9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
Size

184KB
MD5

a8286bcb8738945696b4de11c58e0418
SHA1

56053aadfcd7c66e3e9dc0b2a783a973fed316cf
SHA256

9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01
SHA512

13f9fe725b005a7168d4ea30d4002781977268ed928e9433bab8c0bd48791b0178462f3ea875713181a5580f1cf64940b20086820dcd62e35174986987d87b09
SSDEEP

3072:2n1PUTo1BI5xd+hYempLpvJEIvvAzJpxS+trv5quU8ehl2VOFknD:2nyo2/+hKLRJEI4N+vhl2VOFk

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-19103.exeUnicorn-47378.exeUnicorn-27512.exeUnicorn-30545.exeUnicorn-60695.exeUnicorn-54343.exeUnicorn-3916.exeUnicorn-10885.exeUnicorn-34399.exeUnicorn-34399.exeUnicorn-53620.exeUnicorn-453.exeUnicorn-56514.exeUnicorn-26328.exeUnicorn-15803.exeUnicorn-1050.exeUnicorn-18072.exeUnicorn-16763.exeUnicorn-1626.exeUnicorn-51671.exeUnicorn-47291.exeUnicorn-39938.exeUnicorn-56632.exeUnicorn-42647.exeUnicorn-9652.exeUnicorn-59668.exeUnicorn-36835.exeUnicorn-59896.exeUnicorn-62548.exeUnicorn-57427.exeUnicorn-11111.exeUnicorn-8125.exeUnicorn-15094.exeUnicorn-34960.exeUnicorn-17939.exeUnicorn-51021.exeUnicorn-31155.exeUnicorn-16403.exeUnicorn-52785.exeUnicorn-52785.exeUnicorn-15967.exeUnicorn-18742.exeUnicorn-16927.exeUnicorn-36496.exeUnicorn-60102.exeUnicorn-31026.exeUnicorn-24442.exeUnicorn-41100.exeUnicorn-21810.exeUnicorn-15963.exeUnicorn-13850.exeUnicorn-11006.exeUnicorn-53077.exeUnicorn-18459.exeUnicorn-4561.exeUnicorn-15614.exeUnicorn-64706.exeUnicorn-54037.exeUnicorn-54037.exeUnicorn-5521.exeUnicorn-51541.exeUnicorn-51193.exeUnicorn-5521.exeUnicorn-16923.exe

pid	process
2176	Unicorn-19103.exe
2676	Unicorn-47378.exe
2780	Unicorn-27512.exe
2500	Unicorn-30545.exe
2704	Unicorn-60695.exe
2628	Unicorn-54343.exe
2020	Unicorn-3916.exe
2844	Unicorn-10885.exe
912	Unicorn-34399.exe
2588	Unicorn-34399.exe
1564	Unicorn-53620.exe
2228	Unicorn-453.exe
2044	Unicorn-56514.exe
2068	Unicorn-26328.exe
1720	Unicorn-15803.exe
2908	Unicorn-1050.exe
2272	Unicorn-18072.exe
1876	Unicorn-16763.exe
480	Unicorn-1626.exe
2036	Unicorn-51671.exe
2444	Unicorn-47291.exe
1792	Unicorn-39938.exe
1316	Unicorn-56632.exe
1804	Unicorn-42647.exe
2920	Unicorn-9652.exe
604	Unicorn-59668.exe
2404	Unicorn-36835.exe
2304	Unicorn-59896.exe
1476	Unicorn-62548.exe
2944	Unicorn-57427.exe
2224	Unicorn-11111.exe
1888	Unicorn-8125.exe
1688	Unicorn-15094.exe
2620	Unicorn-34960.exe
3016	Unicorn-17939.exe
2488	Unicorn-51021.exe
2548	Unicorn-31155.exe
1704	Unicorn-16403.exe
3004	Unicorn-52785.exe
852	Unicorn-52785.exe
2864	Unicorn-15967.exe
2112	Unicorn-18742.exe
556	Unicorn-16927.exe
1948	Unicorn-36496.exe
1420	Unicorn-60102.exe
2104	Unicorn-31026.exe
1932	Unicorn-24442.exe
668	Unicorn-41100.exe
1468	Unicorn-21810.exe
1524	Unicorn-15963.exe
772	Unicorn-13850.exe
2876	Unicorn-11006.exe
1632	Unicorn-53077.exe
2360	Unicorn-18459.exe
2336	Unicorn-4561.exe
980	Unicorn-15614.exe
988	Unicorn-64706.exe
2408	Unicorn-54037.exe
1548	Unicorn-54037.exe
2144	Unicorn-5521.exe
2584	Unicorn-51541.exe
1584	Unicorn-51193.exe
2600	Unicorn-5521.exe
2264	Unicorn-16923.exe

Loads dropped DLL 64 IoCs

Processes:

9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exeUnicorn-19103.exeUnicorn-47378.exeUnicorn-27512.exeWerFault.exeUnicorn-30545.exeUnicorn-54343.exeUnicorn-60695.exeWerFault.exeWerFault.exeUnicorn-3916.exeUnicorn-34399.exeUnicorn-53620.exeUnicorn-10885.exeUnicorn-34399.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
2176	Unicorn-19103.exe
2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
2176	Unicorn-19103.exe
2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
2676	Unicorn-47378.exe
2676	Unicorn-47378.exe
2780	Unicorn-27512.exe
2780	Unicorn-27512.exe
2176	Unicorn-19103.exe
2176	Unicorn-19103.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2956	WerFault.exe
2500	Unicorn-30545.exe
2500	Unicorn-30545.exe
2676	Unicorn-47378.exe
2676	Unicorn-47378.exe
2628	Unicorn-54343.exe
2704	Unicorn-60695.exe
2704	Unicorn-60695.exe
2628	Unicorn-54343.exe
2780	Unicorn-27512.exe
2780	Unicorn-27512.exe
1244	WerFault.exe
1300	WerFault.exe
1244	WerFault.exe
1300	WerFault.exe
1244	WerFault.exe
1244	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1244	WerFault.exe
1300	WerFault.exe
2020	Unicorn-3916.exe
2020	Unicorn-3916.exe
2500	Unicorn-30545.exe
2500	Unicorn-30545.exe
912	Unicorn-34399.exe
912	Unicorn-34399.exe
2628	Unicorn-54343.exe
2628	Unicorn-54343.exe
1564	Unicorn-53620.exe
1564	Unicorn-53620.exe
2844	Unicorn-10885.exe
2844	Unicorn-10885.exe
2704	Unicorn-60695.exe
2588	Unicorn-34399.exe
2704	Unicorn-60695.exe
2588	Unicorn-34399.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
552	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1904	WerFault.exe
1512	WerFault.exe
1512	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2744	2212	WerFault.exe	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
2956	2176	WerFault.exe	Unicorn-19103.exe
1300	2676	WerFault.exe	Unicorn-47378.exe
1244	2780	WerFault.exe	Unicorn-27512.exe
552	2500	WerFault.exe	Unicorn-30545.exe
1512	2704	WerFault.exe	Unicorn-60695.exe
1904	2628	WerFault.exe	Unicorn-54343.exe
1636	2020	WerFault.exe	Unicorn-3916.exe
2164	912	WerFault.exe	Unicorn-34399.exe
2152	1564	WerFault.exe	Unicorn-53620.exe
2712	2844	WerFault.exe	Unicorn-10885.exe
2576	2588	WerFault.exe	Unicorn-34399.exe
1552	2228	WerFault.exe	Unicorn-453.exe
1212	2044	WerFault.exe	Unicorn-56514.exe
2064	2068	WerFault.exe	Unicorn-26328.exe
2080	1720	WerFault.exe	Unicorn-15803.exe
1124	2272	WerFault.exe	Unicorn-18072.exe
1472	480	WerFault.exe	Unicorn-1626.exe
2252	1876	WerFault.exe	Unicorn-16763.exe
2232	2036	WerFault.exe	Unicorn-51671.exe
1216	1792	WerFault.exe	Unicorn-39938.exe
2768	2444	WerFault.exe	Unicorn-47291.exe
2060	1316	WerFault.exe	Unicorn-56632.exe
944	2920	WerFault.exe	Unicorn-9652.exe
2348	604	WerFault.exe	Unicorn-59668.exe
1912	2404	WerFault.exe	Unicorn-36835.exe
2452	2304	WerFault.exe	Unicorn-59896.exe
1708	1476	WerFault.exe	Unicorn-62548.exe
2236	2944	WerFault.exe	Unicorn-57427.exe
788	2224	WerFault.exe	Unicorn-11111.exe
3028	1888	WerFault.exe	Unicorn-8125.exe
1080	1688	WerFault.exe	Unicorn-15094.exe
2896	2620	WerFault.exe	Unicorn-34960.exe
2168	3016	WerFault.exe	Unicorn-17939.exe
2372	2864	WerFault.exe	Unicorn-15967.exe
2380	3004	WerFault.exe	Unicorn-52785.exe
3012	2488	WerFault.exe	Unicorn-51021.exe
3052	2548	WerFault.exe	Unicorn-31155.exe
3080	2112	WerFault.exe	Unicorn-18742.exe
2992	852	WerFault.exe	Unicorn-52785.exe
3100	1704	WerFault.exe	Unicorn-16403.exe
3108	1948	WerFault.exe	Unicorn-36496.exe
3160	556	WerFault.exe	Unicorn-16927.exe
3152	1420	WerFault.exe	Unicorn-60102.exe
3648	1748	WerFault.exe	Unicorn-7420.exe
3660	2104	WerFault.exe	Unicorn-31026.exe
3920	668	WerFault.exe	Unicorn-41100.exe
3976	1932	WerFault.exe	Unicorn-24442.exe
4020	2492	WerFault.exe	Unicorn-33944.exe
4008	2408	WerFault.exe	Unicorn-54037.exe
4092	2584	WerFault.exe	Unicorn-51541.exe
4084	1344	WerFault.exe	Unicorn-32635.exe
3392	1632	WerFault.exe	Unicorn-53077.exe
3828	2336	WerFault.exe	Unicorn-4561.exe
3572	1524	WerFault.exe	Unicorn-15963.exe
3640	2876	WerFault.exe	Unicorn-11006.exe
3760	1468	WerFault.exe	Unicorn-21810.exe
3792	772	WerFault.exe	Unicorn-13850.exe
3880	2360	WerFault.exe	Unicorn-18459.exe
3332	980	WerFault.exe	Unicorn-15614.exe
3424	1276	WerFault.exe	Unicorn-15031.exe
3520	884	WerFault.exe	Unicorn-33553.exe
3488	1580	WerFault.exe	Unicorn-6547.exe
3916	2696	WerFault.exe	Unicorn-8363.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exeUnicorn-19103.exeUnicorn-47378.exeUnicorn-27512.exeUnicorn-30545.exeUnicorn-60695.exeUnicorn-54343.exeUnicorn-3916.exeUnicorn-10885.exeUnicorn-34399.exeUnicorn-53620.exeUnicorn-34399.exeUnicorn-453.exeUnicorn-56514.exeUnicorn-26328.exeUnicorn-15803.exeUnicorn-18072.exeUnicorn-1626.exeUnicorn-16763.exeUnicorn-51671.exeUnicorn-47291.exeUnicorn-39938.exeUnicorn-56632.exeUnicorn-42647.exeUnicorn-9652.exeUnicorn-59668.exeUnicorn-36835.exeUnicorn-59896.exeUnicorn-62548.exeUnicorn-11111.exeUnicorn-8125.exeUnicorn-15094.exeUnicorn-34960.exeUnicorn-17939.exeUnicorn-51021.exeUnicorn-31155.exeUnicorn-52785.exeUnicorn-16403.exeUnicorn-52785.exeUnicorn-15967.exeUnicorn-18742.exeUnicorn-16927.exeUnicorn-36496.exeUnicorn-60102.exeUnicorn-7420.exeUnicorn-31026.exeUnicorn-24442.exeUnicorn-41100.exeUnicorn-21810.exeUnicorn-15963.exeUnicorn-13850.exeUnicorn-11006.exeUnicorn-53077.exeUnicorn-18459.exeUnicorn-4561.exeUnicorn-15614.exeUnicorn-5521.exeUnicorn-5521.exeUnicorn-54037.exeUnicorn-64706.exeUnicorn-51541.exeUnicorn-54037.exeUnicorn-51193.exeUnicorn-16923.exe

pid	process
2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
2176	Unicorn-19103.exe
2676	Unicorn-47378.exe
2780	Unicorn-27512.exe
2500	Unicorn-30545.exe
2704	Unicorn-60695.exe
2628	Unicorn-54343.exe
2020	Unicorn-3916.exe
2844	Unicorn-10885.exe
912	Unicorn-34399.exe
1564	Unicorn-53620.exe
2588	Unicorn-34399.exe
2228	Unicorn-453.exe
2044	Unicorn-56514.exe
2068	Unicorn-26328.exe
1720	Unicorn-15803.exe
2272	Unicorn-18072.exe
480	Unicorn-1626.exe
1876	Unicorn-16763.exe
2036	Unicorn-51671.exe
2444	Unicorn-47291.exe
1792	Unicorn-39938.exe
1316	Unicorn-56632.exe
1804	Unicorn-42647.exe
2920	Unicorn-9652.exe
604	Unicorn-59668.exe
2404	Unicorn-36835.exe
2304	Unicorn-59896.exe
1476	Unicorn-62548.exe
2224	Unicorn-11111.exe
1888	Unicorn-8125.exe
1688	Unicorn-15094.exe
2620	Unicorn-34960.exe
3016	Unicorn-17939.exe
2488	Unicorn-51021.exe
2548	Unicorn-31155.exe
3004	Unicorn-52785.exe
1704	Unicorn-16403.exe
852	Unicorn-52785.exe
2864	Unicorn-15967.exe
2112	Unicorn-18742.exe
556	Unicorn-16927.exe
1948	Unicorn-36496.exe
1420	Unicorn-60102.exe
1748	Unicorn-7420.exe
2104	Unicorn-31026.exe
1932	Unicorn-24442.exe
668	Unicorn-41100.exe
1468	Unicorn-21810.exe
1524	Unicorn-15963.exe
772	Unicorn-13850.exe
2876	Unicorn-11006.exe
1632	Unicorn-53077.exe
2360	Unicorn-18459.exe
2336	Unicorn-4561.exe
980	Unicorn-15614.exe
2144	Unicorn-5521.exe
2600	Unicorn-5521.exe
2408	Unicorn-54037.exe
988	Unicorn-64706.exe
2584	Unicorn-51541.exe
1548	Unicorn-54037.exe
1584	Unicorn-51193.exe
2264	Unicorn-16923.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exeUnicorn-19103.exeUnicorn-47378.exeUnicorn-27512.exeUnicorn-30545.exeUnicorn-60695.exeUnicorn-54343.exeUnicorn-3916.exe

description	pid	process	target process
PID 2212 wrote to memory of 2176	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-19103.exe
PID 2212 wrote to memory of 2176	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-19103.exe
PID 2212 wrote to memory of 2176	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-19103.exe
PID 2212 wrote to memory of 2176	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-19103.exe
PID 2176 wrote to memory of 2676	2176	Unicorn-19103.exe	Unicorn-47378.exe
PID 2176 wrote to memory of 2676	2176	Unicorn-19103.exe	Unicorn-47378.exe
PID 2176 wrote to memory of 2676	2176	Unicorn-19103.exe	Unicorn-47378.exe
PID 2176 wrote to memory of 2676	2176	Unicorn-19103.exe	Unicorn-47378.exe
PID 2212 wrote to memory of 2780	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-27512.exe
PID 2212 wrote to memory of 2780	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-27512.exe
PID 2212 wrote to memory of 2780	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-27512.exe
PID 2212 wrote to memory of 2780	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	Unicorn-27512.exe
PID 2212 wrote to memory of 2744	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	WerFault.exe
PID 2212 wrote to memory of 2744	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	WerFault.exe
PID 2212 wrote to memory of 2744	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	WerFault.exe
PID 2212 wrote to memory of 2744	2212	9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe	WerFault.exe
PID 2676 wrote to memory of 2500	2676	Unicorn-47378.exe	Unicorn-30545.exe
PID 2676 wrote to memory of 2500	2676	Unicorn-47378.exe	Unicorn-30545.exe
PID 2676 wrote to memory of 2500	2676	Unicorn-47378.exe	Unicorn-30545.exe
PID 2676 wrote to memory of 2500	2676	Unicorn-47378.exe	Unicorn-30545.exe
PID 2780 wrote to memory of 2704	2780	Unicorn-27512.exe	Unicorn-60695.exe
PID 2780 wrote to memory of 2704	2780	Unicorn-27512.exe	Unicorn-60695.exe
PID 2780 wrote to memory of 2704	2780	Unicorn-27512.exe	Unicorn-60695.exe
PID 2780 wrote to memory of 2704	2780	Unicorn-27512.exe	Unicorn-60695.exe
PID 2176 wrote to memory of 2628	2176	Unicorn-19103.exe	Unicorn-54343.exe
PID 2176 wrote to memory of 2628	2176	Unicorn-19103.exe	Unicorn-54343.exe
PID 2176 wrote to memory of 2628	2176	Unicorn-19103.exe	Unicorn-54343.exe
PID 2176 wrote to memory of 2628	2176	Unicorn-19103.exe	Unicorn-54343.exe
PID 2176 wrote to memory of 2956	2176	Unicorn-19103.exe	WerFault.exe
PID 2176 wrote to memory of 2956	2176	Unicorn-19103.exe	WerFault.exe
PID 2176 wrote to memory of 2956	2176	Unicorn-19103.exe	WerFault.exe
PID 2176 wrote to memory of 2956	2176	Unicorn-19103.exe	WerFault.exe
PID 2500 wrote to memory of 2020	2500	Unicorn-30545.exe	Unicorn-3916.exe
PID 2500 wrote to memory of 2020	2500	Unicorn-30545.exe	Unicorn-3916.exe
PID 2500 wrote to memory of 2020	2500	Unicorn-30545.exe	Unicorn-3916.exe
PID 2500 wrote to memory of 2020	2500	Unicorn-30545.exe	Unicorn-3916.exe
PID 2676 wrote to memory of 2844	2676	Unicorn-47378.exe	Unicorn-10885.exe
PID 2676 wrote to memory of 2844	2676	Unicorn-47378.exe	Unicorn-10885.exe
PID 2676 wrote to memory of 2844	2676	Unicorn-47378.exe	Unicorn-10885.exe
PID 2676 wrote to memory of 2844	2676	Unicorn-47378.exe	Unicorn-10885.exe
PID 2704 wrote to memory of 2588	2704	Unicorn-60695.exe	Unicorn-34399.exe
PID 2704 wrote to memory of 2588	2704	Unicorn-60695.exe	Unicorn-34399.exe
PID 2704 wrote to memory of 2588	2704	Unicorn-60695.exe	Unicorn-34399.exe
PID 2704 wrote to memory of 2588	2704	Unicorn-60695.exe	Unicorn-34399.exe
PID 2628 wrote to memory of 912	2628	Unicorn-54343.exe	Unicorn-34399.exe
PID 2628 wrote to memory of 912	2628	Unicorn-54343.exe	Unicorn-34399.exe
PID 2628 wrote to memory of 912	2628	Unicorn-54343.exe	Unicorn-34399.exe
PID 2628 wrote to memory of 912	2628	Unicorn-54343.exe	Unicorn-34399.exe
PID 2780 wrote to memory of 1564	2780	Unicorn-27512.exe	Unicorn-53620.exe
PID 2780 wrote to memory of 1564	2780	Unicorn-27512.exe	Unicorn-53620.exe
PID 2780 wrote to memory of 1564	2780	Unicorn-27512.exe	Unicorn-53620.exe
PID 2780 wrote to memory of 1564	2780	Unicorn-27512.exe	Unicorn-53620.exe
PID 2780 wrote to memory of 1244	2780	Unicorn-27512.exe	WerFault.exe
PID 2780 wrote to memory of 1244	2780	Unicorn-27512.exe	WerFault.exe
PID 2780 wrote to memory of 1244	2780	Unicorn-27512.exe	WerFault.exe
PID 2780 wrote to memory of 1244	2780	Unicorn-27512.exe	WerFault.exe
PID 2676 wrote to memory of 1300	2676	Unicorn-47378.exe	WerFault.exe
PID 2676 wrote to memory of 1300	2676	Unicorn-47378.exe	WerFault.exe
PID 2676 wrote to memory of 1300	2676	Unicorn-47378.exe	WerFault.exe
PID 2676 wrote to memory of 1300	2676	Unicorn-47378.exe	WerFault.exe
PID 2020 wrote to memory of 2228	2020	Unicorn-3916.exe	Unicorn-453.exe
PID 2020 wrote to memory of 2228	2020	Unicorn-3916.exe	Unicorn-453.exe
PID 2020 wrote to memory of 2228	2020	Unicorn-3916.exe	Unicorn-453.exe
PID 2020 wrote to memory of 2228	2020	Unicorn-3916.exe	Unicorn-453.exe

C:\Users\Admin\AppData\Local\Temp\9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe
"C:\Users\Admin\AppData\Local\Temp\9715898871bbdf1e54b064a715243cebd14b3f6837561cbf1580c27ec0dcde01.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51671.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57427.exe
8⤵
- Executes dropped EXE
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7420.exe
9⤵
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49806.exe
10⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
11⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33036.exe
12⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
13⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51228.exe
14⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13486.exe
15⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
15⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
14⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
13⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
12⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43616.exe
11⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49889.exe
12⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59706.exe
13⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60978.exe
14⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
14⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
13⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
12⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
11⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41822.exe
10⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6201.exe
11⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5879.exe
12⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39216.exe
13⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
14⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 220
14⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
13⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 236
12⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
11⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
10⤵
- Program crash
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12151.exe
9⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
10⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46269.exe
11⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4633.exe
12⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42606.exe
13⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37378.exe
14⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-885.exe
15⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
15⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 220
14⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
13⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
12⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10471.exe
11⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
12⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
13⤵
PID:9980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
14⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9980 -s 216
14⤵
PID:12660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
13⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
12⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
11⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2994.exe
10⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3736.exe
11⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22048.exe
12⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
13⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
14⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
13⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 220
12⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
10⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
9⤵
- Program crash
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31026.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
9⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48507.exe
10⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25356.exe
11⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53596.exe
12⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55825.exe
13⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41532.exe
14⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43587.exe
15⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 220
14⤵
PID:11548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
13⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
12⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 236
11⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53238.exe
10⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
11⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40361.exe
12⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61817.exe
13⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 220
13⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
12⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
11⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
9⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31552.exe
10⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34414.exe
11⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53947.exe
12⤵
PID:8008

C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32044.exe
13⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8008 -s 216
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 216
12⤵
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
11⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
10⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 240
9⤵
- Program crash
PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
8⤵
- Program crash
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-11111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11111.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24442.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61783.exe
9⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16406.exe
10⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28086.exe
11⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43723.exe
12⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55286.exe
13⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10510.exe
14⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 236
14⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
13⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
12⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
11⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31297.exe
10⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34543.exe
11⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28208.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7971.exe
13⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
12⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
11⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36607.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40279.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18719.exe
11⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
12⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55468.exe
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 204
13⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 220
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
9⤵
- Program crash
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15031.exe
8⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54937.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18339.exe
10⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64259.exe
11⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
12⤵
PID:10204

C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33157.exe
13⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 204
13⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
12⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 220
11⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:5448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 236
9⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
8⤵
- Program crash
PID:788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
7⤵
- Program crash
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47291.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34960.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13850.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
9⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
10⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
11⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6709.exe
12⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6061.exe
13⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11660.exe
14⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
14⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
13⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
12⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
11⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16758.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12194.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25798.exe
11⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23261.exe
12⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24794.exe
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 204
13⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
12⤵
PID:11184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:5284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
9⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26152.exe
8⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44304.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9189.exe
10⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-47992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47992.exe
11⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
12⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30467.exe
13⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 220
13⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
12⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 236
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
10⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
9⤵
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
8⤵
- Program crash
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11006.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15239.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23007.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48702.exe
10⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37949.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-13919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13919.exe
12⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18236.exe
13⤵
PID:1696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
13⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
12⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
11⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4101.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47992.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-263.exe
11⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14398.exe
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
12⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
11⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4432 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
8⤵
- Program crash
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
7⤵
- Program crash
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
6⤵
- Program crash
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39938.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8125.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41100.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
9⤵
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37724.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56382.exe
11⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41255.exe
12⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
13⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10993.exe
14⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
14⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
13⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
12⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
11⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 236
10⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43763.exe
9⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5904.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3285.exe
11⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
12⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33880.exe
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 204
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
12⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
11⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
10⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
9⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35368.exe
8⤵
PID:2928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
8⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
7⤵
- Program crash
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15094.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
9⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52381.exe
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23686.exe
11⤵
PID:6568

C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
12⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
13⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
13⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6568 -s 216
12⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
11⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
10⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
9⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42227.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25298.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
11⤵
PID:9784

C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10528.exe
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9784 -s 216
12⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
11⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 220
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
8⤵
- Program crash
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8363.exe
7⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3652.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22307.exe
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
11⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51237.exe
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 236
12⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
11⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
9⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 216
8⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:1080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
6⤵
- Program crash
PID:1212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18072.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36835.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15967.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30694.exe
9⤵
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
11⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3330.exe
12⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42503.exe
13⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36920.exe
14⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 204
14⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 216
13⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
12⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 236
11⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 236
10⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31880.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33409.exe
10⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
11⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11629.exe
12⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45381.exe
13⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
13⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
9⤵
- Program crash
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6272.exe
8⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4581.exe
10⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54297.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
12⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17844.exe
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
13⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 220
12⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12050.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3335.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13148.exe
12⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
12⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 220
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
10⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
8⤵
- Program crash
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64706.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38831.exe
8⤵
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22818.exe
9⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19546.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55447.exe
11⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 216
12⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 216
9⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4343.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36305.exe
10⤵
PID:7324

C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
11⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
11⤵
PID:9420

C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28481.exe
12⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7324 -s 212
11⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 216
10⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 240
8⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
7⤵
- Program crash
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42322.exe
7⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16168.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39755.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63688.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53956.exe
11⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33737.exe
12⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 204
12⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 220
11⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57933.exe
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27100.exe
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22225.exe
10⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59877.exe
11⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 236
11⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5360 -s 216
10⤵
PID:10612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
9⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 220
8⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 220
7⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
6⤵
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
5⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42647.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21810.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
8⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20895.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26742.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30978.exe
11⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
12⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16700.exe
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
13⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
12⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
11⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45216.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42924.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36205.exe
11⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42521.exe
12⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 236
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4677.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-18017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18017.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58889.exe
11⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58790.exe
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
12⤵
PID:9148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
11⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4704 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
8⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31155.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25562.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15781.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15513.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54570.exe
11⤵
PID:9552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9054.exe
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9552 -s 216
12⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15051.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
10⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38744.exe
11⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
10⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 220
8⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
7⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55208.exe
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61766.exe
10⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1655.exe
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 236
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
10⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
7⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
6⤵
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9652.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-51021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51021.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54037.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15798.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14836.exe
10⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56267.exe
11⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 220
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
11⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 236
10⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
8⤵
- Program crash
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9344.exe
7⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42566.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19920.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8290.exe
10⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59565.exe
11⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 216
8⤵
PID:4328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
- Program crash
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51193.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
7⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64582.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57275.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30716.exe
10⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11346.exe
11⤵
PID:9688

C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14827.exe
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9688 -s 204
12⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
11⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
8⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48749.exe
7⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
9⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37193.exe
10⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37544.exe
11⤵
PID:8436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
9⤵
PID:8804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
8⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
7⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
6⤵
- Program crash
PID:944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
5⤵
- Program crash
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15803.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59668.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16403.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51541.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
8⤵
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42792.exe
9⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13247.exe
11⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20511.exe
12⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25275.exe
13⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
13⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
10⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 236
9⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
8⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56516.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
8⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4919.exe
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59110.exe
10⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25362.exe
11⤵
PID:10064

C:\Users\Admin\AppData\Local\Temp\Unicorn-60032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60032.exe
12⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 220
11⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
10⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 216
8⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
7⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
6⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39791.exe
7⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21474.exe
8⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10905.exe
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-2323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2323.exe
10⤵
PID:9624

C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55415.exe
11⤵
PID:12412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
11⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
10⤵
PID:10500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 236
9⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
8⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44717.exe
7⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4312.exe
8⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
9⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59928.exe
10⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40035.exe
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 204
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
10⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 220
9⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
8⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 220
7⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
6⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5521.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36977.exe
6⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41061.exe
7⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47166.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40546.exe
9⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16172.exe
10⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47298.exe
11⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
11⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
10⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
9⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 216
7⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
6⤵
- Program crash
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
5⤵
- Program crash
PID:2080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52785.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
8⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58850.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51592.exe
10⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6357.exe
11⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24773.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42336.exe
13⤵
PID:924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 204
13⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
12⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18545.exe
9⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39175.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32770.exe
11⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36142.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 204
12⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 216
10⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55401.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15749.exe
11⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57325.exe
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
9⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
8⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
7⤵
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50210.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17763.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50598.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4874.exe
12⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
11⤵
PID:10924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 236
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
7⤵
- Program crash
PID:2380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 236
6⤵
- Program crash
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59896.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16927.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33944.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8348.exe
8⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40454.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
11⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29929.exe
12⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51792.exe
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 216
13⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
12⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
9⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
8⤵
- Program crash
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58052.exe
7⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 220
8⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
7⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32635.exe
6⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20406.exe
7⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4759.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60936.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25136.exe
10⤵
PID:9336

C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
11⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9336 -s 220
11⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
8⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 236
7⤵
- Program crash
PID:4084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
6⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
5⤵
- Program crash
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16763.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62548.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36496.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16923.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56044.exe
8⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29004.exe
9⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8515.exe
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-3798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3798.exe
11⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
12⤵
PID:9820

C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63444.exe
12⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 212
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 220
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
10⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 236
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10098.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8951.exe
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55054.exe
10⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5859.exe
11⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59984.exe
12⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
12⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
11⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 220
10⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 216
9⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
8⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17429.exe
7⤵
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
8⤵
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 224
9⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
7⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14078.exe
6⤵
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27674.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-874.exe
8⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2421.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60666.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64696.exe
11⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
9⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 216
8⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28463.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36365.exe
8⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16833.exe
9⤵
PID:8064

C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10253.exe
10⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8064 -s 236
10⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
9⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
8⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
7⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 240
6⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60102.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13414.exe
6⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30170.exe
7⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46793.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30742.exe
9⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45838.exe
10⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37629.exe
11⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45856.exe
12⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
10⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
8⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30959.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52060.exe
8⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28709.exe
9⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59939.exe
10⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3603.exe
11⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 216
11⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
10⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
9⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
7⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7808.exe
6⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48329.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49714.exe
8⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13170.exe
9⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51142.exe
10⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
10⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
9⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
8⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
7⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
6⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
5⤵
- Program crash
PID:2252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
4⤵
- Executes dropped EXE
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56632.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17939.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53077.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53771.exe
7⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53453.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3045.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17235.exe
10⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
11⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41190.exe
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9988 -s 204
12⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
11⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 236
10⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2617.exe
7⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34540.exe
8⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4297.exe
9⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47526.exe
10⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50661.exe
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
11⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
10⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
8⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 220
7⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60112.exe
6⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59426.exe
7⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35521.exe
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54701.exe
9⤵
PID:7200

C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55013.exe
10⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14602.exe
11⤵
PID:1516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 216
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7200 -s 216
10⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
9⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
8⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 236
7⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
6⤵
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15614.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
6⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17704.exe
7⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40320.exe
8⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5934.exe
9⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24511.exe
10⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 220
10⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
9⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
8⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 216
7⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46546.exe
6⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31925.exe
7⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-202.exe
8⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27453.exe
9⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1776.exe
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 216
9⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
8⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
7⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
6⤵
- Program crash
PID:3332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
5⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
4⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
2⤵
- Program crash
PID:2744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-34399.exe
Filesize
184KB

MD5
ec061476bedb02b54b6aa081011a9be3

SHA1
1d9f3dd7f08baf7bd3d1a91e341dadc3f548e4f4

SHA256
0b08d8b8e5f646d933b1c29859306e388ae44cf2dd73d502351c7ab5a890c759

SHA512
628cc12d26448cb9f6a686c2476f222443177ddb67c5c6cc00af57637bea2d0d21d04ab5328e0d8e1e4fa5ccb196ea6547df3630f86b1501c1725f9ca3bb2cb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47915.exe
Filesize
184KB

MD5
d3997f05bb9013dc7ea5f5d76072bf22

SHA1
4d9f24390cddac344062c79553e843d97ba2784a

SHA256
0c7f34cc80cd1b6f5e569c2f22a423848599d4721af7fde7d97b4c88300b2832

SHA512
261576ede475e342cff861eaa1f819855e59c8c6face88cdc3e5510b5b1e018f5ea86299cce6f22c096049f5ac5a2aada8ce7905c719755fe51fcf81955532e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49784.exe
Filesize
184KB

MD5
6e3bb878320d16d4f9b2c4404eac7d7c

SHA1
7588a61c4db332e97f7467cb418dab16c92da9b2

SHA256
7cefee08fbf37ae11222cd13d381aaf35718b6127f628b297cf4b2276bd70fab

SHA512
efe51cae2b48f0c1d7ff6a8dbe2652e6d10053d7fbafa3c458031c524287f3adfe24f162ecd01558995cc4335554d29cf3265a7cf89bff8f50d9bbcdd5fc466a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54343.exe
Filesize
184KB

MD5
296afcdd955a8a0a98d6eb490a7856c2

SHA1
a2fb6fc1eaf372cc2d28aedcf73cfd55f3eeebba

SHA256
afbdebe1776666aecc351d400b436282699d580a3b6e477a73005b475190a8d3

SHA512
64539a43d8b624c989218296389f86f53a9f39796f669d3692ea5eb1fb8aee188897f4dd8f2aedf905ab8cb0943e838d04da48251ff68163882402888130c976

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5593.exe
Filesize
184KB

MD5
535852ec8af7128e10a9b633b3826bd0

SHA1
52986ba17be0167d62ffdc39dac4ed412b68fad0

SHA256
7209228f2992b73d3973780edd050813c17a6109b2b47e989cbe6618d0fdccd3

SHA512
6f041da5509e73cd2511e408afab4415240958fb2f5403399906a15a48beb5a506b44766737e7621615b1433fc57a4bbd84b9daba6e7257741e1389196a2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56514.exe
Filesize
184KB

MD5
8d08dd343d613706f841552038282e65

SHA1
98cd6e4508d6e5540d0ffa99374ff7e6551d7ccb

SHA256
b26ada299e76c8e6b4acb8b2295dfd079171096d45686dec3207a2628f643e8e

SHA512
2467ef1dc77496a178e40539cef1ccae5418f7c825268750ae313849f1a165c9612ae932d7337af79d5e44a35e3187eb73d5a854f22ac81787171fd6203a5282

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
Filesize
184KB

MD5
cd24c7f1b87b0f28cd97aa6c01805679

SHA1
eaadee0aa37aca58414bf5ec0c20c8543f7aecc4

SHA256
b6d46b6cade305e9a31a296c2e690a6b71a0e282ba6a87b3cea0de4ec08171d6

SHA512
fe5f8db46fa41c5500040c56b2e25b4517897c931bc4bb476c162113bced2bdf5bdba1aad63cc55fbbe2ef438eef60212344f52d612d94893be4e756559e7428

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7299.exe
Filesize
184KB

MD5
c94c7576bafe82d4e5a8e842fc615d03

SHA1
b900c6870423705d73865d0abd1675a9be5385ad

SHA256
e80865381d43655c05dd0e6282eb650f36ee4c735c66d7ebe4f7a193ac59f9ae

SHA512
1dbac44ff1fcbeb5f0031ba2f502d7f4de099d43e418eb433149651d125b81c3859c7d3d5c3c5ca1d160f0aa1aec925564353b33719427b20b32e407007468c8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10885.exe
Filesize
184KB

MD5
7b2f1cd2f6d29c80c7733eae5c1111ee

SHA1
43585c12f01e1d8426e5cf4a520a4431874e234d

SHA256
ff1a67605fbf4c8d003af4099f9d001c4846a0e3ed6b8384c2720f5ed2ebe2c3

SHA512
26f22c95b79548e851988f3585e330357410a5188582c48fb65b83b45ca5c37db09efcc9b86f6ed2d42d08865c8f608faef2aa12258c38b030d5c7a1830bfa3d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19103.exe
Filesize
184KB

MD5
21447d5eb83355b0d851bb5d728fee99

SHA1
929f7e10ad2a65e9edb71d26a7befbbc9de5fb7b

SHA256
cb6c4f9d4143dc870e3c240a4ec0edab38e63c913a1b529f5cf104533ffaf1fb

SHA512
e3072b38357a180964c7b73f3ffc443c1f85840edecc8fe4be4cea7d6d6ac7a6dfb019bd9783542c5ef19075bb28fe9fe6c519fca15f9330e5cf241e326f03b5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26328.exe
Filesize
184KB

MD5
90364c6f3b86f1f059d2bab8e7bf198f

SHA1
690118b7a0bb26d4ac7b0d62b9232d3ab1a64286

SHA256
4ce3816253ede000077831a9cde38634d3f4974b4e234c936790b9a5dc6da8c3

SHA512
84411237b4ce319d7ef6af550afd04fe67681521ddca5ff156aed0ade593f5f04bb76673798294b8783e4b9b7a21ad3877a133e9b3a79ee3fd05e8048a6d761d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27512.exe
Filesize
184KB

MD5
c9d0934ac422df3def7861718e4ddf97

SHA1
67fd70434c7133ecca1826ec5b951be8845e4dff

SHA256
2ba66bc318dba00cf6788cd4715fe54202325148f315fa4fa6ea4037faef60e0

SHA512
6e81c2f557544994540e131940188c8e134d3637657a2f274b8c7ab3a8b3b195e08c758769134ea99f0c3fbc607de0c12e60ba24edd290dbb8a3746f96bb8a52

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30545.exe
Filesize
184KB

MD5
2725841090a2bbd53570ea30b72326a1

SHA1
ca45d757ce3a80f3623df9ee6b58a542efb7ca7a

SHA256
52105eb17b141d177c6a8a1530a6d6393d5f6c44d3c26b482551427534f093fd

SHA512
b5c4968b73db70eb65bef6a4660b522889e71f75ab5f20fe35c7973d16d32fa8784bad45ef959cd6731d75334d7098a546e381d04b9cc6e95428018173125902

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3916.exe
Filesize
184KB

MD5
3d18c9699a95a5e1daba7a73244eadcc

SHA1
23abfe6d899df078baceba2c3ee8cfb010118e27

SHA256
f845e9043714263a73e0331df04151366bfe3608338f62ab31c410ceeec6249e

SHA512
3ff0faf3f34ffcbd06c9e44fc070365184ff529d270db03e8556c51ec34ba9f0c7e7742477af50ae74c6add61ad04d48b4bfe98496f72a820de050e19bc9c708

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-453.exe
Filesize
184KB

MD5
fcbc62f5f0dadfb50a5ba83a6ff58438

SHA1
88cf3c30ce6e05c8f39ac1d24f7e6f223a1b2372

SHA256
abe1baf9f8f8d796fa749d6308089600471f8ca45e42dc1f8b30f3c044514ea9

SHA512
b5b22b01024ba82b25cec95215bbaf253d2e6e03de3fd6f7be75c29a279a960b7cc4391d29cfbd9335675cda8a0b98f82e875aa2e472dc5c5c05400401891770

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47378.exe
Filesize
184KB

MD5
b68ad2468c2a0f618c91c94ab4263f0b

SHA1
5ad66195da55c5ae41b3752c9410a9a9117862d8

SHA256
968cd3b18d194d992e927c7185f512d8a2dd5e52a62d42aa4dc012b6d98ee326

SHA512
1e78430e3f48a94b7f1e430b0cc05aefd19b59aa57adba05b4fac6834866c620c70c10b540bb96498640ce1b44284474b90b8af18a36602931785f4bdedeef43

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53620.exe
Filesize
184KB

MD5
e3c0ef328fd8e9c03d395363bbaf38f8

SHA1
4b50a41637deab1302098797333786d49eb4a42c

SHA256
dbde7f01f6bd502e3066e546721fa876e89aa92c540287d7fc89f8a603b63dae

SHA512
fb75f2777d2e5c6c4de89fd662e3f58a6946b40d9c7d114b62577ab4cf983ca1ec7d5eac011005584708f337dc71de2e83028eac688d30b6dc0a39cc439ff951

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60695.exe
Filesize
184KB

MD5
bc5f1449c099721ce07f2be88255aa2a

SHA1
e083324ede593917476d6e83eac83ddf68c90d0a

SHA256
7eb438a137bf9cdee42ba02725af15915f4e9a1773fc57c387348062d1f2ce29

SHA512
839912d1706a8f7eea4f166137f246f06c9cd76b69e56148c149720c841c058a7c8f989076ead5f8cf1d18d0f9b1c360eba54b466e66f1841dfb528c4e52d180

Download Submit
memory/2944-893-0x0000000002890000-0x00000000029EC000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads