8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
Size

184KB
MD5

02ec09000fe01f91cda7666ef4378225
SHA1

201a16122c185aca844f9f510aa6671d64809881
SHA256

8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a
SHA512

9b8c0658365b26eeab6c9bd7d8bde1ec046392c3ddbf6ee7f53d5becc1ca0ad729f80f31a9d1ea6f290c6ae22e91cd330a8014f532a934a86472add444adb527
SSDEEP

3072:b2Z3c6oTfJdcdBpie59LRBuEhlnViFBn3:b2vobIBpNL7uEhlnViFB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-27596.exeUnicorn-64417.exeUnicorn-44552.exeUnicorn-28262.exeUnicorn-47604.exeUnicorn-48128.exeUnicorn-31707.exeUnicorn-39438.exeUnicorn-59304.exeUnicorn-39438.exeUnicorn-26087.exeUnicorn-53261.exeUnicorn-39015.exeUnicorn-40973.exeUnicorn-24017.exeUnicorn-52828.exeUnicorn-7156.exeUnicorn-10316.exeUnicorn-34328.exeUnicorn-61115.exeUnicorn-15443.exeUnicorn-32307.exeUnicorn-26229.exeUnicorn-31325.exeUnicorn-47595.exeUnicorn-50231.exeUnicorn-61404.exeUnicorn-30211.exeUnicorn-15441.exeUnicorn-14421.exeUnicorn-19518.exeUnicorn-4748.exeUnicorn-2133.exeUnicorn-17488.exeUnicorn-12325.exeUnicorn-22518.exeUnicorn-19970.exeUnicorn-40612.exeUnicorn-2585.exeUnicorn-55901.exeUnicorn-7681.exeUnicorn-53286.exeUnicorn-46140.exeUnicorn-5748.exeUnicorn-25614.exeUnicorn-25614.exeUnicorn-3635.exeUnicorn-32446.exeUnicorn-37404.exeUnicorn-62980.exeUnicorn-26254.exeUnicorn-46120.exeUnicorn-31350.exeUnicorn-44003.exeUnicorn-49099.exeUnicorn-35922.exeUnicorn-38928.exeUnicorn-43479.exeUnicorn-24158.exeUnicorn-48575.exeUnicorn-18538.exeUnicorn-38404.exeUnicorn-36811.exeUnicorn-43500.exe

pid	process
2864	Unicorn-27596.exe
2624	Unicorn-64417.exe
2592	Unicorn-44552.exe
2412	Unicorn-28262.exe
2264	Unicorn-47604.exe
2440	Unicorn-48128.exe
2456	Unicorn-31707.exe
384	Unicorn-39438.exe
1612	Unicorn-59304.exe
1736	Unicorn-39438.exe
1640	Unicorn-26087.exe
2040	Unicorn-53261.exe
2224	Unicorn-39015.exe
1928	Unicorn-40973.exe
2348	Unicorn-24017.exe
604	Unicorn-52828.exe
708	Unicorn-7156.exe
1420	Unicorn-10316.exe
3000	Unicorn-34328.exe
2328	Unicorn-61115.exe
2948	Unicorn-15443.exe
972	Unicorn-32307.exe
556	Unicorn-26229.exe
1696	Unicorn-31325.exe
888	Unicorn-47595.exe
1940	Unicorn-50231.exe
2320	Unicorn-61404.exe
328	Unicorn-30211.exe
1964	Unicorn-15441.exe
2516	Unicorn-14421.exe
2500	Unicorn-19518.exe
2484	Unicorn-4748.exe
2400	Unicorn-2133.exe
2536	Unicorn-17488.exe
1680	Unicorn-12325.exe
1668	Unicorn-22518.exe
2668	Unicorn-19970.exe
2912	Unicorn-40612.exe
2288	Unicorn-2585.exe
2244	Unicorn-55901.exe
780	Unicorn-7681.exe
1752	Unicorn-53286.exe
2152	Unicorn-46140.exe
2276	Unicorn-5748.exe
2024	Unicorn-25614.exe
1968	Unicorn-25614.exe
596	Unicorn-3635.exe
2036	Unicorn-32446.exe
2956	Unicorn-37404.exe
1900	Unicorn-62980.exe
2100	Unicorn-26254.exe
2252	Unicorn-46120.exe
2756	Unicorn-31350.exe
1892	Unicorn-44003.exe
1564	Unicorn-49099.exe
1552	Unicorn-35922.exe
1996	Unicorn-38928.exe
2940	Unicorn-43479.exe
2708	Unicorn-24158.exe
3060	Unicorn-48575.exe
2088	Unicorn-18538.exe
2540	Unicorn-38404.exe
2112	Unicorn-36811.exe
2680	Unicorn-43500.exe

Loads dropped DLL 64 IoCs

Processes:

8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exeUnicorn-27596.exeUnicorn-44552.exeUnicorn-64417.exeWerFault.exeUnicorn-28262.exeUnicorn-48128.exeUnicorn-47604.exeWerFault.exeWerFault.exeUnicorn-31707.exeUnicorn-39438.exeUnicorn-26087.exeUnicorn-39438.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
2864	Unicorn-27596.exe
2864	Unicorn-27596.exe
2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
2864	Unicorn-27596.exe
2864	Unicorn-27596.exe
2592	Unicorn-44552.exe
2592	Unicorn-44552.exe
2624	Unicorn-64417.exe
2624	Unicorn-64417.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
1280	WerFault.exe
2412	Unicorn-28262.exe
2412	Unicorn-28262.exe
2440	Unicorn-48128.exe
2440	Unicorn-48128.exe
2592	Unicorn-44552.exe
2624	Unicorn-64417.exe
2592	Unicorn-44552.exe
2624	Unicorn-64417.exe
2264	Unicorn-47604.exe
2264	Unicorn-47604.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
2344	WerFault.exe
868	WerFault.exe
868	WerFault.exe
868	WerFault.exe
868	WerFault.exe
2344	WerFault.exe
868	WerFault.exe
2456	Unicorn-31707.exe
2456	Unicorn-31707.exe
2412	Unicorn-28262.exe
2412	Unicorn-28262.exe
384	Unicorn-39438.exe
384	Unicorn-39438.exe
1640	Unicorn-26087.exe
1640	Unicorn-26087.exe
2264	Unicorn-47604.exe
1736	Unicorn-39438.exe
2264	Unicorn-47604.exe
1736	Unicorn-39438.exe
2440	Unicorn-48128.exe
2440	Unicorn-48128.exe
1196	WerFault.exe
1196	WerFault.exe
1196	WerFault.exe
1196	WerFault.exe
1196	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
1208	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe
1164	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2404	2000	WerFault.exe	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
1280	2864	WerFault.exe	Unicorn-27596.exe
2344	2624	WerFault.exe	Unicorn-64417.exe
868	2592	WerFault.exe	Unicorn-44552.exe
1196	2412	WerFault.exe	Unicorn-28262.exe
1164	2264	WerFault.exe	Unicorn-47604.exe
1208	2440	WerFault.exe	Unicorn-48128.exe
1448	708	WerFault.exe	Unicorn-7156.exe
1536	2456	WerFault.exe	Unicorn-31707.exe
2688	384	WerFault.exe	Unicorn-39438.exe
2324	1640	WerFault.exe	Unicorn-26087.exe
1296	1736	WerFault.exe	Unicorn-39438.exe
2580	1612	WerFault.exe	Unicorn-59304.exe
2352	2040	WerFault.exe	Unicorn-53261.exe
2720	2224	WerFault.exe	Unicorn-39015.exe
2216	1928	WerFault.exe	Unicorn-40973.exe
532	2348	WerFault.exe	Unicorn-24017.exe
2884	1420	WerFault.exe	Unicorn-10316.exe
652	604	WerFault.exe	Unicorn-52828.exe
1528	2328	WerFault.exe	Unicorn-61115.exe
472	3000	WerFault.exe	Unicorn-34328.exe
112	2948	WerFault.exe	Unicorn-15443.exe
1520	556	WerFault.exe	Unicorn-26229.exe
1852	1696	WerFault.exe	Unicorn-31325.exe
2232	888	WerFault.exe	Unicorn-47595.exe
2564	972	WerFault.exe	Unicorn-32307.exe
2408	1940	WerFault.exe	Unicorn-50231.exe
2432	328	WerFault.exe	Unicorn-30211.exe
2388	1964	WerFault.exe	Unicorn-15441.exe
2120	2320	WerFault.exe	Unicorn-61404.exe
2760	2536	WerFault.exe	Unicorn-17488.exe
2660	2400	WerFault.exe	Unicorn-2133.exe
2516	2500	WerFault.exe	Unicorn-19518.exe
3144	2484	WerFault.exe	Unicorn-4748.exe
3180	2912	WerFault.exe	Unicorn-40612.exe
3188	1680	WerFault.exe	Unicorn-12325.exe
3268	780	WerFault.exe	Unicorn-7681.exe
3276	2152	WerFault.exe	Unicorn-46140.exe
3320	2244	WerFault.exe	Unicorn-55901.exe
3312	2024	WerFault.exe	Unicorn-25614.exe
3392	1968	WerFault.exe	Unicorn-25614.exe
3384	1752	WerFault.exe	Unicorn-53286.exe
3428	2668	WerFault.exe	Unicorn-19970.exe
3476	1668	WerFault.exe	Unicorn-22518.exe
3644	2276	WerFault.exe	Unicorn-5748.exe
3540	596	WerFault.exe	Unicorn-3635.exe
3736	2036	WerFault.exe	Unicorn-32446.exe
4076	2956	WerFault.exe	Unicorn-37404.exe
3812	1900	WerFault.exe	Unicorn-62980.exe
3876	2252	WerFault.exe	Unicorn-46120.exe
3308	2680	WerFault.exe	Unicorn-43500.exe
3988	1892	WerFault.exe	Unicorn-44003.exe
4312	1996	WerFault.exe	Unicorn-38928.exe
4336	1564	WerFault.exe	Unicorn-49099.exe
4364	2756	WerFault.exe	Unicorn-31350.exe
4396	2632	WerFault.exe	Unicorn-11325.exe
4420	1756	WerFault.exe	Unicorn-1015.exe
4428	1796	WerFault.exe	Unicorn-5068.exe
4468	1800	WerFault.exe	Unicorn-36287.exe
4492	1596	WerFault.exe	Unicorn-36287.exe
4508	2708	WerFault.exe	Unicorn-24158.exe
4660	2192	WerFault.exe	Unicorn-44115.exe
4680	1320	WerFault.exe	Unicorn-3972.exe
4704	2832	WerFault.exe	Unicorn-3496.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exeUnicorn-27596.exeUnicorn-64417.exeUnicorn-44552.exeUnicorn-28262.exeUnicorn-47604.exeUnicorn-48128.exeUnicorn-31707.exeUnicorn-39438.exeUnicorn-59304.exeUnicorn-39438.exeUnicorn-26087.exeUnicorn-53261.exeUnicorn-39015.exeUnicorn-40973.exeUnicorn-24017.exeUnicorn-10316.exeUnicorn-52828.exeUnicorn-7156.exeUnicorn-34328.exeUnicorn-61115.exeUnicorn-15443.exeUnicorn-32307.exeUnicorn-26229.exeUnicorn-31325.exeUnicorn-47595.exeUnicorn-50231.exeUnicorn-30211.exeUnicorn-61404.exeUnicorn-15441.exeUnicorn-14421.exeUnicorn-19518.exeUnicorn-4748.exeUnicorn-2133.exeUnicorn-17488.exeUnicorn-12325.exeUnicorn-22518.exeUnicorn-40612.exeUnicorn-19970.exeUnicorn-55901.exeUnicorn-7681.exeUnicorn-2585.exeUnicorn-53286.exeUnicorn-46140.exeUnicorn-25614.exeUnicorn-25614.exeUnicorn-5748.exeUnicorn-3635.exeUnicorn-32446.exeUnicorn-37404.exeUnicorn-62980.exeUnicorn-46120.exeUnicorn-26254.exeUnicorn-31350.exeUnicorn-44003.exeUnicorn-49099.exeUnicorn-35922.exeUnicorn-38928.exeUnicorn-43479.exeUnicorn-18538.exeUnicorn-24158.exeUnicorn-48575.exeUnicorn-38404.exeUnicorn-36811.exe

pid	process
2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
2864	Unicorn-27596.exe
2624	Unicorn-64417.exe
2592	Unicorn-44552.exe
2412	Unicorn-28262.exe
2264	Unicorn-47604.exe
2440	Unicorn-48128.exe
2456	Unicorn-31707.exe
384	Unicorn-39438.exe
1612	Unicorn-59304.exe
1736	Unicorn-39438.exe
1640	Unicorn-26087.exe
2040	Unicorn-53261.exe
2224	Unicorn-39015.exe
1928	Unicorn-40973.exe
2348	Unicorn-24017.exe
1420	Unicorn-10316.exe
604	Unicorn-52828.exe
708	Unicorn-7156.exe
3000	Unicorn-34328.exe
2328	Unicorn-61115.exe
2948	Unicorn-15443.exe
972	Unicorn-32307.exe
556	Unicorn-26229.exe
1696	Unicorn-31325.exe
888	Unicorn-47595.exe
1940	Unicorn-50231.exe
328	Unicorn-30211.exe
2320	Unicorn-61404.exe
1964	Unicorn-15441.exe
2516	Unicorn-14421.exe
2500	Unicorn-19518.exe
2484	Unicorn-4748.exe
2400	Unicorn-2133.exe
2536	Unicorn-17488.exe
1680	Unicorn-12325.exe
1668	Unicorn-22518.exe
2912	Unicorn-40612.exe
2668	Unicorn-19970.exe
2244	Unicorn-55901.exe
780	Unicorn-7681.exe
2288	Unicorn-2585.exe
1752	Unicorn-53286.exe
2152	Unicorn-46140.exe
2024	Unicorn-25614.exe
1968	Unicorn-25614.exe
2276	Unicorn-5748.exe
596	Unicorn-3635.exe
2036	Unicorn-32446.exe
2956	Unicorn-37404.exe
1900	Unicorn-62980.exe
2252	Unicorn-46120.exe
2100	Unicorn-26254.exe
2756	Unicorn-31350.exe
1892	Unicorn-44003.exe
1564	Unicorn-49099.exe
1552	Unicorn-35922.exe
1996	Unicorn-38928.exe
2940	Unicorn-43479.exe
2088	Unicorn-18538.exe
2708	Unicorn-24158.exe
3060	Unicorn-48575.exe
2540	Unicorn-38404.exe
2112	Unicorn-36811.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exeUnicorn-27596.exeUnicorn-44552.exeUnicorn-64417.exeUnicorn-28262.exeUnicorn-48128.exeUnicorn-47604.exeUnicorn-31707.exe

description	pid	process	target process
PID 2000 wrote to memory of 2864	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-27596.exe
PID 2000 wrote to memory of 2864	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-27596.exe
PID 2000 wrote to memory of 2864	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-27596.exe
PID 2000 wrote to memory of 2864	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-27596.exe
PID 2864 wrote to memory of 2624	2864	Unicorn-27596.exe	Unicorn-64417.exe
PID 2864 wrote to memory of 2624	2864	Unicorn-27596.exe	Unicorn-64417.exe
PID 2864 wrote to memory of 2624	2864	Unicorn-27596.exe	Unicorn-64417.exe
PID 2864 wrote to memory of 2624	2864	Unicorn-27596.exe	Unicorn-64417.exe
PID 2000 wrote to memory of 2592	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-44552.exe
PID 2000 wrote to memory of 2592	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-44552.exe
PID 2000 wrote to memory of 2592	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-44552.exe
PID 2000 wrote to memory of 2592	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	Unicorn-44552.exe
PID 2000 wrote to memory of 2404	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	WerFault.exe
PID 2000 wrote to memory of 2404	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	WerFault.exe
PID 2000 wrote to memory of 2404	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	WerFault.exe
PID 2000 wrote to memory of 2404	2000	8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe	WerFault.exe
PID 2864 wrote to memory of 2412	2864	Unicorn-27596.exe	Unicorn-28262.exe
PID 2864 wrote to memory of 2412	2864	Unicorn-27596.exe	Unicorn-28262.exe
PID 2864 wrote to memory of 2412	2864	Unicorn-27596.exe	Unicorn-28262.exe
PID 2864 wrote to memory of 2412	2864	Unicorn-27596.exe	Unicorn-28262.exe
PID 2592 wrote to memory of 2264	2592	Unicorn-44552.exe	Unicorn-47604.exe
PID 2592 wrote to memory of 2264	2592	Unicorn-44552.exe	Unicorn-47604.exe
PID 2592 wrote to memory of 2264	2592	Unicorn-44552.exe	Unicorn-47604.exe
PID 2592 wrote to memory of 2264	2592	Unicorn-44552.exe	Unicorn-47604.exe
PID 2624 wrote to memory of 2440	2624	Unicorn-64417.exe	Unicorn-48128.exe
PID 2624 wrote to memory of 2440	2624	Unicorn-64417.exe	Unicorn-48128.exe
PID 2624 wrote to memory of 2440	2624	Unicorn-64417.exe	Unicorn-48128.exe
PID 2624 wrote to memory of 2440	2624	Unicorn-64417.exe	Unicorn-48128.exe
PID 2864 wrote to memory of 1280	2864	Unicorn-27596.exe	WerFault.exe
PID 2864 wrote to memory of 1280	2864	Unicorn-27596.exe	WerFault.exe
PID 2864 wrote to memory of 1280	2864	Unicorn-27596.exe	WerFault.exe
PID 2864 wrote to memory of 1280	2864	Unicorn-27596.exe	WerFault.exe
PID 2412 wrote to memory of 2456	2412	Unicorn-28262.exe	Unicorn-31707.exe
PID 2412 wrote to memory of 2456	2412	Unicorn-28262.exe	Unicorn-31707.exe
PID 2412 wrote to memory of 2456	2412	Unicorn-28262.exe	Unicorn-31707.exe
PID 2412 wrote to memory of 2456	2412	Unicorn-28262.exe	Unicorn-31707.exe
PID 2440 wrote to memory of 1612	2440	Unicorn-48128.exe	Unicorn-59304.exe
PID 2440 wrote to memory of 1612	2440	Unicorn-48128.exe	Unicorn-59304.exe
PID 2440 wrote to memory of 1612	2440	Unicorn-48128.exe	Unicorn-59304.exe
PID 2440 wrote to memory of 1612	2440	Unicorn-48128.exe	Unicorn-59304.exe
PID 2592 wrote to memory of 384	2592	Unicorn-44552.exe	Unicorn-39438.exe
PID 2592 wrote to memory of 384	2592	Unicorn-44552.exe	Unicorn-39438.exe
PID 2592 wrote to memory of 384	2592	Unicorn-44552.exe	Unicorn-39438.exe
PID 2592 wrote to memory of 384	2592	Unicorn-44552.exe	Unicorn-39438.exe
PID 2624 wrote to memory of 1736	2624	Unicorn-64417.exe	Unicorn-39438.exe
PID 2624 wrote to memory of 1736	2624	Unicorn-64417.exe	Unicorn-39438.exe
PID 2624 wrote to memory of 1736	2624	Unicorn-64417.exe	Unicorn-39438.exe
PID 2624 wrote to memory of 1736	2624	Unicorn-64417.exe	Unicorn-39438.exe
PID 2264 wrote to memory of 1640	2264	Unicorn-47604.exe	Unicorn-26087.exe
PID 2264 wrote to memory of 1640	2264	Unicorn-47604.exe	Unicorn-26087.exe
PID 2264 wrote to memory of 1640	2264	Unicorn-47604.exe	Unicorn-26087.exe
PID 2264 wrote to memory of 1640	2264	Unicorn-47604.exe	Unicorn-26087.exe
PID 2624 wrote to memory of 2344	2624	Unicorn-64417.exe	WerFault.exe
PID 2624 wrote to memory of 2344	2624	Unicorn-64417.exe	WerFault.exe
PID 2624 wrote to memory of 2344	2624	Unicorn-64417.exe	WerFault.exe
PID 2624 wrote to memory of 2344	2624	Unicorn-64417.exe	WerFault.exe
PID 2592 wrote to memory of 868	2592	Unicorn-44552.exe	WerFault.exe
PID 2592 wrote to memory of 868	2592	Unicorn-44552.exe	WerFault.exe
PID 2592 wrote to memory of 868	2592	Unicorn-44552.exe	WerFault.exe
PID 2592 wrote to memory of 868	2592	Unicorn-44552.exe	WerFault.exe
PID 2456 wrote to memory of 2040	2456	Unicorn-31707.exe	Unicorn-53261.exe
PID 2456 wrote to memory of 2040	2456	Unicorn-31707.exe	Unicorn-53261.exe
PID 2456 wrote to memory of 2040	2456	Unicorn-31707.exe	Unicorn-53261.exe
PID 2456 wrote to memory of 2040	2456	Unicorn-31707.exe	Unicorn-53261.exe

C:\Users\Admin\AppData\Local\Temp\8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe
"C:\Users\Admin\AppData\Local\Temp\8b44b1775a424cb82146bca7547af5d78258ba682bc807be08a303f41d2d1e6a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31325.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19970.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57291.exe
8⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
9⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
10⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24430.exe
11⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-24396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24396.exe
12⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15329.exe
13⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
13⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
12⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
11⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 216
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13452.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36896.exe
10⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
12⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 220
9⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
8⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16195.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43185.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-57004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57004.exe
11⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50902.exe
12⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
12⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
9⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
8⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44115.exe
7⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40837.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15934.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9849.exe
10⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
11⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8352.exe
12⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
12⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
10⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28050.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
9⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
10⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
11⤵
PID:11328

C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
12⤵
PID:13488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
10⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
8⤵
- Program crash
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
7⤵
- Program crash
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
6⤵
- Program crash
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10316.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30211.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53286.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
8⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
9⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44558.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45377.exe
12⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10270.exe
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
13⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 236
12⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
11⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 216
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34718.exe
9⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36189.exe
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
11⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
12⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
13⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 236
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
9⤵
- Program crash
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49644.exe
8⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31791.exe
11⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31565.exe
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
11⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
9⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 220
8⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37425.exe
7⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
8⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12051.exe
9⤵
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 240
10⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 236
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33670.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
9⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10196.exe
10⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54071.exe
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
11⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5144 -s 216
10⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
7⤵
- Program crash
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46140.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38404.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33612.exe
8⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24954.exe
10⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49400.exe
11⤵
PID:9188

C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39430.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9188 -s 216
12⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
10⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31360.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20762.exe
9⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
10⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
11⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
10⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13746.exe
7⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14575.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19512.exe
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19156.exe
10⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9944.exe
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
11⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
10⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
8⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
6⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 240
6⤵
- Program crash
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15441.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23453.exe
8⤵
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35056.exe
9⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58996.exe
10⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30452.exe
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 236
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5348 -s 216
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
10⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 236
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10094.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52546.exe
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
10⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58253.exe
11⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
11⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
10⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 236
9⤵
PID:7152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
8⤵
- Program crash
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8683.exe
7⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26650.exe
8⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
9⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1134.exe
10⤵
PID:5628

C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59253.exe
11⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5628 -s 216
11⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
10⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 236
9⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
8⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
7⤵
- Program crash
PID:3392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
6⤵
- Program crash
PID:2388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
5⤵
- Program crash
PID:1296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34328.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19518.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46120.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
9⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11292.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21463.exe
11⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
12⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36154.exe
13⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16696.exe
14⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
14⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 236
13⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
12⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
11⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27959.exe
10⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14450.exe
12⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47132.exe
13⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
13⤵
PID:14032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
10⤵
PID:5356

C:\Users\Admin\AppData\Local\Temp\Unicorn-56964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56964.exe
9⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
10⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
11⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30796.exe
13⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
13⤵
PID:13496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
10⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2252 -s 240
9⤵
- Program crash
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2587.exe
8⤵
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-36794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36794.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
10⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50920.exe
11⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28803.exe
12⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28892.exe
13⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 220
13⤵
PID:13524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18035.exe
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16871.exe
10⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61789.exe
11⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
12⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
12⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 236
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
10⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31350.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
8⤵
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20196.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5116.exe
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27386.exe
11⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40496.exe
12⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8935.exe
13⤵
PID:14324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 236
9⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
9⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
10⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
11⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11031.exe
12⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
11⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 220
8⤵
- Program crash
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
7⤵
- Program crash
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4748.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
8⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
9⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 220
10⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
9⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1892 -s 216
8⤵
- Program crash
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
7⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26473.exe
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15992.exe
10⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
11⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51778.exe
12⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
10⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 236
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
8⤵
PID:4208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
7⤵
- Program crash
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 240
6⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61115.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14421.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3635.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2709.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
9⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50611.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55302.exe
11⤵
PID:6336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53127.exe
13⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:13796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6336 -s 216
12⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
11⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 236
10⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63252.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53198.exe
10⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25016.exe
11⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38312.exe
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
12⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
11⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9458.exe
8⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32703.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20582.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62624.exe
11⤵
PID:10124

C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9824.exe
12⤵
PID:13316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 216
12⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
8⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48381.exe
7⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62541.exe
8⤵
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53969.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36207.exe
10⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32535.exe
11⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11910.exe
12⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
11⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 236
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7217.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39041.exe
9⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
10⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28111.exe
11⤵
PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 216
10⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
8⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32446.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43083.exe
7⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3672.exe
8⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59589.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31822.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25893.exe
11⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48416.exe
12⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 216
12⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
11⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 236
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-549.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65117.exe
9⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29582.exe
10⤵
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27787.exe
11⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 216
11⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
10⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 240
8⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4362.exe
7⤵
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5292.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57589.exe
9⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63271.exe
10⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44809.exe
11⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
11⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
10⤵
PID:10476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 216
8⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
7⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
6⤵
- Program crash
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
5⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15443.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2133.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62980.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1900

C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36891.exe
8⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3100.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17581.exe
10⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21704.exe
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10236.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49991.exe
13⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 236
13⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
12⤵
PID:10316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
11⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 236
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18457.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-566.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26524.exe
11⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23403.exe
12⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 236
12⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
10⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
9⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48772.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13103.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48695.exe
11⤵
PID:9676

C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58752.exe
12⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9676 -s 216
12⤵
PID:13996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
11⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
9⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1900 -s 240
8⤵
- Program crash
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22121.exe
7⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8196.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-196.exe
9⤵
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 220
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
9⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6693.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
9⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39218.exe
10⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42382.exe
11⤵
PID:7720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
11⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
10⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
9⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 240
8⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
7⤵
- Program crash
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26254.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40782.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
10⤵
PID:7776

C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7776 -s 216
11⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 216
8⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32002.exe
8⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34956.exe
9⤵
PID:8872

C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42831.exe
10⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8872 -s 216
10⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
9⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
8⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
7⤵
PID:4108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
6⤵
- Program crash
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17488.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37404.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33891.exe
7⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48232.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15318.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29563.exe
10⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
11⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61490.exe
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
12⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
11⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
9⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59942.exe
8⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47733.exe
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 220
10⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
9⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
8⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
7⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20415.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1090.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2664.exe
10⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59193.exe
11⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 236
11⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
10⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
8⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
7⤵
- Program crash
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29837.exe
6⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5196.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47825.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
9⤵
PID:6412

C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16515.exe
10⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 220
11⤵
PID:13772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6412 -s 216
10⤵
PID:10928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
8⤵
PID:5404

C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39199.exe
7⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24031.exe
8⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54153.exe
9⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3336.exe
10⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
10⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
9⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 216
8⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
7⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
6⤵
- Program crash
PID:2760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
5⤵
- Program crash
PID:2720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-44552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44552.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24017.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47595.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22518.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49099.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34788.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61341.exe
11⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30991.exe
12⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20510.exe
13⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
12⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 236
9⤵
- Program crash
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2015.exe
8⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9265.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45477.exe
10⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
11⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
12⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5340 -s 216
11⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
9⤵
PID:4436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 240
8⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35922.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34169.exe
8⤵
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21554.exe
9⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
10⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61011.exe
11⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61790.exe
12⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
12⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 216
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 236
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11190.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37420.exe
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44181.exe
10⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60212.exe
10⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
11⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 216
11⤵
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 220
10⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 216
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
8⤵
PID:4804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
7⤵
- Program crash
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43479.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6463.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33318.exe
9⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3992.exe
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46962.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55582.exe
12⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
13⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4268 -s 216
11⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
10⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55461.exe
8⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
9⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51723.exe
10⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16250.exe
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
11⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
10⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
8⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52135.exe
7⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41986.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63385.exe
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
10⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-43417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43417.exe
11⤵
PID:11348

C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
12⤵
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
10⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
8⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
7⤵
- Program crash
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 240
6⤵
- Program crash
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50231.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7681.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48575.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41361.exe
8⤵
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62466.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3795.exe
10⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41005.exe
11⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8425.exe
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
11⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 216
9⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5377.exe
9⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18822.exe
10⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16048.exe
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
11⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
10⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
9⤵
PID:6436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
8⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
7⤵
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9789.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30041.exe
10⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20442.exe
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 216
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
10⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 216
8⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
7⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18538.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
7⤵
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20720.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15956.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32828.exe
10⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1631.exe
11⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61518.exe
12⤵
PID:13492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
11⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:7164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 236
8⤵
- Program crash
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-28264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28264.exe
7⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12463.exe
8⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41117.exe
9⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23383.exe
10⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
10⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
8⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
7⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 220
6⤵
- Program crash
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
5⤵
- Program crash
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52828.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61404.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25614.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
7⤵
- Executes dropped EXE
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42504.exe
8⤵
PID:3752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
8⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64552.exe
7⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23292.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45386.exe
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21701.exe
10⤵
PID:9020

C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64407.exe
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9020 -s 216
11⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
10⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
8⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
7⤵
- Program crash
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11325.exe
6⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13655.exe
7⤵
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8431.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40468.exe
9⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
10⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50412.exe
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
11⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
10⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
8⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15667.exe
8⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10751.exe
9⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41496.exe
10⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16724.exe
11⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
10⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
9⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
8⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
6⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5748.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36287.exe
6⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9592.exe
7⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31056.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43040.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
11⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
11⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
10⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
8⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44221.exe
7⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
8⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
9⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
10⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
10⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
9⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
8⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
7⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63899.exe
6⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38013.exe
7⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13713.exe
8⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53282.exe
9⤵
PID:9160

C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26666.exe
10⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9160 -s 216
10⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
9⤵
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
8⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
7⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 220
6⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
5⤵
- Program crash
PID:652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32307.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2585.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31736.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16261.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45082.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36409.exe
10⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
11⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18468.exe
12⤵
PID:10536

C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
13⤵
PID:13600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
12⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
11⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39814.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51097.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11491.exe
10⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52795.exe
11⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
11⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
8⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64423.exe
7⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15099.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14415.exe
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10984.exe
10⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 236
11⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
10⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 216
8⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16421.exe
6⤵
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44328.exe
7⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30222.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9393.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14938.exe
10⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48842.exe
11⤵
PID:11240

C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28103.exe
12⤵
PID:14076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 236
11⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 236
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
9⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58423.exe
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36717.exe
9⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59380.exe
10⤵
PID:10664

C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2791.exe
11⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
10⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
9⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 220
8⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15190.exe
7⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26795.exe
8⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27030.exe
9⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44965.exe
10⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
10⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
9⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
8⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
7⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 240
6⤵
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36811.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3496.exe
7⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53226.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11260.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7390.exe
10⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
11⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52278.exe
12⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
11⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
8⤵
- Program crash
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50242.exe
7⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54804.exe
8⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55936.exe
9⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49231.exe
10⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
10⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
9⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
8⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 220
7⤵
PID:4736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
6⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
5⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26229.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12325.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38928.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5068.exe
7⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62370.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8426.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52649.exe
10⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59901.exe
11⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28293.exe
12⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 236
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 236
9⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
8⤵
- Program crash
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
7⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
9⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43246.exe
10⤵
PID:10512

C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22272.exe
11⤵
PID:14276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 236
10⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
9⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
8⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
7⤵
- Program crash
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1015.exe
6⤵
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24506.exe
7⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48397.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45207.exe
9⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
10⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43134.exe
11⤵
PID:13408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
10⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
9⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
8⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 236
7⤵
- Program crash
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
6⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24158.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
6⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
7⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14618.exe
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41722.exe
9⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
10⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42939.exe
11⤵
PID:14044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
10⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
8⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
7⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19382.exe
6⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
7⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17992.exe
8⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51034.exe
9⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62566.exe
10⤵
PID:13556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
9⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 216
8⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
7⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 220
6⤵
- Program crash
PID:4508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
5⤵
- Program crash
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 240
4⤵
- Program crash
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
2⤵
- Program crash
PID:2404

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-26087.exe
Filesize
184KB

MD5
74da12021285290f86757263b83a3c89

SHA1
7504a6f5a8b128afc848be447749beca9a160f7f

SHA256
90d33ea32ebdfab4106a70bbbf9082f00a0bc550502228efb32ce56626317dd1

SHA512
6420113ab9ccfe9747b154bb6453e42e30fb90ad27f5018368aff6843290acd8fbead20f005637c5fd010ae45cad11d20220c4db9fbef3c061bb197150b28980

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33227.exe
Filesize
184KB

MD5
5f04dbc894abf553971c79c028a31f15

SHA1
d0985c1e20e22f46b68a66ea20b5470ce89bc9c8

SHA256
de062a2bc422e08fb34f63f5b6e30638e2d6ef431f1d88724a046206f5f81430

SHA512
b241b33540ca068f40e8e1e068a0a5a1603cf37ff91300d669c178abc1f8f75dafb4c9094d55879dcbde549604cb7dcd932c5bbc6bebf9bd23daa32f9141c730

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3972.exe
Filesize
184KB

MD5
0fcb7fbc7d10c9ffd568e76b19cb5abc

SHA1
ec5c1b55e7367fc0cb3e09906037d29b820528aa

SHA256
0910211882c38f57cb358fbfa1129331c1f88de98d4869c600d701d269dbdd2b

SHA512
984163de948d7e80d26bf3d63694ef11ef68c779a0d914c174a767f5c6bbdf14fff2e90a304b6bf71256772a9f2ef751ae30d5c7811fcdd750b592abed5dba50

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40338.exe
Filesize
184KB

MD5
425d4ed71937c5caf0c4894bd55a1ec9

SHA1
6344009ab8d9ac5602bf799b996ee2e1e4b6e476

SHA256
4db80d659f5c28d4df7fec004bbc077d586fe261fdfd6255a41416cd26f17293

SHA512
b10797ff7c7c53f204c50198eafdde96fd9e2410b8f3909f765c801a4526bb36211a9816f5d5e2910a928b2227125d3d48fa2b00981254b497b90550c801eac3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40612.exe
Filesize
184KB

MD5
9cac194d437ba5b3dc77cbf4ad701196

SHA1
b66a7ad95404f6131d34d733ad7bdf64fe2f56e9

SHA256
a2c000673755b8b3dddb0318fc63462172fb3750e5a9d5e5c57dc2afea255854

SHA512
5965e6beece030b3d332806eaf9e39b592ccb731efd564d52855b5a513d01d8502fcbc82c41fab659f755be8878eec5d4202547b731ab73e4b9c0d8549a14b32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
Filesize
184KB

MD5
30892d0d439664538d01bfadff68271a

SHA1
672871330053e7796c7ac071c95ba9422bcaa663

SHA256
1762d5b2f91d8d23bbe7cbcebfef821070ed5adb4ec58aff8a5797d7a590cd85

SHA512
38690c30af55df6ce923f796956f8906ca59f0170dcfe1afd7ec295004dc425eafdd4a5d0705fc0b4af7348016e0a4d5500b6c03d7e6398e5f02e97e95262734

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48128.exe
Filesize
184KB

MD5
0711bc3a026e2aee4c0b1e7593fc05eb

SHA1
aceebdd9b87c2a1fed01ba425e9dc6e58f389755

SHA256
a2dbf15219c20dd6483e3abfe3f39965f1f8c3a76b62a1dc4dc5b4974c987fb3

SHA512
654220a0cfda3ecb59240163c83c295ba0c75be325a00bd32a4fd4d4750f366059542c2c953a3316d534e2bca9f7e3a6287a70927e643576cdebc75439b98548

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
Filesize
184KB

MD5
3a4ce22173bbc8135ba89605b9598728

SHA1
6bec93ce3d137f5e396fc8b1ffb5b5cbc44c4546

SHA256
2c88edea09a5f1f06ffc421126bb39496344ed590b35c31ec0ab6af5f242a70d

SHA512
3d1a7dd02e69be343328f3a0ec14e602b32443123394a149e2acebbb58af3d93b9903a74c24b7543edd2b0305e37c9b1f78e0396737668d9466e23d0c1283fde

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5498.exe
Filesize
184KB

MD5
997e82be0df19fcbbed768b2b50f6be6

SHA1
34e565f1fdf74ed63d32db37e03d241e7caa6af3

SHA256
e3be57b087ae0145dd8d19f4916f9c693820664fc2fc42cbf09658d862b35e37

SHA512
2ff708b25fb8769cfdad1531519f4441285efd7a244264d0ade243984593ae518b5ddbcf914b7629baae25303bf50d6620fc3f27d8c12a5cdb51fd58c7669c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6362.exe
Filesize
184KB

MD5
7aec6922f74af366e5678ed8984589bc

SHA1
999c555aa4a11baa4173e7fc9b87ca9c6be06bdf

SHA256
11955a3e81dd11fda63a7090ff1064b494d4df36b7c500a5d3151bb72f49a067

SHA512
203e259440e563f24dab4da514aaa6c2466eb7bbd966c3227b7095a8a2c39f9fcbea028863a676285497349eff242ea51e82b9ccea0554210fcc5ebbe28a8540

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64417.exe
Filesize
184KB

MD5
a4e15161faf71de813390f3eee8d7f38

SHA1
4e3e3a94d07968437543a54818b12970aaa690bf

SHA256
eda9bdb4a7933d571d963e7301da53051994d49915e98f6e2179ae7945ef850a

SHA512
9a71807ebfe55104ec6eba3f7a9d06e50177a07628a9d17ae701eb8d69262d99950aa6d5f303675be259fd100cd3d5cbd4b0c7440b14030ecc51d47ab2ae443e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27596.exe
Filesize
184KB

MD5
62cb529684b18160ad364d072255f352

SHA1
b4be4ecfafcfa8369147cdf382c18329d54d33b3

SHA256
224e8a730e601d58a1e433d3688d2aa3515fa559caa3df314e857edbfad38c2a

SHA512
dd4ae0cac574466d3ec3dd30832d19757204b5e0ef248367e6ac2ad6aee6d41b126d8f656fe569d6f40b98d30ab51a7fb161aa0d100f7ae47940702f1ca11743

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28262.exe
Filesize
184KB

MD5
e948bdde644578ca60af4eb333c563e4

SHA1
6913befcb105bd5814d5ac871a38672db19ab2ed

SHA256
771f1799378f301ed678374e7137bd545f3112e1827ded22afad38084ae50c2b

SHA512
9359d8a6ca43edcdfb4ab890f064954b026271cab4ce568326d9aca28fe9c4dc94cbd76f91c581ce764b78685d3ba700d3c61a5494e9c9a82a179a35f18d10cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31707.exe
Filesize
184KB

MD5
3e3d1905c7d0825e6076e67f9e7a78eb

SHA1
0fad5918c2e3936119bc3d443177a6511d1c8496

SHA256
cb98f18f68251469b517ec742ff68a4bf6b9494a40591a9371505ed0cf24934a

SHA512
610abda9b1c0a8086ecc92ccc6833ec8af2bfd9a923b6e180dc69c40dade4e11bac6b4dc11adaf387f1ffed3bf3e99358574335450175571bb483f4b697825d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39015.exe
Filesize
184KB

MD5
93971be7759aae9046c617dd48f13ffd

SHA1
1ddd147a8e61400e48908252309c695beab286e4

SHA256
abfae0e6ebf5e5598839440f7f5a590aba7439e99560112a40808a8775ff5d0e

SHA512
b87796f55960a653928611a2370cc2f8112fdc18beb3f9116892e702433c5ed19dbac0a19ca23e08cecd0e9f026cc05a7affa72ba23690b495f7354dd45e6b77

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39438.exe
Filesize
184KB

MD5
aad418e0a0eae80adaa54737d675cd8e

SHA1
8a7ace40f187880f1c3789362209b9b7e710eb75

SHA256
653bc8db171fe27e9fd114768f1881ce467afe1c5e02e9fce0e316dbbe3a7dba

SHA512
7e841cbf4b382fc8e29ca629fe18f936e3e4cd30f392185641844a7891f5160d83451ab09f63da2174b80d542811362ca64649ed98ed7fa557badf9af0bec036

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40973.exe
Filesize
184KB

MD5
4cd623476f608cd168ab3320fccef218

SHA1
6cf8d50058e6625305aeed9a799cc70c1bc35ac5

SHA256
10fc4c5394f4ecd3e18421f7d8d6f9c895c6602361ee938b81674a58e86fd0d9

SHA512
00ae2b0929ada144ba0ae037077d8bf46c3a7d48c1c4d63fa8eb43885c80336238615201a058fc8bbe4e37cc5e47975be8daeb2f9b684a9724ee33e0f520fd1d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44552.exe
Filesize
184KB

MD5
2b828203230699edf5aa8c122ddc95a2

SHA1
2f7af7cfdb30bc21bafeb3a1d4acb3869afba8b0

SHA256
6b1fc39f24bc0a17c5be6ef074ce6967cbf4183727d69cb9a9c5fa5a9f504414

SHA512
ab14abc1a343b1ab692ca9afd58ce7ffd7f8a954923a528e643a733a542e999fec84a06ac78e621abe72928f6340d81d0d988ea965d7f9e23cb3cb29e8a16d76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
Filesize
184KB

MD5
4734cba6cca05ff5fe2a1886481b8d2a

SHA1
a6ac19fbc319a1dd05e67876de1932b6e6dbf946

SHA256
056b266475d619da93cf66b2bb8c10661250e4ea560cece55a9e624e88d93f61

SHA512
98b19000b3330b57941990a90b2ca211cc0cc229fc0c5fbfcc0d10bf9479c0e14ea63930e5a698f231a42ad4af956c720262c0a679329d6d5597e77879e79aa2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53261.exe
Filesize
184KB

MD5
b444ab64444ab15f2eb7b2dee06def0b

SHA1
57d4b09e66bf8137a15ebc443ad2e4618bd7c916

SHA256
68a13d0aff957d6f2f61c9eae8cd2db033b386cb3d846edb2072b635353a293e

SHA512
f33802f3eac51c5126283bb58834217e7d71087045be068de30503e5fbd8a535a16313128872b397010c089a1a89337622bf2a2065d122c24634af681dd2bf64

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-59304.exe
Filesize
184KB

MD5
c8e48ad05c3540e35c0ddae06cf45c64

SHA1
e1c1a1ce874f26762089472857071b544e2c55ca

SHA256
fd80593158323c40b64d91ca7cf6e7a4bd161d879e85fe0f4664d747f05a4c3c

SHA512
b1309e81f2197b1c61858fe64075f13b5ceac60c6a08310bd78cf34c3aaaaa051543a9d72a008f4584014a72bbd14275b6402b96ad37563c887aefc91735a060

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads