a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
Size

184KB
MD5

415532b21869a2c9ba77fa447bbc33da
SHA1

b364226176559eeaf43dde0bda9e77aab3d9d3d8
SHA256

a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c
SHA512

41e7dec33b5cd72ddc0bf8ac61aba507b42554bfbefc2d82144c1fb9ab1709afd742cd89d3bb595f5725dd7ce1d4096034cef4886616e4f2fe799963f938bbd5
SSDEEP

3072:47a3Jxo4+JO/dGgIeD7LRXsthlnViF5n3:47uoIlGgjL9sthlnViF5

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-44841.exeUnicorn-53435.exeUnicorn-33569.exeUnicorn-32333.exeUnicorn-30448.exeUnicorn-65389.exeUnicorn-60169.exeUnicorn-5301.exeUnicorn-40076.exeUnicorn-20018.exeUnicorn-48094.exeUnicorn-28228.exeUnicorn-1114.exeUnicorn-16574.exeUnicorn-25243.exeUnicorn-38241.exeUnicorn-42285.exeUnicorn-57744.exeUnicorn-22227.exeUnicorn-30992.exeUnicorn-18570.exeUnicorn-29238.exeUnicorn-51434.exeUnicorn-51434.exeUnicorn-14739.exeUnicorn-25327.exeUnicorn-38517.exeUnicorn-10635.exeUnicorn-59151.exeUnicorn-6421.exeUnicorn-56655.exeUnicorn-58793.exeUnicorn-58793.exeUnicorn-9099.exeUnicorn-54579.exeUnicorn-41772.exeUnicorn-26889.exeUnicorn-7023.exeUnicorn-22482.exeUnicorn-1536.exeUnicorn-31556.exeUnicorn-17188.exeUnicorn-19134.exeUnicorn-12039.exeUnicorn-64577.exeUnicorn-29828.exeUnicorn-49694.exeUnicorn-38459.exeUnicorn-1572.exeUnicorn-54494.exeUnicorn-19361.exeUnicorn-55070.exeUnicorn-37342.exeUnicorn-4250.exeUnicorn-49922.exeUnicorn-37115.exeUnicorn-21464.exeUnicorn-17057.exeUnicorn-52766.exeUnicorn-35038.exeUnicorn-54904.exeUnicorn-62704.exeUnicorn-30416.exeUnicorn-60400.exe

pid	process
3020	Unicorn-44841.exe
2620	Unicorn-53435.exe
2760	Unicorn-33569.exe
2780	Unicorn-32333.exe
2404	Unicorn-30448.exe
2492	Unicorn-65389.exe
2728	Unicorn-60169.exe
2724	Unicorn-5301.exe
1588	Unicorn-40076.exe
1260	Unicorn-20018.exe
1688	Unicorn-48094.exe
2956	Unicorn-28228.exe
1920	Unicorn-1114.exe
1844	Unicorn-16574.exe
592	Unicorn-25243.exe
772	Unicorn-38241.exe
2432	Unicorn-42285.exe
2272	Unicorn-57744.exe
1104	Unicorn-22227.exe
1448	Unicorn-30992.exe
1476	Unicorn-18570.exe
960	Unicorn-29238.exe
816	Unicorn-51434.exe
2312	Unicorn-51434.exe
380	Unicorn-14739.exe
1748	Unicorn-25327.exe
904	Unicorn-38517.exe
1896	Unicorn-10635.exe
1524	Unicorn-59151.exe
2800	Unicorn-6421.exe
2268	Unicorn-56655.exe
2116	Unicorn-58793.exe
2588	Unicorn-58793.exe
2632	Unicorn-9099.exe
2672	Unicorn-54579.exe
2844	Unicorn-41772.exe
2652	Unicorn-26889.exe
2648	Unicorn-7023.exe
2364	Unicorn-22482.exe
2136	Unicorn-1536.exe
1864	Unicorn-31556.exe
236	Unicorn-17188.exe
1416	Unicorn-19134.exe
2024	Unicorn-12039.exe
2940	Unicorn-64577.exe
2980	Unicorn-29828.exe
856	Unicorn-49694.exe
536	Unicorn-38459.exe
1412	Unicorn-1572.exe
2936	Unicorn-54494.exe
1044	Unicorn-19361.exe
1176	Unicorn-55070.exe
780	Unicorn-37342.exe
1888	Unicorn-4250.exe
2176	Unicorn-49922.exe
924	Unicorn-37115.exe
3048	Unicorn-21464.exe
568	Unicorn-17057.exe
2444	Unicorn-52766.exe
1660	Unicorn-35038.exe
1500	Unicorn-54904.exe
2452	Unicorn-62704.exe
2080	Unicorn-30416.exe
2020	Unicorn-60400.exe

Loads dropped DLL 64 IoCs

Processes:

a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exeUnicorn-44841.exeUnicorn-53435.exeUnicorn-33569.exeWerFault.exeUnicorn-32333.exeUnicorn-30448.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-60169.exeUnicorn-5301.exeUnicorn-20018.exeUnicorn-40076.exeWerFault.exeWerFault.exeUnicorn-28228.exe

pid	process
3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
3020	Unicorn-44841.exe
3020	Unicorn-44841.exe
3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
2620	Unicorn-53435.exe
2620	Unicorn-53435.exe
3020	Unicorn-44841.exe
3020	Unicorn-44841.exe
2760	Unicorn-33569.exe
2760	Unicorn-33569.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2152	WerFault.exe
2780	Unicorn-32333.exe
2780	Unicorn-32333.exe
2620	Unicorn-53435.exe
2620	Unicorn-53435.exe
2404	Unicorn-30448.exe
2404	Unicorn-30448.exe
2760	Unicorn-33569.exe
2760	Unicorn-33569.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
2128	WerFault.exe
880	WerFault.exe
880	WerFault.exe
880	WerFault.exe
880	WerFault.exe
880	WerFault.exe
1188	WerFault.exe
1188	WerFault.exe
1188	WerFault.exe
1188	WerFault.exe
1188	WerFault.exe
2728	Unicorn-60169.exe
2728	Unicorn-60169.exe
2780	Unicorn-32333.exe
2780	Unicorn-32333.exe
2724	Unicorn-5301.exe
2724	Unicorn-5301.exe
1260	Unicorn-20018.exe
1260	Unicorn-20018.exe
1588	Unicorn-40076.exe
1588	Unicorn-40076.exe
2404	Unicorn-30448.exe
2404	Unicorn-30448.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
2956	Unicorn-28228.exe
2956	Unicorn-28228.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
1952	3012	WerFault.exe	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
2152	3020	WerFault.exe	Unicorn-44841.exe
2128	2492	WerFault.exe	Unicorn-65389.exe
880	2620	WerFault.exe	Unicorn-53435.exe
1188	2760	WerFault.exe	Unicorn-33569.exe
560	2780	WerFault.exe	Unicorn-32333.exe
1788	2404	WerFault.exe	Unicorn-30448.exe
700	2728	WerFault.exe	Unicorn-60169.exe
2564	2724	WerFault.exe	Unicorn-5301.exe
1676	1260	WerFault.exe	Unicorn-20018.exe
1000	1588	WerFault.exe	Unicorn-40076.exe
1556	2956	WerFault.exe	Unicorn-28228.exe
2804	1688	WerFault.exe	Unicorn-48094.exe
1624	1844	WerFault.exe	Unicorn-16574.exe
2836	772	WerFault.exe	Unicorn-38241.exe
1368	592	WerFault.exe	Unicorn-25243.exe
2676	2432	WerFault.exe	Unicorn-42285.exe
2612	1104	WerFault.exe	Unicorn-22227.exe
3028	2272	WerFault.exe	Unicorn-57744.exe
2644	1448	WerFault.exe	Unicorn-30992.exe
2556	1476	WerFault.exe	Unicorn-18570.exe
2544	960	WerFault.exe	Unicorn-29238.exe
2168	380	WerFault.exe	Unicorn-14739.exe
352	816	WerFault.exe	Unicorn-51434.exe
2848	2312	WerFault.exe	Unicorn-51434.exe
2716	1748	WerFault.exe	Unicorn-25327.exe
1608	904	WerFault.exe	Unicorn-38517.exe
1180	1896	WerFault.exe	Unicorn-10635.exe
2308	1524	WerFault.exe	Unicorn-59151.exe
2948	2800	WerFault.exe	Unicorn-6421.exe
1928	2268	WerFault.exe	Unicorn-56655.exe
1064	2632	WerFault.exe	Unicorn-9099.exe
3036	2116	WerFault.exe	Unicorn-58793.exe
848	2588	WerFault.exe	Unicorn-58793.exe
1432	2672	WerFault.exe	Unicorn-54579.exe
892	2844	WerFault.exe	Unicorn-41772.exe
1932	2652	WerFault.exe	Unicorn-26889.exe
1960	2364	WerFault.exe	Unicorn-22482.exe
1712	2648	WerFault.exe	Unicorn-7023.exe
3200	1416	WerFault.exe	Unicorn-19134.exe
3252	2136	WerFault.exe	Unicorn-1536.exe
3428	856	WerFault.exe	Unicorn-49694.exe
3440	1864	WerFault.exe	Unicorn-31556.exe
3452	2024	WerFault.exe	Unicorn-12039.exe
3548	1412	WerFault.exe	Unicorn-1572.exe
3580	2980	WerFault.exe	Unicorn-29828.exe
3596	1660	WerFault.exe	Unicorn-35038.exe
3632	568	WerFault.exe	Unicorn-17057.exe
3280	1044	WerFault.exe	Unicorn-19361.exe
3324	2444	WerFault.exe	Unicorn-52766.exe
3388	924	WerFault.exe	Unicorn-37115.exe
3604	2264	WerFault.exe	Unicorn-17587.exe
3680	2452	WerFault.exe	Unicorn-62704.exe
3080	2660	WerFault.exe	Unicorn-36336.exe
3168	1888	WerFault.exe	Unicorn-4250.exe
3284	1484	WerFault.exe	Unicorn-24023.exe
3912	2176	WerFault.exe	Unicorn-49922.exe
3928	664	WerFault.exe	Unicorn-22954.exe
3140	1868	WerFault.exe	Unicorn-20410.exe
3156	2880	WerFault.exe	Unicorn-24826.exe
4036	2968	WerFault.exe	Unicorn-26135.exe
1964	2224	WerFault.exe	Unicorn-7037.exe
4068	1704	WerFault.exe	Unicorn-56887.exe
4116	1424	WerFault.exe	Unicorn-22295.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exeUnicorn-44841.exeUnicorn-53435.exeUnicorn-33569.exeUnicorn-32333.exeUnicorn-30448.exeUnicorn-65389.exeUnicorn-60169.exeUnicorn-5301.exeUnicorn-20018.exeUnicorn-40076.exeUnicorn-48094.exeUnicorn-28228.exeUnicorn-16574.exeUnicorn-25243.exeUnicorn-38241.exeUnicorn-42285.exeUnicorn-57744.exeUnicorn-22227.exeUnicorn-30992.exeUnicorn-18570.exeUnicorn-29238.exeUnicorn-51434.exeUnicorn-14739.exeUnicorn-51434.exeUnicorn-25327.exeUnicorn-38517.exeUnicorn-10635.exeUnicorn-59151.exeUnicorn-6421.exeUnicorn-56655.exeUnicorn-58793.exeUnicorn-9099.exeUnicorn-58793.exeUnicorn-54579.exeUnicorn-41772.exeUnicorn-26889.exeUnicorn-7023.exeUnicorn-22482.exeUnicorn-1536.exeUnicorn-31556.exeUnicorn-17188.exeUnicorn-19134.exeUnicorn-12039.exeUnicorn-64577.exeUnicorn-29828.exeUnicorn-49694.exeUnicorn-38459.exeUnicorn-1572.exeUnicorn-19361.exeUnicorn-54494.exeUnicorn-37342.exeUnicorn-55070.exeUnicorn-4250.exeUnicorn-49922.exeUnicorn-21464.exeUnicorn-37115.exeUnicorn-52766.exeUnicorn-17057.exeUnicorn-35038.exeUnicorn-54904.exeUnicorn-62704.exeUnicorn-30416.exeUnicorn-60400.exe

pid	process
3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
3020	Unicorn-44841.exe
2620	Unicorn-53435.exe
2760	Unicorn-33569.exe
2780	Unicorn-32333.exe
2404	Unicorn-30448.exe
2492	Unicorn-65389.exe
2728	Unicorn-60169.exe
2724	Unicorn-5301.exe
1260	Unicorn-20018.exe
1588	Unicorn-40076.exe
1688	Unicorn-48094.exe
2956	Unicorn-28228.exe
1844	Unicorn-16574.exe
592	Unicorn-25243.exe
772	Unicorn-38241.exe
2432	Unicorn-42285.exe
2272	Unicorn-57744.exe
1104	Unicorn-22227.exe
1448	Unicorn-30992.exe
1476	Unicorn-18570.exe
960	Unicorn-29238.exe
816	Unicorn-51434.exe
380	Unicorn-14739.exe
2312	Unicorn-51434.exe
1748	Unicorn-25327.exe
904	Unicorn-38517.exe
1896	Unicorn-10635.exe
1524	Unicorn-59151.exe
2800	Unicorn-6421.exe
2268	Unicorn-56655.exe
2588	Unicorn-58793.exe
2632	Unicorn-9099.exe
2116	Unicorn-58793.exe
2672	Unicorn-54579.exe
2844	Unicorn-41772.exe
2652	Unicorn-26889.exe
2648	Unicorn-7023.exe
2364	Unicorn-22482.exe
2136	Unicorn-1536.exe
1864	Unicorn-31556.exe
236	Unicorn-17188.exe
1416	Unicorn-19134.exe
2024	Unicorn-12039.exe
2940	Unicorn-64577.exe
2980	Unicorn-29828.exe
856	Unicorn-49694.exe
536	Unicorn-38459.exe
1412	Unicorn-1572.exe
1044	Unicorn-19361.exe
2936	Unicorn-54494.exe
780	Unicorn-37342.exe
1176	Unicorn-55070.exe
1888	Unicorn-4250.exe
2176	Unicorn-49922.exe
3048	Unicorn-21464.exe
924	Unicorn-37115.exe
2444	Unicorn-52766.exe
568	Unicorn-17057.exe
1660	Unicorn-35038.exe
1500	Unicorn-54904.exe
2452	Unicorn-62704.exe
2080	Unicorn-30416.exe
2020	Unicorn-60400.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exeUnicorn-44841.exeUnicorn-53435.exeUnicorn-33569.exeUnicorn-32333.exeUnicorn-30448.exeUnicorn-65389.exeUnicorn-60169.exe

description	pid	process	target process
PID 3012 wrote to memory of 3020	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-44841.exe
PID 3012 wrote to memory of 3020	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-44841.exe
PID 3012 wrote to memory of 3020	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-44841.exe
PID 3012 wrote to memory of 3020	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-44841.exe
PID 3020 wrote to memory of 2620	3020	Unicorn-44841.exe	Unicorn-53435.exe
PID 3020 wrote to memory of 2620	3020	Unicorn-44841.exe	Unicorn-53435.exe
PID 3020 wrote to memory of 2620	3020	Unicorn-44841.exe	Unicorn-53435.exe
PID 3020 wrote to memory of 2620	3020	Unicorn-44841.exe	Unicorn-53435.exe
PID 3012 wrote to memory of 2760	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-33569.exe
PID 3012 wrote to memory of 2760	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-33569.exe
PID 3012 wrote to memory of 2760	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-33569.exe
PID 3012 wrote to memory of 2760	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	Unicorn-33569.exe
PID 3012 wrote to memory of 1952	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	WerFault.exe
PID 3012 wrote to memory of 1952	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	WerFault.exe
PID 3012 wrote to memory of 1952	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	WerFault.exe
PID 3012 wrote to memory of 1952	3012	a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe	WerFault.exe
PID 2620 wrote to memory of 2780	2620	Unicorn-53435.exe	Unicorn-32333.exe
PID 2620 wrote to memory of 2780	2620	Unicorn-53435.exe	Unicorn-32333.exe
PID 2620 wrote to memory of 2780	2620	Unicorn-53435.exe	Unicorn-32333.exe
PID 2620 wrote to memory of 2780	2620	Unicorn-53435.exe	Unicorn-32333.exe
PID 3020 wrote to memory of 2404	3020	Unicorn-44841.exe	Unicorn-30448.exe
PID 3020 wrote to memory of 2404	3020	Unicorn-44841.exe	Unicorn-30448.exe
PID 3020 wrote to memory of 2404	3020	Unicorn-44841.exe	Unicorn-30448.exe
PID 3020 wrote to memory of 2404	3020	Unicorn-44841.exe	Unicorn-30448.exe
PID 2760 wrote to memory of 2492	2760	Unicorn-33569.exe	Unicorn-65389.exe
PID 2760 wrote to memory of 2492	2760	Unicorn-33569.exe	Unicorn-65389.exe
PID 2760 wrote to memory of 2492	2760	Unicorn-33569.exe	Unicorn-65389.exe
PID 2760 wrote to memory of 2492	2760	Unicorn-33569.exe	Unicorn-65389.exe
PID 3020 wrote to memory of 2152	3020	Unicorn-44841.exe	WerFault.exe
PID 3020 wrote to memory of 2152	3020	Unicorn-44841.exe	WerFault.exe
PID 3020 wrote to memory of 2152	3020	Unicorn-44841.exe	WerFault.exe
PID 3020 wrote to memory of 2152	3020	Unicorn-44841.exe	WerFault.exe
PID 2780 wrote to memory of 2728	2780	Unicorn-32333.exe	Unicorn-60169.exe
PID 2780 wrote to memory of 2728	2780	Unicorn-32333.exe	Unicorn-60169.exe
PID 2780 wrote to memory of 2728	2780	Unicorn-32333.exe	Unicorn-60169.exe
PID 2780 wrote to memory of 2728	2780	Unicorn-32333.exe	Unicorn-60169.exe
PID 2620 wrote to memory of 2724	2620	Unicorn-53435.exe	Unicorn-5301.exe
PID 2620 wrote to memory of 2724	2620	Unicorn-53435.exe	Unicorn-5301.exe
PID 2620 wrote to memory of 2724	2620	Unicorn-53435.exe	Unicorn-5301.exe
PID 2620 wrote to memory of 2724	2620	Unicorn-53435.exe	Unicorn-5301.exe
PID 2404 wrote to memory of 1588	2404	Unicorn-30448.exe	Unicorn-40076.exe
PID 2404 wrote to memory of 1588	2404	Unicorn-30448.exe	Unicorn-40076.exe
PID 2404 wrote to memory of 1588	2404	Unicorn-30448.exe	Unicorn-40076.exe
PID 2404 wrote to memory of 1588	2404	Unicorn-30448.exe	Unicorn-40076.exe
PID 2492 wrote to memory of 2128	2492	Unicorn-65389.exe	WerFault.exe
PID 2492 wrote to memory of 2128	2492	Unicorn-65389.exe	WerFault.exe
PID 2492 wrote to memory of 2128	2492	Unicorn-65389.exe	WerFault.exe
PID 2492 wrote to memory of 2128	2492	Unicorn-65389.exe	WerFault.exe
PID 2760 wrote to memory of 1260	2760	Unicorn-33569.exe	Unicorn-20018.exe
PID 2760 wrote to memory of 1260	2760	Unicorn-33569.exe	Unicorn-20018.exe
PID 2760 wrote to memory of 1260	2760	Unicorn-33569.exe	Unicorn-20018.exe
PID 2760 wrote to memory of 1260	2760	Unicorn-33569.exe	Unicorn-20018.exe
PID 2620 wrote to memory of 880	2620	Unicorn-53435.exe	WerFault.exe
PID 2620 wrote to memory of 880	2620	Unicorn-53435.exe	WerFault.exe
PID 2620 wrote to memory of 880	2620	Unicorn-53435.exe	WerFault.exe
PID 2620 wrote to memory of 880	2620	Unicorn-53435.exe	WerFault.exe
PID 2760 wrote to memory of 1188	2760	Unicorn-33569.exe	WerFault.exe
PID 2760 wrote to memory of 1188	2760	Unicorn-33569.exe	WerFault.exe
PID 2760 wrote to memory of 1188	2760	Unicorn-33569.exe	WerFault.exe
PID 2760 wrote to memory of 1188	2760	Unicorn-33569.exe	WerFault.exe
PID 2728 wrote to memory of 1688	2728	Unicorn-60169.exe	Unicorn-48094.exe
PID 2728 wrote to memory of 1688	2728	Unicorn-60169.exe	Unicorn-48094.exe
PID 2728 wrote to memory of 1688	2728	Unicorn-60169.exe	Unicorn-48094.exe
PID 2728 wrote to memory of 1688	2728	Unicorn-60169.exe	Unicorn-48094.exe

C:\Users\Admin\AppData\Local\Temp\a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe
"C:\Users\Admin\AppData\Local\Temp\a994a6e69595b29dac58aa267b46cc01c3f284bf8d8747e03f5031b49da88f3c.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59151.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64577.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56887.exe
10⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63901.exe
11⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
12⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29520.exe
13⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24055.exe
14⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19401.exe
15⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 216
15⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
14⤵
PID:10380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
13⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
12⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 236
11⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44612.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35914.exe
11⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57255.exe
12⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15813.exe
13⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50502.exe
14⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
14⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
13⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
12⤵
PID:8480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
11⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1853.exe
9⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40103.exe
10⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6375.exe
11⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39987.exe
12⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29431.exe
13⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47639.exe
14⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
14⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
13⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
12⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
11⤵
PID:5804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
10⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
9⤵
- Program crash
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21719.exe
9⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8473.exe
10⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23444.exe
11⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20260.exe
12⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
13⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55870.exe
14⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
14⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
13⤵
PID:11328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
12⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
11⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 236
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3305.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3987.exe
11⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-44366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44366.exe
12⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12833.exe
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 216
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6420 -s 216
12⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
11⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
10⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
9⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
8⤵
- Program crash
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6421.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49694.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:856

C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22954.exe
9⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
10⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
11⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24314.exe
12⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29453.exe
13⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
14⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
14⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
13⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
12⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
11⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
10⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
11⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
12⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33645.exe
13⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
14⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
14⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 220
13⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
12⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
11⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 240
10⤵
- Program crash
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43792.exe
9⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19154.exe
10⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24039.exe
11⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38384.exe
12⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19371.exe
13⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
13⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
12⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
11⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
10⤵
PID:5268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 220
9⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36336.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10341.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57695.exe
10⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5166.exe
11⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40298.exe
12⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62233.exe
13⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
14⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 204
14⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 216
13⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 236
12⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
11⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-147.exe
11⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
12⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9291.exe
13⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
13⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 236
12⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 236
11⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 240
10⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
9⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
8⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22227.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10635.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62704.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
10⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
11⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20391.exe
12⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61357.exe
13⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14798.exe
14⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 216
14⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
13⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
12⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
11⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15515.exe
10⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
11⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31248.exe
12⤵
PID:6620

C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
13⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
14⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
14⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6620 -s 216
13⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 216
12⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
11⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
10⤵
- Program crash
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16072.exe
9⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2900.exe
10⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
11⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50553.exe
12⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42764.exe
13⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 220
13⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
12⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
11⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
10⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 240
9⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58516.exe
8⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5294.exe
9⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36341.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56837.exe
11⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15404.exe
12⤵
PID:6544

C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
13⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8147.exe
14⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 220
14⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6544 -s 220
13⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
12⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
11⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38315.exe
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13292.exe
11⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-588.exe
12⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 220
12⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
11⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34072.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22010.exe
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42260.exe
11⤵
PID:8956

C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60797.exe
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8956 -s 220
12⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
11⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
9⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
8⤵
- Program crash
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12039.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10325.exe
8⤵
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55258.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
11⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
11⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
9⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 216
8⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
7⤵
- Program crash
PID:2612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
6⤵
- Program crash
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42285.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25327.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1536.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60400.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13963.exe
10⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-53938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53938.exe
11⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37988.exe
12⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
13⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26205.exe
14⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
14⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
13⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
12⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
11⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13979.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24231.exe
11⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7055.exe
12⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37388.exe
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
13⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 216
12⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
11⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9557.exe
9⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52594.exe
10⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61885.exe
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57335.exe
12⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44762.exe
13⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6036 -s 216
12⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
11⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
10⤵
PID:5440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
9⤵
- Program crash
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17587.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14731.exe
9⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
10⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55969.exe
11⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9060.exe
12⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41077.exe
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 236
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
11⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
10⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36376.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57164.exe
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48269.exe
11⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12461.exe
12⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20361.exe
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
13⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
12⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
9⤵
- Program crash
PID:3604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
8⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31556.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24023.exe
8⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30217.exe
9⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56242.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23086.exe
11⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
12⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52368.exe
13⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38480.exe
14⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 220
14⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
13⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
12⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
11⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5157.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47621.exe
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22198.exe
11⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63603.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
13⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
13⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
12⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
9⤵
- Program crash
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43599.exe
8⤵
PID:1396

C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36921.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9438.exe
11⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51909.exe
12⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38554.exe
13⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 236
11⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
10⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1396 -s 236
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
8⤵
- Program crash
PID:3440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
7⤵
- Program crash
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38517.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17188.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:236

C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30416.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37199.exe
9⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18962.exe
10⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21818.exe
11⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24279.exe
12⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45338.exe
13⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 220
13⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 216
12⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
11⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 236
10⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31768.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39524.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57911.exe
11⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38156.exe
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 220
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
11⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35314.exe
8⤵
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
7⤵
- Program crash
PID:1608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
6⤵
- Program crash
PID:1556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
5⤵
- Executes dropped EXE
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30992.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56655.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38459.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
8⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33533.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
11⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
12⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
13⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
12⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
11⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
9⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61633.exe
8⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4528.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62968.exe
10⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
11⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18752.exe
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
9⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 240
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24826.exe
7⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38021.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58181.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49395.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52944.exe
11⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
10⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
9⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 216
8⤵
- Program crash
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
- Program crash
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1572.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64653.exe
7⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57119.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14329.exe
9⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39956.exe
10⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52442.exe
11⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
11⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
10⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 216
7⤵
- Program crash
PID:3548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
6⤵
- Program crash
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
5⤵
- Program crash
PID:2564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25243.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26889.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
9⤵
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54275.exe
10⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38519.exe
11⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37281.exe
12⤵
PID:7108

C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60381.exe
13⤵
PID:9452

C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10654.exe
14⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9452 -s 216
14⤵
PID:12472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7108 -s 216
13⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 236
11⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1548 -s 216
10⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17289.exe
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
11⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8460.exe
12⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48407.exe
13⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
13⤵
PID:12932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 216
12⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
11⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
10⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 220
9⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57307.exe
8⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8774.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13168.exe
10⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26866.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44086.exe
12⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34422.exe
13⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 216
13⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
12⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
11⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 236
9⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
8⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35038.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
8⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6745.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35857.exe
10⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
11⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23417.exe
12⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19923.exe
13⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 216
13⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 220
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 216
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18765.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19343.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
11⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1216.exe
12⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
9⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
8⤵
- Program crash
PID:3596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22482.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8246.exe
7⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
8⤵
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18360.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37220.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28851.exe
11⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10501.exe
12⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
12⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 216
11⤵
PID:9568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 236
9⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49340.exe
8⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38180.exe
9⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65197.exe
10⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30621.exe
11⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
11⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
10⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
8⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
7⤵
- Program crash
PID:1960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
6⤵
- Program crash
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14739.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:380

C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9099.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54494.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11635.exe
8⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23357.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30646.exe
11⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54314.exe
12⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
13⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 220
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
12⤵
PID:10700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
11⤵
PID:8048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
10⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 236
9⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21965.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21716.exe
9⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
10⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10830.exe
11⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46060.exe
12⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 236
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 220
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
10⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7037.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31229.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7278.exe
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65098.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46452.exe
11⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47496.exe
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
8⤵
- Program crash
PID:1964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
7⤵
- Program crash
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19361.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
7⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-42407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42407.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27105.exe
10⤵
PID:6596

C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
12⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 220
12⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6596 -s 220
11⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
9⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54145.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35654.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28663.exe
10⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 220
11⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
10⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 236
8⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 220
7⤵
- Program crash
PID:3280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 380 -s 240
6⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
5⤵
- Program crash
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41772.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37115.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
8⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63709.exe
9⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9665.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65046.exe
11⤵
PID:6968

C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33453.exe
12⤵
PID:9548

C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39805.exe
13⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9548 -s 216
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6968 -s 220
12⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
11⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
10⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
9⤵
- Program crash
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
9⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31364.exe
10⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
11⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43483.exe
12⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9872 -s 216
12⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
11⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
9⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 220
8⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
7⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17057.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
7⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15744.exe
8⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32494.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61029.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36587.exe
11⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52960.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
12⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
11⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 236
9⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 216
8⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61057.exe
7⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34442.exe
8⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10209.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10634.exe
10⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
11⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
11⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
10⤵
PID:9796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
9⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
8⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
7⤵
- Program crash
PID:3632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 240
6⤵
- Program crash
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7023.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40276.exe
7⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27524.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12148.exe
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
11⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33784.exe
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
12⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
9⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
8⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22733.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62670.exe
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1517.exe
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17080.exe
9⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-370.exe
10⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 212
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
10⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 240
9⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
8⤵
PID:5316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
7⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34608.exe
6⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65437.exe
7⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 220
8⤵
PID:5092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 216
7⤵
PID:4536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
6⤵
- Program crash
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
5⤵
- Program crash
PID:2836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16574.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18570.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1476

C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55070.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26135.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16154.exe
9⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5488.exe
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47893.exe
11⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11055.exe
12⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 212
13⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 220
12⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
11⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
10⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
9⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38737.exe
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
10⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
11⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28164.exe
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
12⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
11⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
10⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 240
8⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7229.exe
7⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16730.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63630.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27634.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13681.exe
11⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
12⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
10⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
8⤵
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
7⤵
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37342.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29425.exe
7⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15551.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26762.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9441.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2954.exe
11⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 216
12⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
10⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
9⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49073.exe
9⤵
PID:5868

C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24392.exe
10⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30397.exe
11⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 216
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5868 -s 236
10⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 220
8⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30190.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-59730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59730.exe
9⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55129.exe
10⤵
PID:10188

C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15542.exe
11⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10188 -s 216
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
9⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
8⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 220
7⤵
PID:4308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1476 -s 220
6⤵
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54579.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21464.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
7⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30958.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
10⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
11⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50893.exe
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
12⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 220
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11363.exe
7⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
8⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
9⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16524.exe
10⤵
PID:9964

C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33673.exe
11⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9964 -s 236
11⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 236
10⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
9⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
8⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
7⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
6⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31997.exe
7⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22510.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52348.exe
9⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55082.exe
10⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58573.exe
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 220
11⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
10⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
8⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 216
7⤵
PID:4432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
6⤵
- Program crash
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
5⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29238.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4250.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22295.exe
7⤵
PID:1424

C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60710.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38031.exe
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61616.exe
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44148.exe
11⤵
PID:9432

C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29831.exe
12⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9432 -s 236
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
11⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
10⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 216
9⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1424 -s 216
8⤵
- Program crash
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54446.exe
7⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23205.exe
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61808.exe
9⤵
PID:6752

C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
10⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57449.exe
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
11⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6752 -s 216
10⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
9⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
8⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
7⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20410.exe
6⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
7⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48965.exe
8⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22390.exe
9⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43152.exe
10⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17453.exe
11⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
11⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 220
10⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
9⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
8⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
7⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
6⤵
- Program crash
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49922.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59959.exe
6⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41831.exe
7⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64398.exe
8⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6302.exe
9⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50832.exe
10⤵
PID:9932

C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60391.exe
11⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9932 -s 216
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
10⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
9⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
8⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
7⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22541.exe
6⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-15524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15524.exe
7⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38809.exe
8⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-19338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19338.exe
9⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8339.exe
10⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
10⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
8⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
7⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
6⤵
- Program crash
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 220
5⤵
- Program crash
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
4⤵
- Program crash
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 240
2⤵
- Program crash
PID:1952

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11055.exe
Filesize
184KB

MD5
8bccd2dd6ce59ea5ebef3d5e0fa2a161

SHA1
e442b4626326bb6e4d9ad900254330815d9447d0

SHA256
2fef209c7cd94aae11c15df8a5a961f7db1a66f658c9478dfdfac80b892f0697

SHA512
a797ff994f56edc766c025cc7dcada27c81785a0bbeb4ada2a7a304e567fd0dc1bed35f6de8797cd16114e497c02b13bd3f41d8f1f3f0ffa972efd171137725b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32824.exe
Filesize
184KB

MD5
a14404bc41eabbb4c7ec3a644b51d27d

SHA1
babf721c8583db9a79ab1120bcd70c1b0fac7290

SHA256
1ba26c14c58af663a5e96cb1e187f0512e1433555b9191fe2517d79f5da3580d

SHA512
deec0294683f46222a693998b4572cad5dabd043b26de08948fbc7466b4c995a77d9725cb7ce3e16e72daede09d6fcb1c61d853c318b0bcc7ed5c081df5ad578

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
Filesize
184KB

MD5
97255ffe778ebee4780845dbede94ebd

SHA1
a64bb5a91447f8582623c37cbaab034f9b0e3527

SHA256
fa5277ba95d28f9f06626a6dcdc453c4278a5d958940e4271485e435ee7e897e

SHA512
8f274b3862b8dfac908c9638a5317c375379ec54d97a930104cf137db21e7e80b209d5c01c1984282123fdd5cb755ed972cfba92f0c01f9240ef536277b502e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37432.exe
Filesize
184KB

MD5
8a98245cd46fb89c150e74ecf88fb4cb

SHA1
96f1823980d0eddf6398fab523e105f162b096cb

SHA256
fd503db069717e807c59a735afe9aa49e4b39a47fa8672fdc0f00c69bcf2dfe0

SHA512
f5821ebfd60218fc06011ffd40ae0c73a17697a29e9797a062a1e8138757f38bcf64915d56004ac56675d42ebaedbf64216dadb0a382976d76e5b3a8e34d205c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38114.exe
Filesize
184KB

MD5
2647fa297ad5b7c1390ee04dd3d380b2

SHA1
0922a18f245bdb7fc5da90d2f0b5200926edea66

SHA256
62b3981921b9789a02d7379fa28eff3c9f6530957f41bc69f18bdfdc8cad0646

SHA512
ff1d8b3076a30220958f23e4802e862f32571565404c1c9586fc2ac9c9f0b0344268bbc422b361f02183e644746dadc262d572c5f0d1d146df4f263cff6e8dda

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58866.exe
Filesize
184KB

MD5
2ccbaaac9851c162961bbbc134dbadf1

SHA1
495655d466f33c2b3dd186c1389f63108b1bffd3

SHA256
91b21f528ea747a94004bd049506dfa764a505241b94f2949a9382187d2571a9

SHA512
1407f455cca3cc178b279f6ce0a41e263759f5ea17b98dd626ffdd3c712ac3f3063b4bda4646395357b2e81cd1d7a81e78a7e4bddcffae827295d7f186a66b42

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6830.exe
Filesize
184KB

MD5
699cb360a4ca76397e363e4112f46d58

SHA1
8e931d3894fbd0cc089bcc7ef0976de9b4cd0f32

SHA256
df08feab559c4ed425d4a5264a1d129c48a6a08000fa2d7d618aa27cef8ba1e5

SHA512
b00e386abda2d5b84776141c7f5c081d08bcbe4d9d3053f46ecbb86c16566807a85e0754996c5d4a555749e45f281a86bbef83734cd3cdd2dea7e62b0e145b83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
Filesize
184KB

MD5
56dd57ba5c96fb3824715fe964356a30

SHA1
e8068d5d76dfcfb88a389b57c298a5329c96923a

SHA256
7487f66503f32a071a4694c851b16794222b19f88b5e340563bcbb4f8852511f

SHA512
d781bd3a2d96e328b2c65e10ac7d96a58dbdec28a5adcf7a95526efe304ae203329e833535a60cf88fd9223fdea74eb3b02c2bf122345059555cabde1b8aef90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1114.exe
Filesize
184KB

MD5
15c6233f86ff4fd4a226fd879ad0b728

SHA1
402fcde0a88b9e59f67f16bead63fc298a759088

SHA256
d1d51de23e216e0ef6eac8c5999fb985e57884d3e5a1b194112a6f4cfe300949

SHA512
bec21ce8471197f881f762158da12bd997bbb21fd9fac8f52a37f44c9d737471cda8b34976bf12b1fa3113dc655464c9dd2effd1181b2ff836c7c2a6d1a5b7f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20018.exe
Filesize
184KB

MD5
f5e656c0019e50d5d1f71eb592de37c7

SHA1
2780ffb6b6e0f367fde7f726b46be7717d3e0ce7

SHA256
3cb012d64689760acb102ef96ade45f8998b8a3f425c0e782cb2831c748647c4

SHA512
caa2b2a5f63c893ffff5b6878bdb9c1b463f5bd50f8c4bf1e4cd24f6044bda9c8804650a1da9d71e48f11cb525f099955fc95431728a7c5c0b8961249bf19a87

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28228.exe
Filesize
184KB

MD5
9591d0115b8669ba6cd5319f4836d326

SHA1
b3116fa3e238fc23117c111e6d2a8b0271055a2a

SHA256
cdf6611d9d2f600641dbac2ceec668e9ff19c8746ca3a578a6f1d236cd42c745

SHA512
c79f2217139316d092423aaf022fcab1918fa8eccccdc66e1adf21a2641ef7f34a55321f928567bde8c34de9bf86a60144a7b890459e4ba8bf4510df5b110b3b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30448.exe
Filesize
184KB

MD5
84787eac1783231a7e345bb4812c1155

SHA1
d9a60c184a7c198af8e9b239d94037472504b606

SHA256
9ae970d4610da9ded2a4c72957a28b8be1b7c00c3a00718453d57a872aeb7d1f

SHA512
8efabcc43750b251b6810f4e8f48298f7e10e46a58839a79fb64aaabe5ec7847413c8218bacd4bdc6319db3ee505979cc36424724aa837ff0cb400d40b6d2cf5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32333.exe
Filesize
184KB

MD5
8beeff72228aca98ff5adcc97ccbb8c1

SHA1
11663b36e6d351cf075ca3c7098146a014de4362

SHA256
99bb9fffc58962c7fe7eb7ac0549ff6637d4d4144a37d8fb685e8124c91df4f9

SHA512
ea8a84d4497fd7db4e306fdb2d7d901b1d803b5380cde104115dc908e45ef5fe04a3f97bb81607c5a6dd0c93beace49f0e68fe9f177b43721a85b26b0c112ffc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
Filesize
184KB

MD5
0c04d9c03cc498b2d925ac8a0f60b754

SHA1
53c988200ab5f7ae756dd516cacca67c7b25850c

SHA256
7db2676b4d43cfed4cfcfa1c26ef34fbff9bb1f9901336f645ae1fff1505788f

SHA512
19cc36bc0b22d01c6da84034e54317a60ad08f6124cfd5d456b48a65f66617a18079a6b6577062ac730454f8382e1e9b3a89d6765e52dd07ff2e27cfbe9a4de8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40076.exe
Filesize
184KB

MD5
fe15112034900e8c7dd9dd8ceb1ca6b4

SHA1
f69caf5cea5b9f685308d93ddd7b9840a433f639

SHA256
814cc89e65f0bb4528bc8838c3a4cada4b619fdf7ab87b5fa14cac7112ed9f95

SHA512
69020d4811740890a19c74af280505873ed5db34871c7139036d89f0f9fd73ac63755e7c94028e7b6418e043de4cd7b8e00bf511888324068e06703d31d8f1e1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44841.exe
Filesize
184KB

MD5
64926c20156e32c7a8dda61e675ff7e8

SHA1
9cd3a0648ea8e6b5ac48851e89e572e388b8ad8e

SHA256
bb73e55af2528297b86a7b29eab252e8b1bc5c441c9b2e62c1b7900a0a299fe2

SHA512
1ee15419dabcac94ec497c99077da229ba97cf9feec79b304fe20738c4ffdbd7f83e92a1ed453ea13782acf450f8a880c4d148714ffd98dfa0e4ba95f1e92642

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48094.exe
Filesize
184KB

MD5
26e7cf8f54a9631866502f0636be9506

SHA1
e296a54f688a9d9a8ad0b49d8d7189c5adadbded

SHA256
0494769467a5986ac8ac84801db36ec718cd5ea6f29b3fe6b87126e06a94795d

SHA512
ea2edac78833ada03fb21663bf7a3715c8d6d151d038453274574e69a6172a2376ed1f4b080a523375407f121f44d69675f48b38ead8564f17fedef8bef797d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5301.exe
Filesize
184KB

MD5
d0805ea97387ce4b168bf40d4c408533

SHA1
5d1c2b38b37525e97dd604abe481a6af8d719c7b

SHA256
06ea523d029da53e9778785f93f1351f303b23ac5682ea25d77e501d596e4c7f

SHA512
48487d4c7ad05c3f16d933c9119263cf698a325f2155d0aea0702357617b2624f5be07d9f0c37e32420fd06ccccb2193770e952c5673cc4cb49835a31dc130d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53435.exe
Filesize
184KB

MD5
8feef37e7bd05af5160edb89b4847bff

SHA1
680393c447b1729ae2148980c7823fc5d4565cd4

SHA256
ee84a9fd4eeb3b832c3d9c093084dadbdca6323e028abeb4ee591628421da746

SHA512
fab7aa44351304457640c7a5f8d0d16f2f8db1e1aee3b10685ed5341487987e589560646ebe5057b0ab8dc6232ec9367737154cd68bf4c619c2e2abf92cd22f0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
Filesize
184KB

MD5
fe595556f102dd2601a6a5015987fa4a

SHA1
673d995420d4f01cd8b7aac9bbe7204052f99c4c

SHA256
d2bea207afe3bac847fabbfbffd55664452087f7b00f9f11e7b6faa6300b4aa7

SHA512
f5978e7cd2e2013c8aac2292b89ccf199a3f777d21d51fd792a853fcace438075b2f7573e5878966c8a593a43855538ccb10ece08032f1c93e5084e86e821316

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-65389.exe
Filesize
184KB

MD5
b167ee1c48f344d5700ddd9cd5c26587

SHA1
2d6bc12388e60328cebfe642ecb38af11daf45e1

SHA256
a29d8a366f667cda0eebc5518eee5659b9aad46a13061687193e329357eeef12

SHA512
896d711e154cd1940b281179be371923f62a7047d56340221c5cb073d377afa41767bda15ed92d8cca4a85375296cea39859d95b43656b516a3ad47eba628a1f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads