	Unicorn-60210.exe
624	Unicorn-40344.exe
2916	Unicorn-41413.exe
1748	Unicorn-59800.exe
860	Unicorn-47548.exe
1252	Unicorn-29074.exe
1992	Unicorn-37242.exe
668	Unicorn-33158.exe
1244	Unicorn-35850.exe
380	Unicorn-35850.exe
1900	Unicorn-51715.exe
2500	Unicorn-62576.exe
1776	Unicorn-9291.exe
2392	Unicorn-29157.exe
928	Unicorn-10874.exe
304	Unicorn-6790.exe
684	Unicorn-64714.exe
2368	Unicorn-19043.exe
1512	Unicorn-29903.exe
2388	Unicorn-49769.exe
2852	Unicorn-58575.exe
1892	Unicorn-26225.exe
2636	Unicorn-18803.exe
2736	Unicorn-3858.exe
2752	Unicorn-29432.exe
2560	Unicorn-22887.exe
1028	Unicorn-60713.exe
2548	Unicorn-15041.exe
1728	Unicorn-61912.exe
544	Unicorn-2083.exe
288	Unicorn-31186.exe
2900	Unicorn-7236.exe
2892	Unicorn-57828.exe
1652	Unicorn-21949.exe
1660	Unicorn-35270.exe
2164	Unicorn-46131.exe
2052	Unicorn-18332.exe
2980	Unicorn-41444.exe
1292	Unicorn-8025.exe
604	Unicorn-14802.exe
2116	Unicorn-12109.exe
1328	Unicorn-54896.exe
344	Unicorn-30946.exe
908	Unicorn-28254.exe
1976	Unicorn-51367.exe
2436	Unicorn-18140.exe
1664	Unicorn-34476.exe
1580	Unicorn-46728.exe
2060	Unicorn-11917.exe
2656	Unicorn-58129.exe
2724	Unicorn-58129.exe
2580	Unicorn-39100.exe
2896	Unicorn-43184.exe
2728	Unicorn-12457.exe
396	Unicorn-31486.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exeUnicorn-27229.exeUnicorn-1738.exeUnicorn-12599.exeUnicorn-51385.exeUnicorn-5713.exeUnicorn-24188.exeUnicorn-60210.exe

description	pid	process	target process
PID 2456 wrote to memory of 2084	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-27229.exe
PID 2456 wrote to memory of 2084	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-27229.exe
PID 2456 wrote to memory of 2084	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-27229.exe
PID 2456 wrote to memory of 2084	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-27229.exe
PID 2084 wrote to memory of 2620	2084	Unicorn-27229.exe	Unicorn-1738.exe
PID 2084 wrote to memory of 2620	2084	Unicorn-27229.exe	Unicorn-1738.exe
PID 2084 wrote to memory of 2620	2084	Unicorn-27229.exe	Unicorn-1738.exe
PID 2084 wrote to memory of 2620	2084	Unicorn-27229.exe	Unicorn-1738.exe
PID 2456 wrote to memory of 2960	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-12599.exe
PID 2456 wrote to memory of 2960	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-12599.exe
PID 2456 wrote to memory of 2960	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-12599.exe
PID 2456 wrote to memory of 2960	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	Unicorn-12599.exe
PID 2456 wrote to memory of 2680	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	WerFault.exe
PID 2456 wrote to memory of 2680	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	WerFault.exe
PID 2456 wrote to memory of 2680	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	WerFault.exe
PID 2456 wrote to memory of 2680	2456	81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe	WerFault.exe
PID 2620 wrote to memory of 2844	2620	Unicorn-1738.exe	Unicorn-24188.exe
PID 2620 wrote to memory of 2844	2620	Unicorn-1738.exe	Unicorn-24188.exe
PID 2620 wrote to memory of 2844	2620	Unicorn-1738.exe	Unicorn-24188.exe
PID 2620 wrote to memory of 2844	2620	Unicorn-1738.exe	Unicorn-24188.exe
PID 2084 wrote to memory of 2776	2084	Unicorn-27229.exe	Unicorn-51385.exe
PID 2084 wrote to memory of 2776	2084	Unicorn-27229.exe	Unicorn-51385.exe
PID 2084 wrote to memory of 2776	2084	Unicorn-27229.exe	Unicorn-51385.exe
PID 2084 wrote to memory of 2776	2084	Unicorn-27229.exe	Unicorn-51385.exe
PID 2960 wrote to memory of 2056	2960	Unicorn-12599.exe	Unicorn-5713.exe
PID 2960 wrote to memory of 2056	2960	Unicorn-12599.exe	Unicorn-5713.exe
PID 2960 wrote to memory of 2056	2960	Unicorn-12599.exe	Unicorn-5713.exe
PID 2960 wrote to memory of 2056	2960	Unicorn-12599.exe	Unicorn-5713.exe
PID 2084 wrote to memory of 3032	2084	Unicorn-27229.exe	WerFault.exe
PID 2084 wrote to memory of 3032	2084	Unicorn-27229.exe	WerFault.exe
PID 2084 wrote to memory of 3032	2084	Unicorn-27229.exe	WerFault.exe
PID 2084 wrote to memory of 3032	2084	Unicorn-27229.exe	WerFault.exe
PID 2776 wrote to memory of 1532	2776	Unicorn-51385.exe	Unicorn-17232.exe
PID 2776 wrote to memory of 1532	2776	Unicorn-51385.exe	Unicorn-17232.exe
PID 2776 wrote to memory of 1532	2776	Unicorn-51385.exe	Unicorn-17232.exe
PID 2776 wrote to memory of 1532	2776	Unicorn-51385.exe	Unicorn-17232.exe
PID 2960 wrote to memory of 2916	2960	Unicorn-12599.exe	Unicorn-41413.exe
PID 2960 wrote to memory of 2916	2960	Unicorn-12599.exe	Unicorn-41413.exe
PID 2960 wrote to memory of 2916	2960	Unicorn-12599.exe	Unicorn-41413.exe
PID 2960 wrote to memory of 2916	2960	Unicorn-12599.exe	Unicorn-41413.exe
PID 2056 wrote to memory of 2904	2056	Unicorn-5713.exe	Unicorn-47958.exe
PID 2056 wrote to memory of 2904	2056	Unicorn-5713.exe	Unicorn-47958.exe
PID 2056 wrote to memory of 2904	2056	Unicorn-5713.exe	Unicorn-47958.exe
PID 2056 wrote to memory of 2904	2056	Unicorn-5713.exe	Unicorn-47958.exe
PID 2844 wrote to memory of 2088	2844	Unicorn-24188.exe	Unicorn-60210.exe
PID 2844 wrote to memory of 2088	2844	Unicorn-24188.exe	Unicorn-60210.exe
PID 2844 wrote to memory of 2088	2844	Unicorn-24188.exe	Unicorn-60210.exe
PID 2844 wrote to memory of 2088	2844	Unicorn-24188.exe	Unicorn-60210.exe
PID 2620 wrote to memory of 624	2620	Unicorn-1738.exe	Unicorn-40344.exe
PID 2620 wrote to memory of 624	2620	Unicorn-1738.exe	Unicorn-40344.exe
PID 2620 wrote to memory of 624	2620	Unicorn-1738.exe	Unicorn-40344.exe
PID 2620 wrote to memory of 624	2620	Unicorn-1738.exe	Unicorn-40344.exe
PID 2620 wrote to memory of 2512	2620	Unicorn-1738.exe	WerFault.exe
PID 2620 wrote to memory of 2512	2620	Unicorn-1738.exe	WerFault.exe
PID 2620 wrote to memory of 2512	2620	Unicorn-1738.exe	WerFault.exe
PID 2620 wrote to memory of 2512	2620	Unicorn-1738.exe	WerFault.exe
PID 2960 wrote to memory of 2868	2960	Unicorn-12599.exe	WerFault.exe
PID 2960 wrote to memory of 2868	2960	Unicorn-12599.exe	WerFault.exe
PID 2960 wrote to memory of 2868	2960	Unicorn-12599.exe	WerFault.exe
PID 2960 wrote to memory of 2868	2960	Unicorn-12599.exe	WerFault.exe
PID 2088 wrote to memory of 860	2088	Unicorn-60210.exe	Unicorn-47548.exe
PID 2088 wrote to memory of 860	2088	Unicorn-60210.exe	Unicorn-47548.exe
PID 2088 wrote to memory of 860	2088	Unicorn-60210.exe	Unicorn-47548.exe
PID 2088 wrote to memory of 860	2088	Unicorn-60210.exe	Unicorn-47548.exe

C:\Users\Admin\AppData\Local\Temp\81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe
"C:\Users\Admin\AppData\Local\Temp\81fbbf75f57ad2ab29baa7de51d6b301bb2b31b52b145661feec413f49190c74.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29157.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29432.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28254.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39183.exe
10⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12815.exe
11⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
12⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61108.exe
13⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
14⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57663.exe
15⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
15⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
14⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
13⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
12⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
11⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23676.exe
10⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50999.exe
11⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30766.exe
12⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24835.exe
13⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39573.exe
14⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 220
14⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
13⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
12⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
11⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 220
10⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52182.exe
9⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8539.exe
10⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14818.exe
11⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65192.exe
12⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51093.exe
13⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2432.exe
14⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
14⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
13⤵
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
12⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
11⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
10⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
9⤵
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51367.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33153.exe
9⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37320.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
11⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23968.exe
12⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
13⤵
PID:8684

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
14⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8684 -s 216
14⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
13⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
12⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
11⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12659.exe
10⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18623.exe
11⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
12⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14061.exe
13⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
13⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
12⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
11⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63059.exe
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53241.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26890.exe
12⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
12⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
10⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
9⤵
- Program crash
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
8⤵
- Program crash
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43184.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12488.exe
10⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33288.exe
11⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13734.exe
12⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45302.exe
13⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 220
13⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
10⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
9⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
8⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24527.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30875.exe
10⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9821.exe
11⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15286.exe
12⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
12⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
11⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
10⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 216
9⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 220
8⤵
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
7⤵
- Program crash
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41444.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63303.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
9⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-236.exe
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23366.exe
11⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54082.exe
12⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
13⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
13⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
11⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 236
10⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
9⤵
- Program crash
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24549.exe
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12099.exe
10⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21436.exe
11⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34529.exe
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
12⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6564 -s 216
11⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
10⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 236
9⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
8⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 216
7⤵
- Program crash
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 220
6⤵
- Program crash
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49769.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35270.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51352.exe
8⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53381.exe
9⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
10⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60558.exe
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51674.exe
12⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21898.exe
13⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7554.exe
14⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
14⤵
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
13⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
12⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
11⤵
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
10⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59255.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57605.exe
10⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25120.exe
11⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27549.exe
12⤵
PID:9624

C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8545.exe
13⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 220
13⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
12⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
11⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
9⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64242.exe
8⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37512.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33200.exe
11⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62354.exe
12⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20985.exe
13⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 236
13⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 236
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
11⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 220
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
8⤵
- Program crash
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62213.exe
7⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19208.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21233.exe
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42224.exe
10⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9733.exe
11⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28063.exe
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
12⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 236
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 216
8⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
7⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46131.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
8⤵
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13583.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53604.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3599.exe
11⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-740.exe
12⤵
PID:11664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
13⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 216
12⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
10⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13282.exe
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48877.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-86.exe
11⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 236
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
10⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
8⤵
- Program crash
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
7⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38576.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4419.exe
10⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50294.exe
11⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62977.exe
12⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
12⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 236
11⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 236
8⤵
PID:4800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 240
7⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
6⤵
- Program crash
PID:692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37242.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61912.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46728.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26739.exe
9⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50615.exe
11⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11715.exe
12⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
13⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24415.exe
14⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 220
14⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 216
13⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
12⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
11⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59162.exe
11⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41856.exe
12⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 220
13⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 216
12⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
11⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48373.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15088.exe
11⤵
PID:6780

C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
12⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42645.exe
13⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
13⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6780 -s 236
12⤵
PID:10408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
11⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 216
10⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2789.exe
8⤵
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24565.exe
11⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
12⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15811.exe
13⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 236
13⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
12⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 216
9⤵
PID:4668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
8⤵
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10402.exe
8⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54424.exe
9⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5519.exe
10⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55654.exe
11⤵
PID:6708

C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10060.exe
12⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63885.exe
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6708 -s 220
12⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
11⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
10⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38642.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29443.exe
11⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 236
12⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 236
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
8⤵
PID:5016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
7⤵
- Program crash
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-7236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47268.exe
7⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27315.exe
8⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19173.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63402.exe
12⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58981.exe
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 236
13⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
12⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 216
9⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
8⤵
- Program crash
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3365.exe
7⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6785.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
9⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39209.exe
10⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5457.exe
11⤵
PID:9992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25733.exe
12⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9992 -s 236
12⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 216
11⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
10⤵
PID:1732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 216
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
7⤵
- Program crash
PID:3228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
6⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64714.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31186.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11917.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8264.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13007.exe
9⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9027.exe
10⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35338.exe
11⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 220
12⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
11⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
10⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43122.exe
10⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49142.exe
11⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33346.exe
12⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 236
12⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 236
11⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
10⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 240
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27293.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27782.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17196.exe
9⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
8⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
7⤵
- Program crash
PID:1220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 236
6⤵
- Program crash
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
5⤵
- Program crash
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58575.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18332.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63495.exe
8⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62317.exe
9⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54699.exe
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
11⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
12⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
13⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
13⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
12⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
10⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 236
9⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38367.exe
8⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26495.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
10⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57616.exe
11⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52235.exe
12⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 216
11⤵
PID:9264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64050.exe
7⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4948.exe
8⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
10⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22505.exe
11⤵
PID:9064

C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
12⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9064 -s 216
12⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 216
9⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
8⤵
- Program crash
PID:3576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
7⤵
- Program crash
PID:3060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
6⤵
- Program crash
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
5⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35850.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10874.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34476.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
8⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3277.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52945.exe
10⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19884.exe
11⤵
PID:6224

C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39971.exe
12⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26636.exe
13⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 220
13⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6224 -s 216
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 236
11⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
10⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6245.exe
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30683.exe
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22806.exe
11⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 236
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26198.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5882.exe
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57216.exe
10⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59754.exe
11⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5940.exe
12⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 220
12⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
11⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
9⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 220
8⤵
- Program crash
PID:3740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 216
7⤵
- Program crash
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58129.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32961.exe
7⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17668.exe
8⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62696.exe
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
10⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15676.exe
11⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19615.exe
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
12⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
10⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
9⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40780.exe
7⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52582.exe
8⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1466.exe
9⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53008.exe
10⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9692.exe
11⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11240 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
10⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
9⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
8⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 220
7⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
6⤵
- Program crash
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60713.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18140.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43075.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47818.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19718.exe
9⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39422.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60216.exe
11⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5032.exe
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
12⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 216
11⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 216
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62763.exe
7⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47154.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
9⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
10⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
11⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 216
11⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
10⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
9⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
8⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62104.exe
6⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35950.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18758.exe
8⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39510.exe
9⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64305.exe
10⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53662.exe
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
10⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
9⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
8⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 236
7⤵
PID:4460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1028 -s 240
6⤵
- Program crash
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
5⤵
- Program crash
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51715.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26225.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8025.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63879.exe
9⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53464.exe
10⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18711.exe
11⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56038.exe
12⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31441.exe
13⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
14⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 216
14⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
13⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
12⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
11⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41766.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
11⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
12⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18385.exe
13⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
12⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
10⤵
PID:4564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 240
9⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 236
8⤵
- Program crash
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-14802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14802.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10018.exe
8⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62893.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47491.exe
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57408.exe
11⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51477.exe
12⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50517.exe
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 220
13⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
12⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
11⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
10⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 216
9⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56349.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4512.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17144.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
11⤵
PID:9268

C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26060.exe
12⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9268 -s 216
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
10⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
8⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
7⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18803.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12109.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51435.exe
8⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55794.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44777.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47102.exe
11⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52416.exe
12⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9420 -s 220
13⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
12⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
10⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1118.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57221.exe
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55270.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
11⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 220
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
11⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
10⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
9⤵
PID:5328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
8⤵
- Program crash
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33707.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25452.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28633.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29012.exe
10⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5976.exe
11⤵
PID:9028

C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9028 -s 216
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 220
11⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
9⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 236
8⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
7⤵
- Program crash
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
6⤵
- Program crash
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62576.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3858.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26115.exe
8⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61497.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14538.exe
10⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22266.exe
11⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21161.exe
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
11⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
9⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
8⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20879.exe
7⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53656.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
9⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29588.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52328.exe
11⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-15619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15619.exe
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 236
11⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
8⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
- Program crash
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30946.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:344

C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14486.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62592.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25748.exe
9⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28540.exe
10⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49526.exe
11⤵
PID:10804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
12⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10804 -s 236
12⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 236
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
8⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46811.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31970.exe
8⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4611.exe
9⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
10⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39843.exe
11⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
11⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 216
10⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
9⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 220
8⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 240
7⤵
PID:5032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
6⤵
- Program crash
PID:752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
5⤵
- Program crash
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33158.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57828.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8373.exe
7⤵
- Executes dropped EXE
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22655.exe
8⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35374.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37616.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30164.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
12⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11342.exe
13⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 236
13⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
10⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 236
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52753.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59354.exe
10⤵
PID:6388

C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6388 -s 216
11⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
8⤵
- Program crash
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49852.exe
7⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31586.exe
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61212.exe
10⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65431.exe
11⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15894.exe
12⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10296 -s 236
12⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 236
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4748 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 216
8⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
7⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31486.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:396

C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59603.exe
7⤵
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23698.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13687.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14258.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38405.exe
11⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15042.exe
12⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 236
12⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 236
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 216
8⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7916.exe
7⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55514.exe
8⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
9⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5540.exe
10⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34669.exe
11⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
10⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
9⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
8⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 396 -s 240
7⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2083.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12457.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18571.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9499.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30195.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53817.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26698.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18497.exe
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-28737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28737.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20476.exe
10⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51887.exe
11⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 236
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 236
9⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 220
8⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63339.exe
7⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8643.exe
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
9⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7870.exe
10⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51197.exe
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 236
11⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 216
10⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
9⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
8⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
7⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60158.exe
6⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25836.exe
7⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11357.exe
8⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5877.exe
9⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8607.exe
10⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-7694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7694.exe
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
11⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 220
10⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
9⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
7⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
6⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
5⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29903.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21949.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
6⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63687.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45680.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-1990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1990.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51378.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55561.exe
11⤵
PID:9084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9084 -s 216
12⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
10⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3256.exe
7⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38986.exe
8⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28073.exe
9⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56879.exe
10⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
11⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
11⤵
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 216
10⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
9⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
8⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
7⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56074.exe
6⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21176.exe
7⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48498.exe
8⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60553.exe
9⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38706.exe
10⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
11⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 236
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
10⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
9⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
7⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
6⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27402.exe
5⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37045.exe
6⤵
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56562.exe
7⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11933.exe
8⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42847.exe
9⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45011.exe
10⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44975.exe
11⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
11⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 216
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
9⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
8⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
7⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
6⤵
- Program crash
PID:3500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
5⤵
- Program crash
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
4⤵
- Program crash
PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
2⤵
- Program crash
PID:2680

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-1738.exe
Filesize
184KB

MD5
ca44a008d43fa561fdd5029211aa4512

SHA1
a0c1fb9be965271d1aa4d61f7b74b284935cf1a8

SHA256
98e07d31b5bd494877f72844c5eb3a080b009ef0241968d8b32c1d58607e88d9

SHA512
9990ee8344ee964eb92c2cc8b9c4d5dd31b89d7a81187faf7fa2bb3639ae1c213b1bf5491625bdd5e234130f2e9648653a0859744ff4a7c1db3730536f1017d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20715.exe
Filesize
184KB

MD5
8f23e5600d49e8772c374204d7f1732f

SHA1
5773c0e0dedc61e05d154a5f51b307721ccb7eee

SHA256
8651829e21bc4b22321d21bcc51ab21829db865f913c4e7c5978ea5605f752c6

SHA512
162c8537c9032cfa2c1681edf5e9166119e1b43fb67800ca3e983fcddf2ba19b733ee953f517f96b966047ef17c35d112084c3c283d31d936b9efdf7092fe731

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24124.exe
Filesize
184KB

MD5
5fb971c7947084d6b1c2dbd10ebad086

SHA1
77208f49c4ec10060b424609cd3f7c5345b102eb

SHA256
40b9958b3f4b7c94e9875d07db5b7c73259f9e8bdc1fda987d07fedfb143c0b6

SHA512
f2674b0d8d6f540fc3fe474b2022f3c31ffdb3da9921e2c94c72feddbffabe5834585f646d32204044f972ab736742052abb050eff40336bbf2c34fde57fbf5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
Filesize
184KB

MD5
92f5f0eef292eb2675098cd901af62d8

SHA1
b55b33716f6a7a4f3232859e355124f319802ed1

SHA256
adbfd34ed5f71135e73a2cd076d46adb4b8a3f7ec6d2b8088a76e7c2c930c9d3

SHA512
8e2057ff3e51ded8b83ec0b1c3fab6390d400539aed17e8f9ddf547d0c2f5697eac5a2ecf9d3ff248874a3bdb895a9f28691c0e3b3af263331f2602618728047

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32614.exe
Filesize
184KB

MD5
4feee33dfc9e15757e780ad41f1965b6

SHA1
b9693da942cc094c4aaa3a7de183f64ec11dce99

SHA256
cb8c5a1113e9b12740689f9e8a1cd2a18c90d1c1b409a9a9734da4d912e1dfb2

SHA512
8d58d961a3a0ae661111c9478c7ba3790a950b8e6b34f2eff9f3e259e522e81c52c81e1146a25d21175cce7686dd5535f43fe090043a2785ec0c2559c249ace4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40501.exe
Filesize
184KB

MD5
70085bd8359ca65618ca71bedbd0e2de

SHA1
4c17f7bed11baa71d8bbcf1970087d47febbb016

SHA256
4eb8b9910fe03f3b48c1393b4d92788d1a234c3cfb65e8eb040ea63deda372e2

SHA512
8a6feedd18dbfbf5e3109c9321c484e6ac6c21ff12555c0288135b477083fd6246271c97328d1bcb53cf0797c969b08bb9e6a043059de2046a5bdaf4b52234ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41301.exe
Filesize
184KB

MD5
77e44fb7e0adaf68ecf9ae9f8d923dcd

SHA1
57a9c3c548976e2bf024263ea29f3c672b609db7

SHA256
7fcaccaaa78dc240cbf19a2f1d951e6d0d41fb9efeaa0d727553ce3f8ae1a68d

SHA512
7a0f40f5ec54ed809bd1a2109a9c4666ae45f4a82a145ab1a7ea2b338e50aed3d751287e36be6b72f736a5f8d68d4c46f4d657e18c35d966410969329d52f537

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51385.exe
Filesize
184KB

MD5
0e30a89065cc52840b8665f7b0649a3d

SHA1
f9e19dc60c2f9beecbc0085715237fe81d7bfdbf

SHA256
7e280f7e9f98fd8b2381b21e806340e8452750f9108097be401b46f0cc69d356

SHA512
5ecd2da9218cecf305ff20704c777165112595e747ef4368e9bcb56db0f59498890e1db9af58e076cc65a24c8edd5fe86dfe7644894339dead68d566a689c2e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5713.exe
Filesize
184KB

MD5
fdba165a08a1408c4cd4331896152e09

SHA1
7b04363984d1173fd80964e427b28958360cf2de

SHA256
450e3feeff0f4e4949315af74fb91ca79471563b9df781ffa4b896ef0399f1aa

SHA512
1cc961927bc200fc154cbf20e56a323d226159fd5e312075a8a232cf18c35731bf032f576a512a4c84bda1c1708d5719dc7c7688258e01fda0173128ef70c340

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59800.exe
Filesize
184KB

MD5
4b485bff304fc9316a2aca921b9f69f3

SHA1
34be4aeace35521376b3a94ea1bb66a4334beb4f

SHA256
1ae54cbe5e2e92c3cfb17e73b8f68f2933c116b2e85008272b4f3dc2f87166be

SHA512
6570d095048919f65314a8beea040b7e8c55977e2fcdf751e6210f6c6ef903ab28a8ee0cda844ee46224bf4213b199ca27f08f280c9e8d297b2f284077a02d4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60070.exe
Filesize
184KB

MD5
ec69123a6f5f1227861845c3a3bc31b1

SHA1
58884da0f2a995dac94cfe91a08a5e168b59b531

SHA256
17f388411306e06e0823fea2f42b0f40a2505cfca641068c6dba8fefbecc0be4

SHA512
54c9a1439389d9f28f5556ef288a5ea404af4f7ed3ce120f85226aac2d7c591464e2aa41df9d8a10f103ce5e4c6e038a1f5b211e5835280ab944526f9a096451

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6790.exe
Filesize
184KB

MD5
23fe41351147e9f48c28e4bb5fa05ab6

SHA1
41f76eda3d209f97949c714bd18f10dc57b5004b

SHA256
c7d1850f9cce44245d8c2b2b88d9398dcaf8c57c4699fa237d13edf819c56683

SHA512
a289e41f2241127611ab8f01f989f2d476e98b1b85a9e55ac5cb464ea305e2a084d83ab43ef4b5569ccf31cb7d3061e5f60f4e058ff8d4063f2f788961051c03

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12599.exe
Filesize
184KB

MD5
5b7670992acf956739b89231d135496d

SHA1
1646c95c841c75e5c78ff8d2603e64f331dd4c09

SHA256
e2b51069072c2537a769c978a1258c726b431fd1d9e8960d08d514cd2384542b

SHA512
c44d1e98ef546e645085d1d0052f41bd6c21476d00fce016441de20f8a42de064eb05788dc17caa284b599f3221ffe70d84c0ce7e32da4451f5416910eac9d8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17232.exe
Filesize
184KB

MD5
04a74893728be54ade13cb731164043d

SHA1
1c1ec250b2d6f1e7e9331c348615225f94c6fe8f

SHA256
5320e5e43517a3ce8ae56833782066bedf44e82ff1be1b5ebaed6e098242a107

SHA512
612efc1c40532d3e6638e2ce6c758ad9e20ee81d635c3d44ac112513f02a1ea7723aba24241f21211d466ae46f7c055b342d08adf0d263dd38776f03245f7131

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24188.exe
Filesize
184KB

MD5
0f589815dae2800946f9e160c51dc165

SHA1
b5868ae33d610de01bd738e8c8825ff8e06edbbd

SHA256
3c3c707f82900d322d664b7feb05dd2ae4127466efc64f21c9096fa25114d19e

SHA512
2a64661087c9795ba4355f9f809fbf2f18bc658b69a3a55cd8f8b1f7b64a8a462451c72e193b67afa37e9a77bc8572c263fce5affcff33654a9e1db6f409142c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27229.exe
Filesize
184KB

MD5
8183d2943bcd805dfb30a27ffd00debe

SHA1
200072ea18135d16d7de2821cb631515e2a3483f

SHA256
a0b0966ea83d50103cd7767b465365498a7f1dd9c0ec8943e35303c25cf95e9f

SHA512
b61b5ef55503fdf917ed1744f769969ba459428ded610ebdcce5fc4ab99094b632adeb997908b45a990777e72638b8e31d0a1b62daf1cd7845c0769d74d0d38b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29074.exe
Filesize
184KB

MD5
89a7cbd58db961d4cf85a218ea5c9b46

SHA1
4d64198bf884c7ace7f234d571993676667ba382

SHA256
2ff5e874c52059269c2da2519f8f297cd1a9bba0641855279a173d7095b63da9

SHA512
41a5bf39e7cc48ff2c243821b671da34e7f8965a3116051b710da1a133c7ff1560efb2916110990c12831508f001d46fc2f75a96ba0cb6b7daba437a504792f4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40344.exe
Filesize
184KB

MD5
d6fdb7717cd9476f53dc3931769eeedf

SHA1
af896b9d6f936f8d9d94a918cdb9b685b408ad80

SHA256
94112266cc1f7179c6d8c2d021f9c9bfa05da3cbe7b5ffc2b6ef123018ea13fc

SHA512
44035a78dedf7b85507a52873b0dd5207b5b4e4c478230d9a01b0cba30840fc16d1cabd3f6b25cedf13543d21044b0a1a717e9117899d0bb99e92a52e693bced

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41413.exe
Filesize
184KB

MD5
b841d9abfd298906a0122633403b8953

SHA1
917586d48729a62c64cc44a3452845dce13a3fe0

SHA256
61139c0e932998aa8e256e4bcd4bed025aa65aa02bd420c8bc64d74e88fb7642

SHA512
5b09424eb50850af1cadda6d868830ac4abb31a671dc78cf0085398b21fe324282cc96b6224045a6f02bd0b4098060410507028646f7ba7d3266e99900dee625

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
Filesize
184KB

MD5
5d730ce76a4733d05dfe6660e68cb41e

SHA1
46c78c47b5383fb03a951744ba845d8089211007

SHA256
8c907848250998442ca1b40e565915631c1148ad1891975484a5b6fb96220144

SHA512
942ce7d9382a0a0e6b71c30fd853db4b7b7f9899ae81af1fe5380d030178dd4c0def882b7056eee394a1b26da1cf70f2aaab0c9e68c06ab039e00cbd7c502c83

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47958.exe
Filesize
184KB

MD5
daf3d0fddfa5f0ebd7ca860ca808c13b

SHA1
91caae893ad7e3bb46a0b80ddf3256fea46da268

SHA256
3ec6cba42b55ce8a8720671b7ac7111327c319321df453b3a79dc2ad459775cb

SHA512
6a4083dce76901edb703d91997e2ff0e8711711350acfea1f0ee325c54f831face54244029d38a99cbe1d8977b3e34684f5745748edbc3b04da67e24956e71b0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60210.exe
Filesize
184KB

MD5
73c03021c0ab6666886770788d3821c8

SHA1
5ee0ad8080fa9c4c3ee1b86e0c748796831c6e86

SHA256
0f7f5a2d4f39a20df57d2beee4aa0a3e47ba35116f39fe1dbcef4e97bc644352

SHA512
fe00f52471ef7f3f5e1828b90339ed1d711e254466f1f76c72bf4801b9975273a141ae4a3d2fdcac7e89c86858414ccc1dd4a50dbfe50e899b9a32fb0ef995d1

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads