ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
Size

184KB
MD5

7fac3bd6c958ef4798c69c6d8c2680ba
SHA1

e222ae82737802b448e096d41927e3061f7b0a16
SHA256

ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68
SHA512

929b15a2820c8f8d271afd28f5221bc066e4635320b6b992e7ed987ea899a8c11d7f996bf42ae92d415f802fea24cb571193ea28e433667f6bbaf0c36707be43
SSDEEP

3072:Q8SA2KoJxnU3dt8oe9LOBquWI4YCzg6Js++KO5NKs5GnlnV8FLnT:Q8Jo0tt8tOguWIojUonlnV8FL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-33430.exeUnicorn-25592.exeUnicorn-38398.exeUnicorn-17466.exeUnicorn-36381.exeUnicorn-18461.exeUnicorn-46428.exeUnicorn-46428.exeUnicorn-26754.exeUnicorn-64217.exeUnicorn-26754.exeUnicorn-36321.exeUnicorn-56187.exeUnicorn-5943.exeUnicorn-36862.exeUnicorn-21211.exeUnicorn-1345.exeUnicorn-38808.exeUnicorn-18942.exeUnicorn-44989.exeUnicorn-40966.exeUnicorn-60832.exeUnicorn-55098.exeUnicorn-55098.exeUnicorn-50884.exeUnicorn-50884.exeUnicorn-55290.exeUnicorn-51076.exeUnicorn-7350.exeUnicorn-23002.exeUnicorn-3136.exeUnicorn-22364.exeUnicorn-17765.exeUnicorn-37823.exeUnicorn-35554.exeUnicorn-55420.exeUnicorn-62911.exeUnicorn-43045.exeUnicorn-45376.exeUnicorn-14971.exeUnicorn-12859.exeUnicorn-26242.exeUnicorn-63705.exeUnicorn-13627.exeUnicorn-19030.exeUnicorn-30082.exeUnicorn-30082.exeUnicorn-21729.exeUnicorn-6653.exeUnicorn-52325.exeUnicorn-54977.exeUnicorn-39518.exeUnicorn-19652.exeUnicorn-50021.exeUnicorn-37790.exeUnicorn-22715.exeUnicorn-54437.exeUnicorn-38977.exeUnicorn-8957.exeUnicorn-59419.exeUnicorn-55397.exeUnicorn-60187.exeUnicorn-37441.exeUnicorn-42232.exe

pid	process
3068	Unicorn-33430.exe
2176	Unicorn-25592.exe
1704	Unicorn-38398.exe
2628	Unicorn-17466.exe
2508	Unicorn-36381.exe
2532	Unicorn-18461.exe
888	Unicorn-46428.exe
268	Unicorn-46428.exe
2260	Unicorn-26754.exe
624	Unicorn-64217.exe
540	Unicorn-26754.exe
2388	Unicorn-36321.exe
1068	Unicorn-56187.exe
1508	Unicorn-5943.exe
1992	Unicorn-36862.exe
852	Unicorn-21211.exe
1652	Unicorn-1345.exe
1816	Unicorn-38808.exe
948	Unicorn-18942.exe
1352	Unicorn-44989.exe
1088	Unicorn-40966.exe
1344	Unicorn-60832.exe
1888	Unicorn-55098.exe
788	Unicorn-55098.exe
964	Unicorn-50884.exe
300	Unicorn-50884.exe
2312	Unicorn-55290.exe
240	Unicorn-51076.exe
2900	Unicorn-7350.exe
1388	Unicorn-23002.exe
1328	Unicorn-3136.exe
3064	Unicorn-22364.exe
2160	Unicorn-17765.exe
2616	Unicorn-37823.exe
2056	Unicorn-35554.exe
2884	Unicorn-55420.exe
2704	Unicorn-62911.exe
2524	Unicorn-43045.exe
2624	Unicorn-45376.exe
2920	Unicorn-14971.exe
1684	Unicorn-12859.exe
824	Unicorn-26242.exe
1960	Unicorn-63705.exe
1744	Unicorn-13627.exe
1228	Unicorn-19030.exe
2240	Unicorn-30082.exe
2424	Unicorn-30082.exe
1968	Unicorn-21729.exe
1604	Unicorn-6653.exe
448	Unicorn-52325.exe
1536	Unicorn-54977.exe
2316	Unicorn-39518.exe
1612	Unicorn-19652.exe
652	Unicorn-50021.exe
1772	Unicorn-37790.exe
2328	Unicorn-22715.exe
2224	Unicorn-54437.exe
2984	Unicorn-38977.exe
2552	Unicorn-8957.exe
2700	Unicorn-59419.exe
2696	Unicorn-55397.exe
2604	Unicorn-60187.exe
2500	Unicorn-37441.exe
2840	Unicorn-42232.exe

Loads dropped DLL 64 IoCs

Processes:

ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exeUnicorn-33430.exeUnicorn-38398.exeUnicorn-25592.exeWerFault.exeUnicorn-17466.exeUnicorn-36381.exeUnicorn-18461.exeWerFault.exeWerFault.exeUnicorn-46428.exeUnicorn-46428.exeUnicorn-26754.exeUnicorn-64217.exeUnicorn-26754.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
3068	Unicorn-33430.exe
3068	Unicorn-33430.exe
2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
1704	Unicorn-38398.exe
1704	Unicorn-38398.exe
2176	Unicorn-25592.exe
2176	Unicorn-25592.exe
3068	Unicorn-33430.exe
3068	Unicorn-33430.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2488	WerFault.exe
2628	Unicorn-17466.exe
2508	Unicorn-36381.exe
2508	Unicorn-36381.exe
2628	Unicorn-17466.exe
2176	Unicorn-25592.exe
2176	Unicorn-25592.exe
1704	Unicorn-38398.exe
1704	Unicorn-38398.exe
2532	Unicorn-18461.exe
2532	Unicorn-18461.exe
2228	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe
2228	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2380	WerFault.exe
2228	WerFault.exe
2380	WerFault.exe
2508	Unicorn-36381.exe
888	Unicorn-46428.exe
888	Unicorn-46428.exe
2508	Unicorn-36381.exe
268	Unicorn-46428.exe
268	Unicorn-46428.exe
540	Unicorn-26754.exe
540	Unicorn-26754.exe
624	Unicorn-64217.exe
2628	Unicorn-17466.exe
624	Unicorn-64217.exe
2628	Unicorn-17466.exe
2260	Unicorn-26754.exe
2260	Unicorn-26754.exe
2532	Unicorn-18461.exe
2532	Unicorn-18461.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
1524	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
628	WerFault.exe
1524	WerFault.exe
628	WerFault.exe
2556	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2180	2996	WerFault.exe	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
2488	3068	WerFault.exe	Unicorn-33430.exe
2228	1704	WerFault.exe	Unicorn-38398.exe
2380	2176	WerFault.exe	Unicorn-25592.exe
628	2508	WerFault.exe	Unicorn-36381.exe
1524	2628	WerFault.exe	Unicorn-17466.exe
2556	2532	WerFault.exe	Unicorn-18461.exe
2720	888	WerFault.exe	Unicorn-46428.exe
2124	268	WerFault.exe	Unicorn-46428.exe
1600	540	WerFault.exe	Unicorn-26754.exe
3020	624	WerFault.exe	Unicorn-64217.exe
2084	2260	WerFault.exe	Unicorn-26754.exe
1252	2388	WerFault.exe	Unicorn-36321.exe
1824	1068	WerFault.exe	Unicorn-56187.exe
1648	852	WerFault.exe	Unicorn-21211.exe
2204	1992	WerFault.exe	Unicorn-36862.exe
1776	1508	WerFault.exe	Unicorn-5943.exe
1840	1816	WerFault.exe	Unicorn-38808.exe
1624	948	WerFault.exe	Unicorn-18942.exe
1564	1652	WerFault.exe	Unicorn-1345.exe
1768	1352	WerFault.exe	Unicorn-44989.exe
1464	1088	WerFault.exe	Unicorn-40966.exe
912	1344	WerFault.exe	Unicorn-60832.exe
2272	1888	WerFault.exe	Unicorn-55098.exe
1576	964	WerFault.exe	Unicorn-50884.exe
340	788	WerFault.exe	Unicorn-55098.exe
904	240	WerFault.exe	Unicorn-51076.exe
1592	300	WerFault.exe	Unicorn-50884.exe
2100	1328	WerFault.exe	Unicorn-3136.exe
2060	2900	WerFault.exe	Unicorn-7350.exe
2708	2312	WerFault.exe	Unicorn-55290.exe
1096	1388	WerFault.exe	Unicorn-23002.exe
3292	3064	WerFault.exe	Unicorn-22364.exe
3300	2160	WerFault.exe	Unicorn-17765.exe
3324	2884	WerFault.exe	Unicorn-55420.exe
3372	1960	WerFault.exe	Unicorn-63705.exe
3364	1744	WerFault.exe	Unicorn-13627.exe
3396	1228	WerFault.exe	Unicorn-19030.exe
3404	824	WerFault.exe	Unicorn-26242.exe
3464	2240	WerFault.exe	Unicorn-30082.exe
3488	2704	WerFault.exe	Unicorn-62911.exe
3624	2624	WerFault.exe	Unicorn-45376.exe
3784	2616	WerFault.exe	Unicorn-37823.exe
3920	1684	WerFault.exe	Unicorn-12859.exe
3952	2920	WerFault.exe	Unicorn-14971.exe
3980	2424	WerFault.exe	Unicorn-30082.exe
4004	2524	WerFault.exe	Unicorn-43045.exe
3172	1968	WerFault.exe	Unicorn-21729.exe
3260	1604	WerFault.exe	Unicorn-6653.exe
3512	1536	WerFault.exe	Unicorn-54977.exe
3560	2552	WerFault.exe	Unicorn-8957.exe
3616	2328	WerFault.exe	Unicorn-22715.exe
3652	652	WerFault.exe	Unicorn-50021.exe
3684	448	WerFault.exe	Unicorn-52325.exe
3792	2316	WerFault.exe	Unicorn-39518.exe
3824	1772	WerFault.exe	Unicorn-37790.exe
3836	2224	WerFault.exe	Unicorn-54437.exe
3816	2984	WerFault.exe	Unicorn-38977.exe
4040	1712	WerFault.exe	Unicorn-9367.exe
4012	2500	WerFault.exe	Unicorn-37441.exe
4048	2696	WerFault.exe	Unicorn-55397.exe
3080	2220	WerFault.exe	Unicorn-22942.exe
3132	2840	WerFault.exe	Unicorn-42232.exe
3528	2340	WerFault.exe	Unicorn-25019.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exeUnicorn-33430.exeUnicorn-38398.exeUnicorn-25592.exeUnicorn-17466.exeUnicorn-36381.exeUnicorn-18461.exeUnicorn-46428.exeUnicorn-46428.exeUnicorn-26754.exeUnicorn-64217.exeUnicorn-26754.exeUnicorn-36321.exeUnicorn-56187.exeUnicorn-5943.exeUnicorn-36862.exeUnicorn-21211.exeUnicorn-1345.exeUnicorn-38808.exeUnicorn-18942.exeUnicorn-44989.exeUnicorn-40966.exeUnicorn-60832.exeUnicorn-55098.exeUnicorn-55098.exeUnicorn-50884.exeUnicorn-55290.exeUnicorn-7350.exeUnicorn-51076.exeUnicorn-50884.exeUnicorn-3136.exeUnicorn-23002.exeUnicorn-22364.exeUnicorn-17765.exeUnicorn-37823.exeUnicorn-55420.exeUnicorn-62911.exeUnicorn-43045.exeUnicorn-45376.exeUnicorn-14971.exeUnicorn-12859.exeUnicorn-26242.exeUnicorn-63705.exeUnicorn-13627.exeUnicorn-19030.exeUnicorn-30082.exeUnicorn-30082.exeUnicorn-21729.exeUnicorn-6653.exeUnicorn-54977.exeUnicorn-52325.exeUnicorn-39518.exeUnicorn-19652.exeUnicorn-50021.exeUnicorn-37790.exeUnicorn-22715.exeUnicorn-54437.exeUnicorn-38977.exeUnicorn-8957.exeUnicorn-59419.exeUnicorn-55397.exeUnicorn-60187.exeUnicorn-37441.exeUnicorn-42232.exe

pid	process
2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
3068	Unicorn-33430.exe
1704	Unicorn-38398.exe
2176	Unicorn-25592.exe
2628	Unicorn-17466.exe
2508	Unicorn-36381.exe
2532	Unicorn-18461.exe
888	Unicorn-46428.exe
268	Unicorn-46428.exe
2260	Unicorn-26754.exe
624	Unicorn-64217.exe
540	Unicorn-26754.exe
2388	Unicorn-36321.exe
1068	Unicorn-56187.exe
1508	Unicorn-5943.exe
1992	Unicorn-36862.exe
852	Unicorn-21211.exe
1652	Unicorn-1345.exe
1816	Unicorn-38808.exe
948	Unicorn-18942.exe
1352	Unicorn-44989.exe
1088	Unicorn-40966.exe
1344	Unicorn-60832.exe
1888	Unicorn-55098.exe
788	Unicorn-55098.exe
964	Unicorn-50884.exe
2312	Unicorn-55290.exe
2900	Unicorn-7350.exe
240	Unicorn-51076.exe
300	Unicorn-50884.exe
1328	Unicorn-3136.exe
1388	Unicorn-23002.exe
3064	Unicorn-22364.exe
2160	Unicorn-17765.exe
2616	Unicorn-37823.exe
2884	Unicorn-55420.exe
2704	Unicorn-62911.exe
2524	Unicorn-43045.exe
2624	Unicorn-45376.exe
2920	Unicorn-14971.exe
1684	Unicorn-12859.exe
824	Unicorn-26242.exe
1960	Unicorn-63705.exe
1744	Unicorn-13627.exe
1228	Unicorn-19030.exe
2240	Unicorn-30082.exe
2424	Unicorn-30082.exe
1968	Unicorn-21729.exe
1604	Unicorn-6653.exe
1536	Unicorn-54977.exe
448	Unicorn-52325.exe
2316	Unicorn-39518.exe
1612	Unicorn-19652.exe
652	Unicorn-50021.exe
1772	Unicorn-37790.exe
2328	Unicorn-22715.exe
2224	Unicorn-54437.exe
2984	Unicorn-38977.exe
2552	Unicorn-8957.exe
2700	Unicorn-59419.exe
2696	Unicorn-55397.exe
2604	Unicorn-60187.exe
2500	Unicorn-37441.exe
2840	Unicorn-42232.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exeUnicorn-33430.exeUnicorn-38398.exeUnicorn-25592.exeUnicorn-36381.exeUnicorn-17466.exeUnicorn-18461.exeUnicorn-46428.exe

description	pid	process	target process
PID 2996 wrote to memory of 3068	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-33430.exe
PID 2996 wrote to memory of 3068	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-33430.exe
PID 2996 wrote to memory of 3068	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-33430.exe
PID 2996 wrote to memory of 3068	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-33430.exe
PID 3068 wrote to memory of 2176	3068	Unicorn-33430.exe	Unicorn-25592.exe
PID 3068 wrote to memory of 2176	3068	Unicorn-33430.exe	Unicorn-25592.exe
PID 3068 wrote to memory of 2176	3068	Unicorn-33430.exe	Unicorn-25592.exe
PID 3068 wrote to memory of 2176	3068	Unicorn-33430.exe	Unicorn-25592.exe
PID 2996 wrote to memory of 1704	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-38398.exe
PID 2996 wrote to memory of 1704	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-38398.exe
PID 2996 wrote to memory of 1704	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-38398.exe
PID 2996 wrote to memory of 1704	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	Unicorn-38398.exe
PID 2996 wrote to memory of 2180	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	WerFault.exe
PID 2996 wrote to memory of 2180	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	WerFault.exe
PID 2996 wrote to memory of 2180	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	WerFault.exe
PID 2996 wrote to memory of 2180	2996	ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe	WerFault.exe
PID 1704 wrote to memory of 2628	1704	Unicorn-38398.exe	Unicorn-17466.exe
PID 1704 wrote to memory of 2628	1704	Unicorn-38398.exe	Unicorn-17466.exe
PID 1704 wrote to memory of 2628	1704	Unicorn-38398.exe	Unicorn-17466.exe
PID 1704 wrote to memory of 2628	1704	Unicorn-38398.exe	Unicorn-17466.exe
PID 2176 wrote to memory of 2508	2176	Unicorn-25592.exe	Unicorn-36381.exe
PID 2176 wrote to memory of 2508	2176	Unicorn-25592.exe	Unicorn-36381.exe
PID 2176 wrote to memory of 2508	2176	Unicorn-25592.exe	Unicorn-36381.exe
PID 2176 wrote to memory of 2508	2176	Unicorn-25592.exe	Unicorn-36381.exe
PID 3068 wrote to memory of 2532	3068	Unicorn-33430.exe	Unicorn-18461.exe
PID 3068 wrote to memory of 2532	3068	Unicorn-33430.exe	Unicorn-18461.exe
PID 3068 wrote to memory of 2532	3068	Unicorn-33430.exe	Unicorn-18461.exe
PID 3068 wrote to memory of 2532	3068	Unicorn-33430.exe	Unicorn-18461.exe
PID 3068 wrote to memory of 2488	3068	Unicorn-33430.exe	WerFault.exe
PID 3068 wrote to memory of 2488	3068	Unicorn-33430.exe	WerFault.exe
PID 3068 wrote to memory of 2488	3068	Unicorn-33430.exe	WerFault.exe
PID 3068 wrote to memory of 2488	3068	Unicorn-33430.exe	WerFault.exe
PID 2508 wrote to memory of 888	2508	Unicorn-36381.exe	Unicorn-46428.exe
PID 2508 wrote to memory of 888	2508	Unicorn-36381.exe	Unicorn-46428.exe
PID 2508 wrote to memory of 888	2508	Unicorn-36381.exe	Unicorn-46428.exe
PID 2508 wrote to memory of 888	2508	Unicorn-36381.exe	Unicorn-46428.exe
PID 2628 wrote to memory of 268	2628	Unicorn-17466.exe	Unicorn-46428.exe
PID 2628 wrote to memory of 268	2628	Unicorn-17466.exe	Unicorn-46428.exe
PID 2628 wrote to memory of 268	2628	Unicorn-17466.exe	Unicorn-46428.exe
PID 2628 wrote to memory of 268	2628	Unicorn-17466.exe	Unicorn-46428.exe
PID 2176 wrote to memory of 2260	2176	Unicorn-25592.exe	Unicorn-26754.exe
PID 2176 wrote to memory of 2260	2176	Unicorn-25592.exe	Unicorn-26754.exe
PID 2176 wrote to memory of 2260	2176	Unicorn-25592.exe	Unicorn-26754.exe
PID 2176 wrote to memory of 2260	2176	Unicorn-25592.exe	Unicorn-26754.exe
PID 1704 wrote to memory of 540	1704	Unicorn-38398.exe	Unicorn-26754.exe
PID 1704 wrote to memory of 540	1704	Unicorn-38398.exe	Unicorn-26754.exe
PID 1704 wrote to memory of 540	1704	Unicorn-38398.exe	Unicorn-26754.exe
PID 1704 wrote to memory of 540	1704	Unicorn-38398.exe	Unicorn-26754.exe
PID 2532 wrote to memory of 624	2532	Unicorn-18461.exe	Unicorn-64217.exe
PID 2532 wrote to memory of 624	2532	Unicorn-18461.exe	Unicorn-64217.exe
PID 2532 wrote to memory of 624	2532	Unicorn-18461.exe	Unicorn-64217.exe
PID 2532 wrote to memory of 624	2532	Unicorn-18461.exe	Unicorn-64217.exe
PID 1704 wrote to memory of 2228	1704	Unicorn-38398.exe	WerFault.exe
PID 1704 wrote to memory of 2228	1704	Unicorn-38398.exe	WerFault.exe
PID 1704 wrote to memory of 2228	1704	Unicorn-38398.exe	WerFault.exe
PID 1704 wrote to memory of 2228	1704	Unicorn-38398.exe	WerFault.exe
PID 2176 wrote to memory of 2380	2176	Unicorn-25592.exe	WerFault.exe
PID 2176 wrote to memory of 2380	2176	Unicorn-25592.exe	WerFault.exe
PID 2176 wrote to memory of 2380	2176	Unicorn-25592.exe	WerFault.exe
PID 2176 wrote to memory of 2380	2176	Unicorn-25592.exe	WerFault.exe
PID 888 wrote to memory of 1068	888	Unicorn-46428.exe	Unicorn-56187.exe
PID 888 wrote to memory of 1068	888	Unicorn-46428.exe	Unicorn-56187.exe
PID 888 wrote to memory of 1068	888	Unicorn-46428.exe	Unicorn-56187.exe
PID 888 wrote to memory of 1068	888	Unicorn-46428.exe	Unicorn-56187.exe

C:\Users\Admin\AppData\Local\Temp\ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe
"C:\Users\Admin\AppData\Local\Temp\ad992ca1ae07c4c3e6f0271e36da46efa3e8986a7368d542c834265ee2c77c68.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60832.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-54977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54977.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65076.exe
10⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22070.exe
11⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8134.exe
12⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41325.exe
13⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46688.exe
14⤵
PID:8052

C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
15⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4664.exe
16⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 216
16⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8052 -s 216
15⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
14⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4700 -s 236
13⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
12⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38922.exe
11⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 220
12⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
11⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
10⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21892.exe
11⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14511.exe
12⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3258.exe
13⤵
PID:8232

C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9509.exe
13⤵
PID:8856

C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35303.exe
14⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1606.exe
15⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 236
15⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8856 -s 216
14⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 220
13⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
12⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
11⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 240
10⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45403.exe
9⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55318.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25156.exe
11⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18839.exe
12⤵
PID:6392

C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
13⤵
PID:9196

C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46896.exe
14⤵
PID:10596

C:\Users\Admin\AppData\Local\Temp\Unicorn-5929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5929.exe
15⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10596 -s 216
15⤵
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9196 -s 216
14⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6392 -s 236
13⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
12⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
11⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3920.exe
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
11⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43684.exe
12⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62069.exe
13⤵
PID:11192

C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
14⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11192 -s 216
14⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
13⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
12⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
11⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
10⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
9⤵
- Program crash
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19652.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64526.exe
9⤵
PID:1404

C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46408.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37611.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3077.exe
11⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45598.exe
12⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55888.exe
13⤵
PID:11860

C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20282.exe
14⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
12⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
11⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
9⤵
PID:5056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1344 -s 240
8⤵
- Program crash
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35554.exe
7⤵
- Executes dropped EXE
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
7⤵
- Program crash
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37823.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39518.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48465.exe
9⤵
PID:720

C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62319.exe
10⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23564.exe
11⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1298.exe
12⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27823.exe
13⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14779.exe
14⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
14⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 236
13⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 236
12⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
11⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 720 -s 236
10⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
9⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19671.exe
8⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48675.exe
10⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34837.exe
11⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60022.exe
12⤵
PID:9500

C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9674.exe
13⤵
PID:12264

C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64107.exe
14⤵
PID:2408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9500 -s 216
13⤵
PID:12292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
11⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
10⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
9⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
- Program crash
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50021.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
8⤵
PID:1332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
9⤵
PID:3568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 236
8⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 240
7⤵
- Program crash
PID:1464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
6⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44989.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22364.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21729.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26836.exe
9⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34457.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60259.exe
11⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20059.exe
12⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51755.exe
13⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7945.exe
14⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22840.exe
15⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 236
15⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 236
14⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
13⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
12⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
11⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19815.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11200.exe
11⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6051.exe
12⤵
PID:6912

C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12700.exe
13⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
14⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
14⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6912 -s 216
13⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
12⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
10⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29858.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45324.exe
10⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46540.exe
11⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39731.exe
12⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-15508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15508.exe
13⤵
PID:10084

C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
14⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10084 -s 216
14⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
13⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 236
12⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 236
11⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
10⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
9⤵
- Program crash
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55486.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52246.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26819.exe
10⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37272.exe
11⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50488.exe
12⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
13⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52451.exe
14⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
14⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 216
13⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
12⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
11⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
10⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23206.exe
9⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4573.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49236.exe
11⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18434.exe
12⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26268.exe
13⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 236
13⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 236
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 216
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
9⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
8⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52325.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15216.exe
8⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23503.exe
9⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22113.exe
11⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42254.exe
12⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34906.exe
13⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
13⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
12⤵
PID:10716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
10⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 216
9⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 236
8⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
7⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15793.exe
8⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39065.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53412.exe
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
11⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21027.exe
12⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57058.exe
13⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29273.exe
14⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 236
14⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
12⤵
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 236
11⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
10⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34122.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32301.exe
10⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60347.exe
11⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
12⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15033.exe
13⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11020 -s 216
13⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
11⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
9⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36796.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42304.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-925.exe
10⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38769.exe
11⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46783.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54721.exe
13⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 236
13⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
11⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
9⤵
PID:5416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-11770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11770.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56854.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23428.exe
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28554.exe
10⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20453.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30893.exe
12⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18927.exe
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 236
13⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
12⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 236
10⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33546.exe
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1740.exe
9⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3834.exe
10⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8392.exe
11⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22112.exe
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 236
12⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 216
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 236
10⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
9⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
8⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
7⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
6⤵
- Program crash
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38808.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7350.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 220
7⤵
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25019.exe
7⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45204.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41767.exe
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15830.exe
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50695.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38136.exe
12⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10132.exe
13⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10436 -s 236
13⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
12⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
11⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
10⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
9⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
7⤵
PID:844

C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18526.exe
8⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60791.exe
10⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-610.exe
11⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-2677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2677.exe
12⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42032.exe
13⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
13⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 216
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
10⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 236
9⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 236
8⤵
PID:4420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
7⤵
- Program crash
PID:3464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
6⤵
- Program crash
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3136.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39345.exe
7⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
8⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65120.exe
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53441.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
11⤵
PID:10004

C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53048.exe
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10004 -s 216
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
10⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 216
7⤵
- Program crash
PID:3836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 216
6⤵
- Program crash
PID:2100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
5⤵
- Program crash
PID:2084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36862.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62911.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
9⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16274.exe
10⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38724.exe
12⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45565.exe
13⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13873.exe
14⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
14⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
13⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
12⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
11⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
10⤵
PID:4344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 236
9⤵
- Program crash
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45429.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43326.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
10⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2911.exe
11⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15037.exe
12⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40164.exe
13⤵
PID:11652

C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53745.exe
14⤵
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
13⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
12⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:3084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
9⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
- Program crash
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38977.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61815.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7942.exe
9⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
10⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26113.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
12⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5381.exe
13⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
13⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
12⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 236
11⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 236
9⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
8⤵
- Program crash
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1888 -s 240
7⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45376.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37790.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24078.exe
8⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
9⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31044.exe
11⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3074.exe
12⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2685.exe
13⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 220
11⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
9⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
8⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37268.exe
7⤵
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26331.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20867.exe
10⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
11⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7180.exe
12⤵
PID:11960

C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40998.exe
13⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4716 -s 236
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 236
8⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
7⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
6⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14971.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8957.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14256.exe
8⤵
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
10⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8334.exe
11⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42425.exe
12⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32365.exe
13⤵
PID:12040

C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24169.exe
14⤵
PID:7772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 216
13⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
11⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
10⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 236
9⤵
PID:4664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 236
8⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12180.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
8⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36169.exe
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29866.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10277.exe
11⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39219.exe
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 216
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
11⤵
PID:11232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
8⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
7⤵
- Program crash
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7248.exe
7⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8051.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-56857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56857.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23254.exe
10⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9376.exe
11⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
12⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 236
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
11⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:9592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
9⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 216
8⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
7⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
6⤵
- Program crash
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 240
5⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18942.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 240
6⤵
- Program crash
PID:1096

C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30082.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
6⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
7⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46092.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36937.exe
9⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24417.exe
10⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15799.exe
11⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49976.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
12⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
11⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 236
8⤵
PID:4452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 216
7⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5172.exe
6⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13803.exe
7⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18956.exe
8⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23073.exe
9⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15196.exe
10⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9379.exe
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
11⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
10⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
9⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
8⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 216
7⤵
PID:4864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 220
6⤵
- Program crash
PID:3980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
5⤵
- Program crash
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19030.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
8⤵
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
9⤵
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62407.exe
10⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44549.exe
11⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
12⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37346.exe
13⤵
PID:9136

C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10549.exe
14⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
15⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
15⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9136 -s 216
14⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 236
13⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 236
12⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
11⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9869.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9790.exe
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20724.exe
11⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49178.exe
12⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31100.exe
13⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14782.exe
14⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
14⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 236
13⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 236
12⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 236
11⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
10⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 220
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
8⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47524.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4533.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47589.exe
11⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21093.exe
12⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8463.exe
13⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34378.exe
14⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
14⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 236
12⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 236
11⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
9⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 240
8⤵
- Program crash
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22942.exe
7⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
8⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25807.exe
9⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48952.exe
11⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35653.exe
12⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21678.exe
13⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 216
13⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
12⤵
PID:10652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
10⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 216
9⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
8⤵
- Program crash
PID:3080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
6⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51076.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63705.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9367.exe
7⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7082.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35713.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50766.exe
10⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1183.exe
11⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48068.exe
12⤵
PID:9300

C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19952.exe
13⤵
PID:11732

C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43517.exe
14⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9300 -s 216
13⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
12⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
11⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
10⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 216
9⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46216.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50024.exe
9⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43168.exe
10⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1809.exe
11⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26103.exe
12⤵
PID:11444

C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27243.exe
13⤵
PID:13216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 216
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
11⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
10⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 220
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
7⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34945.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59421.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10309.exe
11⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8074.exe
12⤵
PID:11388

C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15047.exe
13⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
12⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
8⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5345.exe
6⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
7⤵
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10077.exe
8⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
9⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59919.exe
11⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
12⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 236
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56325.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8083.exe
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15683.exe
9⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
10⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58602.exe
11⤵
PID:11888

C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61615.exe
12⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
11⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
10⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
9⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
8⤵
PID:6180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 220
7⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 240
6⤵
- Program crash
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
5⤵
- Program crash
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1345.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43045.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59419.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-58094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58094.exe
7⤵
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2080.exe
8⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52110.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64774.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29378.exe
11⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27153.exe
12⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
12⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 236
9⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 236
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15847.exe
7⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48270.exe
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
9⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60724.exe
10⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1115.exe
11⤵
PID:10620

C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60278.exe
12⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
10⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4600 -s 236
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
8⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52946.exe
6⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29289.exe
7⤵
PID:4192

C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22438.exe
8⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33038.exe
10⤵
PID:9900

C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27916.exe
11⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9900 -s 216
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
10⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
9⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4192 -s 216
8⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
7⤵
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
6⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
5⤵
- Program crash
PID:1564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21211.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55098.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60187.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22542.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16964.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11492.exe
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1186.exe
12⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25122.exe
13⤵
PID:11280

C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
14⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
12⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 236
11⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
10⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30154.exe
8⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2608.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21326.exe
10⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50091.exe
11⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45002.exe
12⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43262.exe
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
13⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
11⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
9⤵
PID:6120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
8⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
7⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54726.exe
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23483.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
11⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 216
8⤵
PID:4720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 240
7⤵
- Program crash
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37441.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57134.exe
7⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59247.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
9⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56513.exe
10⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-64724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64724.exe
11⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52280.exe
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 216
11⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
10⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
8⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 236
7⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
6⤵
- Program crash
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26242.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42808.exe
6⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7274.exe
7⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
9⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26749.exe
10⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11077.exe
11⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9068.exe
12⤵
PID:11572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39267.exe
13⤵
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
12⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
11⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
10⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
8⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
8⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19165.exe
9⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63532.exe
10⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55298.exe
11⤵
PID:11316

C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37881.exe
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11316 -s 220
12⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 216
11⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 216
10⤵
PID:9332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
9⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
8⤵
PID:5868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
7⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35732.exe
6⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63777.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32235.exe
8⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 220
9⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
8⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 216
7⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
6⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 220
5⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50884.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13627.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42232.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25038.exe
7⤵
PID:648

C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46860.exe
8⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4072.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12844.exe
10⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
11⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22748.exe
12⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 216
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7284 -s 236
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
10⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
9⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 648 -s 236
8⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
7⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2676.exe
6⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27623.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13028.exe
8⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25815.exe
9⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
10⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32802.exe
11⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48109.exe
12⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 216
12⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
10⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
9⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
8⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 236
7⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
6⤵
- Program crash
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5153.exe
5⤵
PID:476

C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42635.exe
6⤵
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61063.exe
7⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33579.exe
8⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43604.exe
9⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
10⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13310.exe
11⤵
PID:10504

C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61238.exe
12⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10504 -s 220
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
11⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
9⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
8⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 236
7⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11047.exe
6⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19080.exe
7⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13977.exe
8⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
9⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25096.exe
10⤵
PID:11356

C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45727.exe
11⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11356 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
10⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
9⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
8⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 236
7⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 476 -s 220
6⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 220
5⤵
- Program crash
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 540 -s 240
4⤵
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
2⤵
- Program crash
PID:2180

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
Filesize
184KB

MD5
e825d2671a8a1e7de869e339341235c2

SHA1
d6a56dcc492fc8b1595a6b0758ede6f666d13412

SHA256
2e60946c66c127f16ec3e3efec5b1148fc729af02e0b16ea7c04e7bedc75f6c6

SHA512
d1913c4fb87dc3bb9372903e3c0c07f2b52ad4f7174228657d1f2e4368e89c5e5de15db23df9ba0345f0cacde6d670cc9e0cf16c074fef5da50d4e8c7a425ea9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18461.exe
Filesize
184KB

MD5
19d0c4e49041989e0ff671bdc16e33c0

SHA1
86cac6b66664335b5489d495ce2a90f5a98de233

SHA256
963baa49191f27419c2123e9fdb9f2c12e133d9eeeddaa2c79bf9257215edaf6

SHA512
49af2102b55274abf77fe3cd72685a47ce9cd40f8f400e8af25abc4a3573a20ed08de1647b5d7b04b1de361a4c4c236623ce808f73a3e83fa742ee51327bec71

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27565.exe
Filesize
184KB

MD5
3953f74c00e15f7aeaac96f4a3016814

SHA1
b82e3d64911e838726e8ea471fc14ce960d0791e

SHA256
c7d36da786f2bc230c8abda615e16c157330b27ef4e216d51129028af13c5e71

SHA512
be2cb7cb53e2f9b6556d30738c78678d383ae1903a5c5582a7540c1cd9d20cc667a099d47037dd429c18b873cd3c3bb9d4933eaec92ff806ae5999ecca4577b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36381.exe
Filesize
184KB

MD5
6c6b192939db05ceb533a24ef3c4c837

SHA1
f70bcdb47f2cfa7ab4d1ddb5b5ebd43925c93687

SHA256
6704a8e00a9580bb7ba7428770e96cdcbf4fe8f4678e8cc62275ace89b2b5a49

SHA512
310b635e559d8e4f3c867c39da9792ae14ace5fd18f1065aa747faf1a60b451f4fb4d09cde5334c4f7771e070df4cd4596b46a2ee63c804d25de25930b06d313

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40966.exe
Filesize
184KB

MD5
57db2be1def1e938d78cf8073567ebd5

SHA1
a3a4e6432beb544452d8922781bd8df5501561b7

SHA256
f403cbfc4baf2c693f7e5727a9030794107650043a9d1ab6ce6f608d840feba8

SHA512
53df90139cba5b72457fe633c23a30c14ee937595bf3dd4ea89d0850e1e6721ea9b477fb76f76d9a66949479f27cb363965430a794360ccef8f45eb83c0292a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56187.exe
Filesize
184KB

MD5
d1951dbae39eeb55ff227a5ee3d712b3

SHA1
113d023910460ceacb60df42600f5921ed3295d1

SHA256
7461997b1e15f1d8c35fa74db180639a5592080bea5f508af45b1c1717cd260b

SHA512
41edd2ec1c4a372cac6201845063f791784183b5e63f470766bee3a6c9f7a01b087a5d69bbb47426163c6084cba32a1910157d8b983606d1baac60dd9d151b7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
Filesize
184KB

MD5
b0df000434b01db6fbce21a35646c955

SHA1
9bd74ef41fe248cbd8c97d43da2f4ee87dea7dd0

SHA256
ef25dd67deb8c238aa696017079107152e12f1c13f08435cf209e7114196bb04

SHA512
de20b65ae2a93252ad1acc9557f8af0a9196b3c2fa5bd48a2a8b4f079dd19870db3d928cd2af91ed1859e23b907386f2bf7dfe641102017e3a6fe281fce9dfcb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64217.exe
Filesize
184KB

MD5
f9ed6e60e5ee07eb340604280b2433de

SHA1
50ceff5d8b2736a25444758b2e2a4c0dd2add8a7

SHA256
5e18b3ff975cfc04146d18941b8f02284948ec5a92dd20dee74c78a55eb26856

SHA512
7d21fbbbe6c57d77e2fe71054fdd209235cb536af34f20dae8b4c1a30cd8419ada88745caec3ad836ed1d3b9a78d72f4202554185ab1aa1b441d623f121a741c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6547.exe
Filesize
184KB

MD5
2ada0ea6618c1439a4f6b4ac2d760012

SHA1
a77078c60b4fc8532d313b20fba86ee9418d84fa

SHA256
3a799701e9a00cdfbd8ab91aed416b8fcb9359babed79be534e288774ea98b45

SHA512
54bb620e6b5a1da13095e7bb4826482780bcb29ae8ee287570cac2768d0f116254643c11b20157b3abd10050423682813e629452d42d184ff0e948b61d5b49a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6653.exe
Filesize
184KB

MD5
4e6a7f46b0f6f7c29b03d94e22c1b2cd

SHA1
6e2ea447566bd11b438f5e32d19c50740f385ccb

SHA256
b99b9862fb25ea3f73beca41ae85becc2ea04c5918f37a9b7f65fec16c88d12a

SHA512
ee835f4300f3ebde67159c6521230d8e24cc7cb74de80c7ee40656c529decd52f1b985c8c9b1681e8187b16bf2ee63e9293b804077ddfe5acd69d4990178768f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8765.exe
Filesize
184KB

MD5
40c2533bc04919ff8e217aaecd880030

SHA1
cab940ecd19469c8ac1cf108c5add3d0cf3dbea5

SHA256
983fa5f3560d28d81da90c3f508079c7933884a510b3d3aa656964eee772b564

SHA512
14ea10391bd23cd3aee7425a2d9458323a71106b9085bef9c584bde312e69fd2ea300a737916c8279c220deaaa918cf76e3082712084355077fe3230b3c4e8e4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25592.exe
Filesize
184KB

MD5
9c27e2439af677a71d18c381c72beca9

SHA1
8d1b5e0ab0d5b4b882c5e6c83884cf4f81bc164b

SHA256
a07b1c46ac72c71f1bea2462c6c90cf3abadb5cbc2495601bc513ba9861870ee

SHA512
3c3ccc735f5c60c2d329b6d7793daa30f97889ef0cba349d5547b96b666fedcc5ed50ad57cc51911fef90a96940263530b29574422189008292b1072b84e077c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
Filesize
184KB

MD5
0f9c469d113e1cb443f283efac2bc0c4

SHA1
b7b22c4c381fd7747911c570b6233fa19b9fd3d5

SHA256
70792e2b1a8f64303f7bd4d41b078f7ac7dfda1b13a948eb40f1f374465c7543

SHA512
0513f2e144771fc32a5889a7a54d5bf748e8f0acfc2eb682ed8ec854084007208373fc6238d2da9e3295df7e90e09cfd5ef89ab260402b57de1b5cc6f4bc645c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33430.exe
Filesize
184KB

MD5
eadd7e1e13c16a7fc49d38b0a0676235

SHA1
bd7ffeef2298199564512626a17f1e0739181f58

SHA256
451b8a927e04b4943144a8a642ddf9a3b81ed445db7b7e3ce6f2bbc8263a0733

SHA512
7b87cfdeab14d452025918520c56ce76da89a6c15a281c915d018acb5d32c1d4f97edaec9c2820c4613834a771b87ceacfef5a48eaa82b77a3582b81dbed63ba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36321.exe
Filesize
184KB

MD5
6ff54bf896f565b8fe94d56b3ef77456

SHA1
14c8527883b896f47d07464c486f96e5d677739e

SHA256
f43fd08e08546843b79925826f18ec51021afc6a010a7a50eeeec81b7864eb34

SHA512
b1b4aabce54bfa3fbfebb775721754a5b4760a8054ab0209625ab1a161124fd39fe9be43dd25b07f9171312efb875023e3f60cbe2ab926051c34c7eb26680305

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38398.exe
Filesize
184KB

MD5
da31c8a050a2a26190bdcdcc663836cd

SHA1
49c0d1d631d8f260c461d30ef2f7f359ba3bba4f

SHA256
13a6fe014822b9d3b200471362dc185344dd0de425a686915b844d5ce46d71c3

SHA512
d745959ea3dec085f3b74be997bea17cf440d42d8c5a82d824f874268ec76f6018423a45cc0d8d37c4fd752ba707671b895fb4429214ee6308112f4eea20da74

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
Filesize
184KB

MD5
fc3ebe3d13381118d151817f2fef9fd2

SHA1
04d4fc6d2db5840cbc51422bfe57d77b8d59e2f6

SHA256
b402352535b505142fad327971d7f96214b2aaca6ea2eae3babad3118934aa16

SHA512
7ad81b4b2d30f6b38bc40a6de6beba0167b7bad8ae814c9fe6c5f67464310ae71aef3f1ecf2416263cdcc40a9b1908c081cf060e3869c774809c1681bc407cbb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5943.exe
Filesize
184KB

MD5
ec584460b987fa2a79ee6136d9522848

SHA1
843ed57913d1c872565175ec32c3b1a25a3ed608

SHA256
d8cab2c0cc2716eafb44bdc495b758df1aef4f3c13a13a61aec8cc74e74f361f

SHA512
d3c200f824a05bc128740e75fb2fbe26b81dda5afeb0d405acf48bae57fd151ba5826ca664b975d80fe92adbe33bf2ee057144605cd37f004251269d2d3ea1b3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads