8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
Size

184KB
MD5

8d4411dc79138733e055c4dc3e39a854
SHA1

5ac16b4ce7accfab1e3d3d4a581dac880e2a65e3
SHA256

8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829
SHA512

223985cc53b0f6413911c1bbaa0e2c8a4f4d03ef74dc4cb413493fdee4c9e36f49d6f0255e40971e4100c3e87f56078ae1db31c6e0ff7a253248843db4c643c3
SSDEEP

3072:xoe3Y8of7chTdFwWe7wLD6sahlnViFFn3:xo+oKJFw6LWsahlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-59916.exeUnicorn-40835.exeUnicorn-60701.exeUnicorn-6665.exeUnicorn-9213.exeUnicorn-11138.exeUnicorn-61425.exeUnicorn-44108.exeUnicorn-25323.exeUnicorn-38945.exeUnicorn-57206.exeUnicorn-41977.exeUnicorn-53061.exeUnicorn-5874.exeUnicorn-43902.exeUnicorn-63767.exeUnicorn-16630.exeUnicorn-22638.exeUnicorn-42504.exeUnicorn-52165.exeUnicorn-32299.exeUnicorn-41675.exeUnicorn-3325.exeUnicorn-39392.exeUnicorn-65266.exeUnicorn-5738.exeUnicorn-31612.exeUnicorn-51478.exeUnicorn-55537.exeUnicorn-43294.exeUnicorn-49372.exeUnicorn-27115.exeUnicorn-25910.exeUnicorn-19766.exeUnicorn-2517.exeUnicorn-32075.exeUnicorn-13622.exeUnicorn-54287.exeUnicorn-54287.exeUnicorn-30961.exeUnicorn-36969.exeUnicorn-49191.exeUnicorn-19787.exeUnicorn-5999.exeUnicorn-49389.exeUnicorn-32695.exeUnicorn-44812.exeUnicorn-63442.exeUnicorn-32171.exeUnicorn-4926.exeUnicorn-14075.exeUnicorn-64319.exeUnicorn-37977.exeUnicorn-57843.exeUnicorn-36742.exeUnicorn-23578.exeUnicorn-50464.exeUnicorn-16386.exeUnicorn-44320.exeUnicorn-13380.exeUnicorn-11289.exeUnicorn-12428.exeUnicorn-1354.exeUnicorn-21220.exe

pid	process
2120	Unicorn-59916.exe
2356	Unicorn-40835.exe
2988	Unicorn-60701.exe
2532	Unicorn-6665.exe
2708	Unicorn-9213.exe
2208	Unicorn-11138.exe
1628	Unicorn-61425.exe
2772	Unicorn-44108.exe
2412	Unicorn-25323.exe
2488	Unicorn-38945.exe
2444	Unicorn-57206.exe
1284	Unicorn-41977.exe
1352	Unicorn-53061.exe
2620	Unicorn-5874.exe
1716	Unicorn-43902.exe
2884	Unicorn-63767.exe
484	Unicorn-16630.exe
560	Unicorn-22638.exe
1480	Unicorn-42504.exe
1996	Unicorn-52165.exe
1752	Unicorn-32299.exe
1772	Unicorn-41675.exe
1492	Unicorn-3325.exe
800	Unicorn-39392.exe
916	Unicorn-65266.exe
2996	Unicorn-5738.exe
2372	Unicorn-31612.exe
1756	Unicorn-51478.exe
1940	Unicorn-55537.exe
2144	Unicorn-43294.exe
2668	Unicorn-49372.exe
2736	Unicorn-27115.exe
3024	Unicorn-25910.exe
2776	Unicorn-19766.exe
2520	Unicorn-2517.exe
2632	Unicorn-32075.exe
2344	Unicorn-13622.exe
2592	Unicorn-54287.exe
2512	Unicorn-54287.exe
2712	Unicorn-30961.exe
3032	Unicorn-36969.exe
1624	Unicorn-49191.exe
2428	Unicorn-19787.exe
1812	Unicorn-5999.exe
1320	Unicorn-49389.exe
2252	Unicorn-32695.exe
2240	Unicorn-44812.exe
1620	Unicorn-63442.exe
2296	Unicorn-32171.exe
2148	Unicorn-4926.exe
764	Unicorn-14075.exe
304	Unicorn-64319.exe
568	Unicorn-37977.exe
2820	Unicorn-57843.exe
608	Unicorn-36742.exe
1036	Unicorn-23578.exe
2180	Unicorn-50464.exe
2720	Unicorn-16386.exe
888	Unicorn-44320.exe
2724	Unicorn-13380.exe
2828	Unicorn-11289.exe
2544	Unicorn-12428.exe
1668	Unicorn-1354.exe
2404	Unicorn-21220.exe

Loads dropped DLL 64 IoCs

Processes:

8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exeUnicorn-59916.exeUnicorn-40835.exeUnicorn-60701.exeWerFault.exeUnicorn-6665.exeUnicorn-11138.exeUnicorn-9213.exeWerFault.exeWerFault.exeUnicorn-61425.exeUnicorn-25323.exeUnicorn-44108.exeUnicorn-38945.exeUnicorn-57206.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
2120	Unicorn-59916.exe
2120	Unicorn-59916.exe
2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
2356	Unicorn-40835.exe
2356	Unicorn-40835.exe
2988	Unicorn-60701.exe
2988	Unicorn-60701.exe
2120	Unicorn-59916.exe
2120	Unicorn-59916.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2940	WerFault.exe
2532	Unicorn-6665.exe
2532	Unicorn-6665.exe
2356	Unicorn-40835.exe
2356	Unicorn-40835.exe
2208	Unicorn-11138.exe
2208	Unicorn-11138.exe
2708	Unicorn-9213.exe
2708	Unicorn-9213.exe
2988	Unicorn-60701.exe
2988	Unicorn-60701.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
2332	WerFault.exe
628	WerFault.exe
1628	Unicorn-61425.exe
2532	Unicorn-6665.exe
1628	Unicorn-61425.exe
2532	Unicorn-6665.exe
2412	Unicorn-25323.exe
2412	Unicorn-25323.exe
2208	Unicorn-11138.exe
2208	Unicorn-11138.exe
2772	Unicorn-44108.exe
2772	Unicorn-44108.exe
2488	Unicorn-38945.exe
2488	Unicorn-38945.exe
2708	Unicorn-9213.exe
2708	Unicorn-9213.exe
2444	Unicorn-57206.exe
2444	Unicorn-57206.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
1816	WerFault.exe
652	WerFault.exe
652	WerFault.exe
652	WerFault.exe
652	WerFault.exe
652	WerFault.exe
448	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2672	2848	WerFault.exe	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
2940	2120	WerFault.exe	Unicorn-59916.exe
2332	2356	WerFault.exe	Unicorn-40835.exe
628	2988	WerFault.exe	Unicorn-60701.exe
1816	2532	WerFault.exe	Unicorn-6665.exe
652	2208	WerFault.exe	Unicorn-11138.exe
448	2708	WerFault.exe	Unicorn-9213.exe
1600	1628	WerFault.exe	Unicorn-61425.exe
1916	2412	WerFault.exe	Unicorn-25323.exe
2852	2772	WerFault.exe	Unicorn-44108.exe
1584	2488	WerFault.exe	Unicorn-38945.exe
3020	2444	WerFault.exe	Unicorn-57206.exe
1184	1284	WerFault.exe	Unicorn-41977.exe
1088	1352	WerFault.exe	Unicorn-53061.exe
1124	2620	WerFault.exe	Unicorn-5874.exe
2264	484	WerFault.exe	Unicorn-16630.exe
1152	2884	WerFault.exe	Unicorn-63767.exe
1908	1480	WerFault.exe	Unicorn-42504.exe
540	1716	WerFault.exe	Unicorn-43902.exe
596	560	WerFault.exe	Unicorn-22638.exe
2160	1996	WerFault.exe	Unicorn-52165.exe
344	1752	WerFault.exe	Unicorn-32299.exe
2416	1772	WerFault.exe	Unicorn-41675.exe
2696	1492	WerFault.exe	Unicorn-3325.exe
856	1756	WerFault.exe	Unicorn-51478.exe
1708	916	WerFault.exe	Unicorn-65266.exe
2168	2372	WerFault.exe	Unicorn-31612.exe
884	800	WerFault.exe	Unicorn-39392.exe
2576	1256	WerFault.exe	Unicorn-64335.exe
1060	2144	WerFault.exe	Unicorn-43294.exe
2436	2668	WerFault.exe	Unicorn-49372.exe
1636	2776	WerFault.exe	Unicorn-19766.exe
1476	2520	WerFault.exe	Unicorn-2517.exe
1364	2344	WerFault.exe	Unicorn-13622.exe
1180	2512	WerFault.exe	Unicorn-54287.exe
2128	2428	WerFault.exe	Unicorn-19787.exe
2552	1812	WerFault.exe	Unicorn-5999.exe
2124	3032	WerFault.exe	Unicorn-36969.exe
2528	3024	WerFault.exe	Unicorn-25910.exe
1280	2632	WerFault.exe	Unicorn-32075.exe
1808	2592	WerFault.exe	Unicorn-54287.exe
3120	1624	WerFault.exe	Unicorn-49191.exe
3136	2736	WerFault.exe	Unicorn-27115.exe
3168	2712	WerFault.exe	Unicorn-30961.exe
3584	1320	WerFault.exe	Unicorn-49389.exe
3800	2404	WerFault.exe	Unicorn-21220.exe
3808	764	WerFault.exe	Unicorn-14075.exe
3836	568	WerFault.exe	Unicorn-37977.exe
4080	2544	WerFault.exe	Unicorn-12428.exe
3544	2148	WerFault.exe	Unicorn-4926.exe
3696	1864	WerFault.exe	Unicorn-9738.exe
3712	608	WerFault.exe	Unicorn-36742.exe
3772	2820	WerFault.exe	Unicorn-57843.exe
3944	2296	WerFault.exe	Unicorn-32171.exe
4040	2180	WerFault.exe	Unicorn-50464.exe
3540	1668	WerFault.exe	Unicorn-1354.exe
3580	2828	WerFault.exe	Unicorn-11289.exe
3652	1608	WerFault.exe	Unicorn-34443.exe
3636	2804	WerFault.exe	Unicorn-45160.exe
3752	1748	WerFault.exe	Unicorn-38139.exe
4116	1036	WerFault.exe	Unicorn-23578.exe
4124	2860	WerFault.exe	Unicorn-42021.exe
4140	1140	WerFault.exe	Unicorn-23851.exe
4132	1972	WerFault.exe	Unicorn-26375.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exeUnicorn-59916.exeUnicorn-40835.exeUnicorn-60701.exeUnicorn-6665.exeUnicorn-9213.exeUnicorn-11138.exeUnicorn-61425.exeUnicorn-44108.exeUnicorn-25323.exeUnicorn-38945.exeUnicorn-57206.exeUnicorn-41977.exeUnicorn-53061.exeUnicorn-5874.exeUnicorn-43902.exeUnicorn-63767.exeUnicorn-16630.exeUnicorn-22638.exeUnicorn-42504.exeUnicorn-52165.exeUnicorn-32299.exeUnicorn-41675.exeUnicorn-3325.exeUnicorn-39392.exeUnicorn-5738.exeUnicorn-65266.exeUnicorn-31612.exeUnicorn-51478.exeUnicorn-55537.exeUnicorn-43294.exeUnicorn-49372.exeUnicorn-27115.exeUnicorn-25910.exeUnicorn-19766.exeUnicorn-2517.exeUnicorn-32075.exeUnicorn-13622.exeUnicorn-54287.exeUnicorn-54287.exeUnicorn-30961.exeUnicorn-36969.exeUnicorn-49191.exeUnicorn-19787.exeUnicorn-5999.exeUnicorn-49389.exeUnicorn-32695.exeUnicorn-44812.exeUnicorn-63442.exeUnicorn-32171.exeUnicorn-4926.exeUnicorn-14075.exeUnicorn-64319.exeUnicorn-37977.exeUnicorn-57843.exeUnicorn-36742.exeUnicorn-23578.exeUnicorn-50464.exeUnicorn-16386.exeUnicorn-44320.exeUnicorn-13380.exeUnicorn-11289.exeUnicorn-12428.exeUnicorn-21220.exe

pid	process
2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
2120	Unicorn-59916.exe
2356	Unicorn-40835.exe
2988	Unicorn-60701.exe
2532	Unicorn-6665.exe
2708	Unicorn-9213.exe
2208	Unicorn-11138.exe
1628	Unicorn-61425.exe
2772	Unicorn-44108.exe
2412	Unicorn-25323.exe
2488	Unicorn-38945.exe
2444	Unicorn-57206.exe
1284	Unicorn-41977.exe
1352	Unicorn-53061.exe
2620	Unicorn-5874.exe
1716	Unicorn-43902.exe
2884	Unicorn-63767.exe
484	Unicorn-16630.exe
560	Unicorn-22638.exe
1480	Unicorn-42504.exe
1996	Unicorn-52165.exe
1752	Unicorn-32299.exe
1772	Unicorn-41675.exe
1492	Unicorn-3325.exe
800	Unicorn-39392.exe
2996	Unicorn-5738.exe
916	Unicorn-65266.exe
2372	Unicorn-31612.exe
1756	Unicorn-51478.exe
1940	Unicorn-55537.exe
2144	Unicorn-43294.exe
2668	Unicorn-49372.exe
2736	Unicorn-27115.exe
3024	Unicorn-25910.exe
2776	Unicorn-19766.exe
2520	Unicorn-2517.exe
2632	Unicorn-32075.exe
2344	Unicorn-13622.exe
2592	Unicorn-54287.exe
2512	Unicorn-54287.exe
2712	Unicorn-30961.exe
3032	Unicorn-36969.exe
1624	Unicorn-49191.exe
2428	Unicorn-19787.exe
1812	Unicorn-5999.exe
1320	Unicorn-49389.exe
2252	Unicorn-32695.exe
2240	Unicorn-44812.exe
1620	Unicorn-63442.exe
2296	Unicorn-32171.exe
2148	Unicorn-4926.exe
764	Unicorn-14075.exe
304	Unicorn-64319.exe
568	Unicorn-37977.exe
2820	Unicorn-57843.exe
608	Unicorn-36742.exe
1036	Unicorn-23578.exe
2180	Unicorn-50464.exe
2720	Unicorn-16386.exe
888	Unicorn-44320.exe
2724	Unicorn-13380.exe
2828	Unicorn-11289.exe
2544	Unicorn-12428.exe
2404	Unicorn-21220.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exeUnicorn-59916.exeUnicorn-40835.exeUnicorn-60701.exeUnicorn-6665.exeUnicorn-11138.exeUnicorn-9213.exeUnicorn-61425.exe

description	pid	process	target process
PID 2848 wrote to memory of 2120	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-59916.exe
PID 2848 wrote to memory of 2120	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-59916.exe
PID 2848 wrote to memory of 2120	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-59916.exe
PID 2848 wrote to memory of 2120	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-59916.exe
PID 2120 wrote to memory of 2988	2120	Unicorn-59916.exe	Unicorn-60701.exe
PID 2848 wrote to memory of 2356	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-40835.exe
PID 2120 wrote to memory of 2988	2120	Unicorn-59916.exe	Unicorn-60701.exe
PID 2120 wrote to memory of 2988	2120	Unicorn-59916.exe	Unicorn-60701.exe
PID 2848 wrote to memory of 2356	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-40835.exe
PID 2120 wrote to memory of 2988	2120	Unicorn-59916.exe	Unicorn-60701.exe
PID 2848 wrote to memory of 2356	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-40835.exe
PID 2848 wrote to memory of 2356	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	Unicorn-40835.exe
PID 2848 wrote to memory of 2672	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	WerFault.exe
PID 2848 wrote to memory of 2672	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	WerFault.exe
PID 2848 wrote to memory of 2672	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	WerFault.exe
PID 2848 wrote to memory of 2672	2848	8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe	WerFault.exe
PID 2356 wrote to memory of 2532	2356	Unicorn-40835.exe	Unicorn-6665.exe
PID 2356 wrote to memory of 2532	2356	Unicorn-40835.exe	Unicorn-6665.exe
PID 2356 wrote to memory of 2532	2356	Unicorn-40835.exe	Unicorn-6665.exe
PID 2356 wrote to memory of 2532	2356	Unicorn-40835.exe	Unicorn-6665.exe
PID 2988 wrote to memory of 2708	2988	Unicorn-60701.exe	Unicorn-9213.exe
PID 2988 wrote to memory of 2708	2988	Unicorn-60701.exe	Unicorn-9213.exe
PID 2988 wrote to memory of 2708	2988	Unicorn-60701.exe	Unicorn-9213.exe
PID 2988 wrote to memory of 2708	2988	Unicorn-60701.exe	Unicorn-9213.exe
PID 2120 wrote to memory of 2208	2120	Unicorn-59916.exe	Unicorn-11138.exe
PID 2120 wrote to memory of 2208	2120	Unicorn-59916.exe	Unicorn-11138.exe
PID 2120 wrote to memory of 2208	2120	Unicorn-59916.exe	Unicorn-11138.exe
PID 2120 wrote to memory of 2208	2120	Unicorn-59916.exe	Unicorn-11138.exe
PID 2120 wrote to memory of 2940	2120	Unicorn-59916.exe	WerFault.exe
PID 2120 wrote to memory of 2940	2120	Unicorn-59916.exe	WerFault.exe
PID 2120 wrote to memory of 2940	2120	Unicorn-59916.exe	WerFault.exe
PID 2120 wrote to memory of 2940	2120	Unicorn-59916.exe	WerFault.exe
PID 2532 wrote to memory of 1628	2532	Unicorn-6665.exe	Unicorn-61425.exe
PID 2532 wrote to memory of 1628	2532	Unicorn-6665.exe	Unicorn-61425.exe
PID 2532 wrote to memory of 1628	2532	Unicorn-6665.exe	Unicorn-61425.exe
PID 2532 wrote to memory of 1628	2532	Unicorn-6665.exe	Unicorn-61425.exe
PID 2356 wrote to memory of 2772	2356	Unicorn-40835.exe	Unicorn-44108.exe
PID 2356 wrote to memory of 2772	2356	Unicorn-40835.exe	Unicorn-44108.exe
PID 2356 wrote to memory of 2772	2356	Unicorn-40835.exe	Unicorn-44108.exe
PID 2356 wrote to memory of 2772	2356	Unicorn-40835.exe	Unicorn-44108.exe
PID 2208 wrote to memory of 2412	2208	Unicorn-11138.exe	Unicorn-25323.exe
PID 2208 wrote to memory of 2412	2208	Unicorn-11138.exe	Unicorn-25323.exe
PID 2208 wrote to memory of 2412	2208	Unicorn-11138.exe	Unicorn-25323.exe
PID 2208 wrote to memory of 2412	2208	Unicorn-11138.exe	Unicorn-25323.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-9213.exe	Unicorn-38945.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-9213.exe	Unicorn-38945.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-9213.exe	Unicorn-38945.exe
PID 2708 wrote to memory of 2488	2708	Unicorn-9213.exe	Unicorn-38945.exe
PID 2988 wrote to memory of 2444	2988	Unicorn-60701.exe	Unicorn-57206.exe
PID 2988 wrote to memory of 2444	2988	Unicorn-60701.exe	Unicorn-57206.exe
PID 2988 wrote to memory of 2444	2988	Unicorn-60701.exe	Unicorn-57206.exe
PID 2988 wrote to memory of 2444	2988	Unicorn-60701.exe	Unicorn-57206.exe
PID 2356 wrote to memory of 2332	2356	Unicorn-40835.exe	WerFault.exe
PID 2356 wrote to memory of 2332	2356	Unicorn-40835.exe	WerFault.exe
PID 2356 wrote to memory of 2332	2356	Unicorn-40835.exe	WerFault.exe
PID 2356 wrote to memory of 2332	2356	Unicorn-40835.exe	WerFault.exe
PID 2988 wrote to memory of 628	2988	Unicorn-60701.exe	WerFault.exe
PID 2988 wrote to memory of 628	2988	Unicorn-60701.exe	WerFault.exe
PID 2988 wrote to memory of 628	2988	Unicorn-60701.exe	WerFault.exe
PID 2988 wrote to memory of 628	2988	Unicorn-60701.exe	WerFault.exe
PID 1628 wrote to memory of 1284	1628	Unicorn-61425.exe	Unicorn-41977.exe
PID 1628 wrote to memory of 1284	1628	Unicorn-61425.exe	Unicorn-41977.exe
PID 1628 wrote to memory of 1284	1628	Unicorn-61425.exe	Unicorn-41977.exe
PID 1628 wrote to memory of 1284	1628	Unicorn-61425.exe	Unicorn-41977.exe

C:\Users\Admin\AppData\Local\Temp\8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe
"C:\Users\Admin\AppData\Local\Temp\8b7082a1e2b779b78aacaef324738265f599e2b9deaaa8b276be25eabf44a829.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16630.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:484

C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39392.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
9⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50737.exe
10⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28406.exe
11⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49656.exe
12⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
13⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
14⤵
PID:3396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
14⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 236
13⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
12⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
11⤵
PID:4884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46164.exe
10⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28034.exe
12⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23224.exe
13⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
13⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
12⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
10⤵
PID:5148

C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53731.exe
9⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
10⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58470.exe
11⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9784.exe
12⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54490.exe
13⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35564.exe
14⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 216
14⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
13⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
12⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
11⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
10⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
9⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23668.exe
8⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56881.exe
9⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21214.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22702.exe
11⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47456.exe
12⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63340.exe
13⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
14⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
14⤵
PID:2908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
13⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 236
12⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
11⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 216
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60217.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
10⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
11⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60126.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2838.exe
13⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
13⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
12⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
11⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
9⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 800 -s 240
8⤵
- Program crash
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5999.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21220.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49213.exe
9⤵
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16932.exe
10⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
11⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
12⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13950.exe
13⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55306.exe
14⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 236
14⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
13⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
12⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60340.exe
10⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19734.exe
11⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
12⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34012.exe
13⤵
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
13⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
12⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
11⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
10⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11402.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9048.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48156.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38072.exe
12⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
13⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
13⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5956 -s 216
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
11⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
10⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
9⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-62378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62378.exe
8⤵
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36487.exe
9⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
10⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
11⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38548.exe
12⤵
PID:8320

C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6589.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8320 -s 216
13⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
12⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
11⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
10⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
10⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7662.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13057.exe
12⤵
PID:11912

C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44834.exe
13⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
11⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
10⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
9⤵
PID:4316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 220
8⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 484 -s 240
7⤵
- Program crash
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31612.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20535.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36614.exe
9⤵
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
10⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62146.exe
11⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47168.exe
12⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58327.exe
13⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 236
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
12⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
11⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 236
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28321.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42763.exe
10⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 148
11⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
8⤵
- Program crash
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1354.exe
7⤵
- Executes dropped EXE
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23851.exe
8⤵
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7540.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10956.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52929.exe
12⤵
PID:9608

C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55418.exe
13⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9608 -s 236
13⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
12⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
9⤵
- Program crash
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19239.exe
10⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41694.exe
11⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37875.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10788 -s 220
12⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
10⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
8⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 220
7⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
6⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22638.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54287.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16386.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52854.exe
9⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-55780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55780.exe
10⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15041.exe
11⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22619.exe
12⤵
PID:7360

C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7360 -s 236
13⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
12⤵
PID:9272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
11⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54597.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-673.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20901.exe
11⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50262.exe
12⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16981.exe
13⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
13⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:9200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:6884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 240
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48090.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34737.exe
9⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24623.exe
11⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43222.exe
12⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57499.exe
13⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
13⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
12⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
11⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 216
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
8⤵
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13380.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
8⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-291.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6426.exe
11⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
12⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22111.exe
13⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
13⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 220
12⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
11⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 216
9⤵
- Program crash
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7727.exe
8⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
9⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 220
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
8⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 220
7⤵
- Program crash
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36969.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44320.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32519.exe
8⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19877.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49634.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
11⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17664.exe
12⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17661.exe
13⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 216
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
10⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
9⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43293.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38586.exe
9⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39933.exe
10⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3952.exe
11⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32516.exe
12⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11060 -s 216
12⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8068 -s 216
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
10⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
7⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18925.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
9⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61332.exe
10⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-13807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13807.exe
11⤵
PID:10572

C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50477.exe
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10572 -s 220
12⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 204
11⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
10⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 236
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
8⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
7⤵
- Program crash
PID:2124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 240
6⤵
- Program crash
PID:596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65266.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37977.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38139.exe
8⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56848.exe
11⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
12⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51279.exe
13⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
13⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
12⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 236
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48576.exe
9⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29202.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49306.exe
11⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46838.exe
12⤵
PID:10628

C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1864.exe
13⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10628 -s 216
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
9⤵
- Program crash
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2809.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1856.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9649.exe
11⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36560.exe
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
12⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
9⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 220
8⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
7⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19787.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43010.exe
7⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12780.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29894.exe
10⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61557.exe
11⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64768.exe
12⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17206.exe
13⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
13⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
11⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 216
9⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42058.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36214.exe
9⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-40322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40322.exe
10⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
11⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 236
10⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 220
8⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32181.exe
7⤵
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60789.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53540.exe
9⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6950.exe
10⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-37797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37797.exe
11⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58701.exe
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
10⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
7⤵
- Program crash
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
6⤵
- Program crash
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 236
5⤵
- Program crash
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2517.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9738.exe
8⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60452.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14886.exe
10⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
11⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4107.exe
12⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21683.exe
13⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
13⤵
PID:13052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 236
11⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
9⤵
- Program crash
PID:3696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
- Program crash
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36742.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58191.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18176.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43210.exe
11⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46785.exe
12⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28414.exe
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 216
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
10⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2194.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
10⤵
PID:7140

C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57501.exe
11⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63579.exe
12⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 216
12⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7140 -s 216
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
10⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
9⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
8⤵
- Program crash
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
7⤵
- Program crash
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13622.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50464.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2418.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49871.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54974.exe
11⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54833.exe
12⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12633.exe
13⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 220
13⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
12⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
11⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 236
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6155.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61466.exe
10⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45457.exe
11⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63119.exe
12⤵
PID:948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
11⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
8⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30871.exe
7⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-930.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35874.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
11⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46237.exe
12⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 236
12⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
11⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
9⤵
PID:5200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
8⤵
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
7⤵
- Program crash
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 220
6⤵
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
5⤵
- Program crash
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43902.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32075.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23578.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
7⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57602.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60732.exe
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51221.exe
10⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10235.exe
11⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16340.exe
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 236
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
10⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49299.exe
7⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25964.exe
8⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
9⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37155.exe
10⤵
PID:10968

C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56097.exe
11⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10968 -s 220
11⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 220
10⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
9⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
8⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 240
7⤵
- Program crash
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16011.exe
6⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22589.exe
7⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64966.exe
8⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53463.exe
9⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15816.exe
10⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 236
10⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
9⤵
PID:9628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
8⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 216
7⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
6⤵
- Program crash
PID:1280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 216
5⤵
- Program crash
PID:540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52165.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55537.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32695.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48165.exe
9⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24199.exe
10⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25245.exe
11⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4629.exe
12⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16146.exe
13⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5276.exe
14⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 236
14⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 236
13⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
12⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
11⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
10⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42293.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61876.exe
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44173.exe
11⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
12⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
13⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 236
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 220
12⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
11⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16535.exe
8⤵
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10006.exe
9⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
11⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15281.exe
12⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8232 -s 236
12⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 236
11⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 216
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44812.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65025.exe
8⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-27069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27069.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15628.exe
10⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39735.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11321.exe
12⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16345.exe
13⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
13⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-23015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23015.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28512.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55103.exe
10⤵
PID:7780

C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17236.exe
11⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60879.exe
12⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 220
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7780 -s 216
11⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
8⤵
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
7⤵
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47512.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57046.exe
9⤵
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
10⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
11⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
12⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41326.exe
13⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
13⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
12⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
11⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 236
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-947.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34570.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29260.exe
11⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43491.exe
12⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
12⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 236
11⤵
PID:9476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
9⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64233.exe
8⤵
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21337.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13526.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25821.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22921.exe
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
11⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 236
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
8⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6214.exe
7⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50378.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58800.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43103.exe
10⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9390.exe
11⤵
PID:9416

C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16779.exe
12⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9416 -s 216
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
11⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
10⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
9⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34465.exe
8⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 220
9⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
7⤵
- Program crash
PID:1060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 240
6⤵
- Program crash
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32299.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49372.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14075.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49737.exe
8⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15482.exe
9⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29026.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47858.exe
11⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15794.exe
12⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-11616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11616.exe
13⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
13⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 216
12⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
11⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 236
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4064.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
10⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-457.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43704.exe
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
12⤵
PID:2176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
11⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22015.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36416.exe
10⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
11⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
12⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7084.exe
13⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
13⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
11⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
8⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45160.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24401.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17786.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32097.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8966.exe
11⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41965.exe
12⤵
PID:11832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29621.exe
13⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 236
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 236
9⤵
PID:5564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
8⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
7⤵
- Program crash
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64319.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31305.exe
7⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55491.exe
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42230.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5621.exe
10⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-58914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58914.exe
11⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19816.exe
12⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 236
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
11⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 236
10⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25927.exe
8⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9596.exe
9⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35469.exe
10⤵
PID:11740

C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47286.exe
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
10⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
9⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
8⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 240
7⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
6⤵
- Program crash
PID:344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41675.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27115.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63442.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64335.exe
8⤵
PID:1256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 188
9⤵
- Program crash
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17583.exe
7⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9723.exe
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13901.exe
10⤵
PID:7424

C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4707.exe
11⤵
PID:11248

C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11248 -s 236
12⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7424 -s 236
11⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
10⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 216
8⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
7⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4926.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33656.exe
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49235.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14010.exe
9⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44564.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29060.exe
11⤵
PID:11712

C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
12⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 236
10⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
8⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
7⤵
- Program crash
PID:3544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
6⤵
- Program crash
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25910.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32171.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
7⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29819.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57227.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10126.exe
10⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52899.exe
11⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10372.exe
12⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
11⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
10⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 216
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
7⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8173.exe
8⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46210.exe
9⤵
PID:7396

C:\Users\Admin\AppData\Local\Temp\Unicorn-29690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29690.exe
10⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15860.exe
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 216
11⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7396 -s 204
10⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
9⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
8⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
7⤵
- Program crash
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23727.exe
6⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8151.exe
7⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18510.exe
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2468.exe
9⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36199.exe
10⤵
PID:11500

C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43137.exe
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
10⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
9⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
8⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
7⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
6⤵
- Program crash
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
5⤵
- Program crash
PID:1088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-44108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44108.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63767.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19766.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42021.exe
7⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25247.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48134.exe
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
10⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-29690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29690.exe
11⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63754.exe
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11736 -s 188
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
12⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 216
11⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
10⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
8⤵
- Program crash
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
7⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53230.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
9⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57244.exe
10⤵
PID:10424

C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5431.exe
11⤵
PID:7680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10424 -s 216
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7364 -s 220
10⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
9⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
8⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
7⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
6⤵
- Program crash
PID:1636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 216
5⤵
- Program crash
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5738.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30961.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11289.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13134.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47347.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54278.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52354.exe
10⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30358.exe
11⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
12⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
11⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
8⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20102.exe
7⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42538.exe
8⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33922.exe
9⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31786.exe
10⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18778.exe
11⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
10⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
9⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
8⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
7⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15059.exe
6⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8925.exe
7⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6026.exe
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60477.exe
9⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
10⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 236
11⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
10⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
9⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 236
8⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59176.exe
7⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
8⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14794.exe
9⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63199.exe
10⤵
PID:5604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
10⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
9⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
8⤵
PID:1948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
7⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
6⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12428.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10562.exe
6⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20690.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28846.exe
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37505.exe
9⤵
PID:7280

C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9220.exe
10⤵
PID:10948

C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
11⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10948 -s 216
11⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7280 -s 220
10⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
9⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
8⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
7⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
6⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
4⤵
- Program crash
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
2⤵
- Program crash
PID:2672

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11138.exe
Filesize
184KB

MD5
be2a31d57f8833357013bbd987829caa

SHA1
8ff54e1d83faef99109a386c9c0e80ff2977e205

SHA256
89e653e9f241f43cc148180dad3c7923740305fba2c0f43204707452e5d5a947

SHA512
59a2c3ee90ed294ea85f13adf161b2c4750196b06999ad31dab5a621bd10f7451b143851d9c8205e33a3995cc388cfe711af16549c8c1221c609e310b373428d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22857.exe
Filesize
184KB

MD5
5eb219753caef1b7e882281de5d31bdd

SHA1
31844b334a880d5ebea3d4085ad5edc70ff3b06e

SHA256
128b1451e434f1975de3832afef85dc4172da9040370a6ca158af70623dffa86

SHA512
6f985f08052d176720f8f6e054ea4d884e8f92cdf5dfd930dcf076f70d589dcc87ea4d2da061ccfa9cf69784a86e93af659197984cc3321829bafb915cc1c1f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3887.exe
Filesize
184KB

MD5
3652884f8ae7ac01ab345bff1aafb69e

SHA1
37ec6e1525dc79ce1c6f362e2da1d17e9080d79b

SHA256
f5d0b64c5f5da9c6914891a026f46f61a376a24623f88539eca4b087d083cd04

SHA512
4d346126ac8c328e5016efd168fd3f06f2de396292c752bf6ed589bc1b323c1b055eb5e7ebf72a0d6bb933019ced7b4ec8dad64f5eafa7b54d62fd92926422bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40835.exe
Filesize
184KB

MD5
54ea8300503bf5fd3cc8c6cd2ddc3ea8

SHA1
6cc00191b09cf062cd215fa6d8f294401f60f8ae

SHA256
cd5f4c349c36526cd32743d52a31595f1eb50aaf7ac4c345794d51f72fc406d6

SHA512
ac8eb63a17866cea6862bc56d8e0b3ed257014891df04d7537da9ce4f3b1fb8be3bb8fdbdec1c5ffc099b10e9be33ff75cfb13a0194c204494e434fb21e18370

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40923.exe
Filesize
184KB

MD5
23e693f164e325ac61232605d8fd2332

SHA1
590b1acfaec90f6f8a93763264cd5dcc3e9432cf

SHA256
69245b2df1f2e7e26903523387963bbf36c9ab014cea220b8d4b41e717b424f9

SHA512
4a1ac6dc0580b254a49fc72e592d5f43fdcc043aa7b9088305d58673018c6f26eb1d2c6d8cfb9ad5710e1fa6cb26cdc3164ba7a20b56b7fd7f9c2a4238c6de37

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
Filesize
184KB

MD5
77300c1fd812845925a735203537a0cf

SHA1
0c43f0792d24e8968b6bfae415d7e44ffa24f756

SHA256
ac15ca906a44c155b18beb4b7aac4454627379d4020897deb0c98d10c89669eb

SHA512
0b79643a426cc42c73d70b293b80e00747734f22098094a84598a06f8836affb42cf21a5304ed292975706c2c48f6bb418a9ee34deb25132ff85abcfd6eef244

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53061.exe
Filesize
184KB

MD5
eea0c0064daebf0757b477f616ed36be

SHA1
593149071217001f41aa7818e1181a2254247452

SHA256
36b3225e33d27632d84e5998ec3190ff1d5589e0b515c1fb165b836c2038a47b

SHA512
6b32c6c0ade716b33ac8c22d4e42d9d62363d2416c39f192e82853bf6af35372a1dcd37e0a1228ee2aa23701fe47ca2be41bfceb733e6ec4de2145aa9da48562

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5874.exe
Filesize
184KB

MD5
8afc7c194bd4159a6e7c0ee5280c5f63

SHA1
dc505b74b66977a175bcaab25a9ba94948f2faec

SHA256
77d83f573be4af2ecda683a030a29eb93659a454e33695b1bf6057e83ddc9eee

SHA512
648f9b7d68103a96a50fbda18779247c405040ef96d29559c6620723f0d882231ffe58edfdfaa2f0a90c435c3880724345771ea5e5dbc925af60195278981366

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60701.exe
Filesize
184KB

MD5
6371bc1d269289f9835b13b53d2652f1

SHA1
1b74e3c533e75c951f879aecfde027b0ecade6ef

SHA256
8df832a300e598a506e8a82cd1b121715d081337c51df6e055cadb7ce71300f8

SHA512
40cbdb6fb94b7e97cdc2e44dec55e15cb507db2f76fdc1cbd937761261db513b369d3fba4c30e9318b995028ef29468c330751ac13aaa4f4cc8c69d1e5e128cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9213.exe
Filesize
184KB

MD5
ea2ffcd06f4df48e699956967c9ceb59

SHA1
18c4abc9c47c299ba07fed51a08f8874fffac038

SHA256
40e83b2d5ab4087abb08aadfef8465480868e3caa71c51c269ca70506c01f6c1

SHA512
a7a0cce9d56708b2c20d6399ad836341e9335989140301088674c41489f977b803ec9b5b832f926080a4d99ec081c7114b05a53be420947a835b3ce5652531c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25323.exe
Filesize
184KB

MD5
1ff5fab4af7e859d98c12566a8fd096c

SHA1
bd4504e9bef20de7bb96f3ec1fe6edd9f959f37c

SHA256
c2a9bfa0e790c68839fadd7a7d71ec92982ff6e9a26e3d403f76afd4157ca0d3

SHA512
a2067f7816e1b84a6682c7d8677ae22c1a0504170550f65fac14577c902f2263abcdf217bcb8630232e89e5dba91cb98ff37adb71d8b1d4a47e684760bb47fd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38945.exe
Filesize
184KB

MD5
911c5c6dc8a72d5acb8097223717dc48

SHA1
b4ef2d4c6ea6f2314cff6ccbe501bcb35079aa78

SHA256
60f3803277702427a452dc5e623d83228fd4a20a5731a32d66e50f59711183dd

SHA512
6b1adeb44d8863eaeadbab8cf21d894180ea98a9bf92858522bd0b11e6e10d81734c40f8fe78e3336e43a27f42b899e625b6661b4e36ed08c73600bf4ffba261

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41977.exe
Filesize
184KB

MD5
eb93e6ec7f2a368b19e556186c7db0e3

SHA1
535716faee12e55a358eaeae68513ce60be1ffdd

SHA256
fa2ee70b991f4b5697439aa44efd540d06ec758687ff1bc12cd29d828390c03b

SHA512
45de1868c84e9f6189b707036d1aec58e620e16a322f9ae3f671fe2e0b6a781bd48450cbc81177aca3ddab3c913b88fd53b713778507b2d6186786c38b4e73cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44108.exe
Filesize
184KB

MD5
e9792e5dc397fe4eb1c67f52f6424035

SHA1
21f9b5d511e2bc894a71e8744671fc25524006a2

SHA256
aa1424f454b771ffbadeafcf31b15e7c24244b00b1f3031c4fd7e8b55efd958d

SHA512
31b77c9212fcfde1ddd62d277cbd1b79cca9a2c42536821056deef8a2a4116f3f77a7c7c894486e46e1152c0bb2c749d493dd245e0e960da4c9c8af2a150800d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57206.exe
Filesize
184KB

MD5
9ce84f4809078ad9b55e34a674214d08

SHA1
75bfccfb9d986e086b01a07c2df833bcd880c47d

SHA256
13a73b337205b766052c65e349e9ca0b38df6aa7fb629b76bcf5323ba1c43843

SHA512
fec58ecb364eb9125373ca4fa780e19b91e9b5e3a9f0c8864362f1746f6dd5913d328ed2bede609975f6b8772b54d9da380487ca563819c3dc8516ffe4c26c1f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59916.exe
Filesize
184KB

MD5
cb6a897169d9cc541c621b932f3ae33c

SHA1
3d32c2d44b348e9d991b57ecd06bfdd9923a1bb2

SHA256
2de454faf8d531019366f4bec17eda97d864906da577e76dbaa987644714a506

SHA512
e7c267c5f74b84ba5e8d1ed5b728cbe5de6033248e1b2fbf97ce7a579abc8343201019010e96b9f53464a4f395246d0ea8433054b2083e9f3cc017dfef2334d0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61425.exe
Filesize
184KB

MD5
b2a87e755e7379f950240be7500757be

SHA1
0a1e22bff7a0ffb37eefad0083c136777d0023bf

SHA256
38d24d2abbb18c8f0d2de08ea1d82fa531f939c628114f86470dd87b2a376062

SHA512
ecd469f20178337199adbb419d2da08c83aaf19e10659e602ef52a61c6127cf94c3092069e35c49ba421d4236bb6dfde9c4ad0ef9e84b219708d962c1f52962e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6665.exe
Filesize
184KB

MD5
346d44269a8edd7058795b52862f4a77

SHA1
fd7a8f56698aa6388f76ef08b00206c4f4f38bd6

SHA256
b9d7bc732998f08165bc1dd11573a847d0a5c1f297d86195c1f0c7e5c9ec7397

SHA512
fc82d8a79655d22dbf63db61dcddb77989065e95390f4aa2191da3493fc63d421b9ad0bb53a7e6661c81f839cc8dc32a9009ed9974f115a25410ffc044276c9d

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads