9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 00:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
Size

184KB
MD5

abdc4315c11130f2e7a6e72d66b94557
SHA1

5a6c6426f918b1318ba5abce7e11f54c8f47d6f9
SHA256

9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff
SHA512

39410f213f5340d55479454a68079704e9e1f9eb09b38ef5358d1198437ba430eaa9d8cd3352bfd2da9523bb63adb11af800a8e1a916a8dd1cb1a2fd0660c7f9
SSDEEP

3072:kCeYtAofahVjdJD2e6wqd7b3hlnViFin3:kCQo2ZJDRqBb3hlnViFi

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-53587.exeUnicorn-17626.exeUnicorn-63297.exeUnicorn-61464.exeUnicorn-46176.exeUnicorn-43675.exeUnicorn-36974.exeUnicorn-855.exeUnicorn-3123.exeUnicorn-2931.exeUnicorn-21908.exeUnicorn-48861.exeUnicorn-60490.exeUnicorn-30304.exeUnicorn-11014.exeUnicorn-9198.exeUnicorn-57242.exeUnicorn-2758.exeUnicorn-558.exeUnicorn-42422.exeUnicorn-20060.exeUnicorn-40886.exeUnicorn-28127.exeUnicorn-46457.exeUnicorn-24091.exeUnicorn-41688.exeUnicorn-63317.exeUnicorn-43451.exeUnicorn-2549.exeUnicorn-8833.exeUnicorn-25854.exeUnicorn-59026.exeUnicorn-13354.exeUnicorn-30376.exeUnicorn-1590.exeUnicorn-38216.exeUnicorn-22696.exeUnicorn-56546.exeUnicorn-62747.exeUnicorn-65399.exeUnicorn-1626.exeUnicorn-20148.exeUnicorn-9623.exeUnicorn-29297.exeUnicorn-47854.exeUnicorn-58139.exeUnicorn-8087.exeUnicorn-27953.exeUnicorn-31428.exeUnicorn-46337.exeUnicorn-4681.exeUnicorn-6041.exeUnicorn-53981.exeUnicorn-34691.exeUnicorn-13358.exeUnicorn-9113.exeUnicorn-63638.exeUnicorn-17967.exeUnicorn-16658.exeUnicorn-10073.exeUnicorn-37763.exeUnicorn-34412.exeUnicorn-62102.exeUnicorn-55517.exe

pid	process
1728	Unicorn-53587.exe
2612	Unicorn-17626.exe
2452	Unicorn-63297.exe
2976	Unicorn-61464.exe
2680	Unicorn-46176.exe
2528	Unicorn-43675.exe
1264	Unicorn-36974.exe
2820	Unicorn-855.exe
2848	Unicorn-3123.exe
1348	Unicorn-2931.exe
1304	Unicorn-21908.exe
1084	Unicorn-48861.exe
2408	Unicorn-60490.exe
308	Unicorn-30304.exe
2548	Unicorn-11014.exe
1492	Unicorn-9198.exe
2924	Unicorn-57242.exe
1648	Unicorn-2758.exe
2936	Unicorn-558.exe
2332	Unicorn-42422.exe
1780	Unicorn-20060.exe
960	Unicorn-40886.exe
2000	Unicorn-28127.exe
964	Unicorn-46457.exe
1516	Unicorn-24091.exe
2036	Unicorn-41688.exe
2228	Unicorn-63317.exe
2056	Unicorn-43451.exe
1948	Unicorn-2549.exe
1628	Unicorn-8833.exe
1588	Unicorn-25854.exe
2648	Unicorn-59026.exe
2656	Unicorn-13354.exe
2644	Unicorn-30376.exe
2172	Unicorn-1590.exe
2992	Unicorn-38216.exe
2496	Unicorn-22696.exe
2824	Unicorn-56546.exe
2424	Unicorn-62747.exe
1820	Unicorn-65399.exe
1288	Unicorn-1626.exe
1212	Unicorn-20148.exe
2176	Unicorn-9623.exe
700	Unicorn-29297.exe
1296	Unicorn-47854.exe
2876	Unicorn-58139.exe
1416	Unicorn-8087.exe
2800	Unicorn-27953.exe
1500	Unicorn-31428.exe
1544	Unicorn-46337.exe
2592	Unicorn-4681.exe
2956	Unicorn-6041.exe
1744	Unicorn-53981.exe
2052	Unicorn-34691.exe
2980	Unicorn-13358.exe
1964	Unicorn-9113.exe
2708	Unicorn-63638.exe
2732	Unicorn-17967.exe
2700	Unicorn-16658.exe
2540	Unicorn-10073.exe
3004	Unicorn-37763.exe
2804	Unicorn-34412.exe
1552	Unicorn-62102.exe
2868	Unicorn-55517.exe

Loads dropped DLL 64 IoCs

Processes:

9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exeUnicorn-53587.exeUnicorn-17626.exeUnicorn-63297.exeWerFault.exeUnicorn-46176.exeUnicorn-61464.exeUnicorn-43675.exeWerFault.exeWerFault.exeUnicorn-3123.exeUnicorn-36974.exeUnicorn-21908.exeUnicorn-2931.exeUnicorn-855.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
1728	Unicorn-53587.exe
1728	Unicorn-53587.exe
2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
2612	Unicorn-17626.exe
2612	Unicorn-17626.exe
1728	Unicorn-53587.exe
1728	Unicorn-53587.exe
2452	Unicorn-63297.exe
2452	Unicorn-63297.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2384	WerFault.exe
2680	Unicorn-46176.exe
2680	Unicorn-46176.exe
2612	Unicorn-17626.exe
2612	Unicorn-17626.exe
2976	Unicorn-61464.exe
2976	Unicorn-61464.exe
2528	Unicorn-43675.exe
2528	Unicorn-43675.exe
2452	Unicorn-63297.exe
2452	Unicorn-63297.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
1332	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1332	WerFault.exe
1992	WerFault.exe
2848	Unicorn-3123.exe
2848	Unicorn-3123.exe
2976	Unicorn-61464.exe
2976	Unicorn-61464.exe
1264	Unicorn-36974.exe
1264	Unicorn-36974.exe
2680	Unicorn-46176.exe
2680	Unicorn-46176.exe
1304	Unicorn-21908.exe
1304	Unicorn-21908.exe
1348	Unicorn-2931.exe
1348	Unicorn-2931.exe
2528	Unicorn-43675.exe
2528	Unicorn-43675.exe
2820	Unicorn-855.exe
2820	Unicorn-855.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
1140	WerFault.exe
2376	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2288	2064	WerFault.exe	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
2384	1728	WerFault.exe	Unicorn-53587.exe
1332	2612	WerFault.exe	Unicorn-17626.exe
1992	2452	WerFault.exe	Unicorn-63297.exe
1788	2680	WerFault.exe	Unicorn-46176.exe
1140	2976	WerFault.exe	Unicorn-61464.exe
2376	2528	WerFault.exe	Unicorn-43675.exe
492	2936	WerFault.exe	Unicorn-558.exe
1980	2848	WerFault.exe	Unicorn-3123.exe
2716	1264	WerFault.exe	Unicorn-36974.exe
2864	1304	WerFault.exe	Unicorn-21908.exe
2564	1348	WerFault.exe	Unicorn-2931.exe
2104	2820	WerFault.exe	Unicorn-855.exe
3052	1084	WerFault.exe	Unicorn-48861.exe
1944	308	WerFault.exe	Unicorn-30304.exe
2464	2548	WerFault.exe	Unicorn-11014.exe
2888	2408	WerFault.exe	Unicorn-60490.exe
2008	1492	WerFault.exe	Unicorn-9198.exe
940	1648	WerFault.exe	Unicorn-2758.exe
1520	2924	WerFault.exe	Unicorn-57242.exe
1624	2332	WerFault.exe	Unicorn-42422.exe
1532	1780	WerFault.exe	Unicorn-20060.exe
2456	960	WerFault.exe	Unicorn-40886.exe
2004	2000	WerFault.exe	Unicorn-28127.exe
1564	964	WerFault.exe	Unicorn-46457.exe
1708	1516	WerFault.exe	Unicorn-24091.exe
2560	2036	WerFault.exe	Unicorn-41688.exe
2988	1948	WerFault.exe	Unicorn-2549.exe
1968	2056	WerFault.exe	Unicorn-43451.exe
2780	2228	WerFault.exe	Unicorn-63317.exe
2608	1628	WerFault.exe	Unicorn-8833.exe
1360	1588	WerFault.exe	Unicorn-25854.exe
2360	2648	WerFault.exe	Unicorn-59026.exe
568	2656	WerFault.exe	Unicorn-13354.exe
1940	2172	WerFault.exe	Unicorn-1590.exe
2664	2992	WerFault.exe	Unicorn-38216.exe
3156	2424	WerFault.exe	Unicorn-62747.exe
3192	1820	WerFault.exe	Unicorn-65399.exe
3200	2496	WerFault.exe	Unicorn-22696.exe
3268	1288	WerFault.exe	Unicorn-1626.exe
3276	2176	WerFault.exe	Unicorn-9623.exe
3320	1416	WerFault.exe	Unicorn-8087.exe
3312	2800	WerFault.exe	Unicorn-27953.exe
3328	700	WerFault.exe	Unicorn-29297.exe
3360	2876	WerFault.exe	Unicorn-58139.exe
3376	1212	WerFault.exe	Unicorn-20148.exe
3452	1296	WerFault.exe	Unicorn-47854.exe
3468	2824	WerFault.exe	Unicorn-56546.exe
3484	2644	WerFault.exe	Unicorn-30376.exe
3676	1544	WerFault.exe	Unicorn-46337.exe
3832	1500	WerFault.exe	Unicorn-31428.exe
4004	3096	WerFault.exe	Unicorn-65140.exe
3124	2980	WerFault.exe	Unicorn-13358.exe
3984	2592	WerFault.exe	Unicorn-4681.exe
4080	2956	WerFault.exe	Unicorn-6041.exe
3636	2052	WerFault.exe	Unicorn-34691.exe
3740	2804	WerFault.exe	Unicorn-34412.exe
3768	3004	WerFault.exe	Unicorn-37763.exe
3540	2732	WerFault.exe	Unicorn-17967.exe
2768	3008	WerFault.exe	Unicorn-24463.exe
3804	1744	WerFault.exe	Unicorn-53981.exe
4104	2224	WerFault.exe	Unicorn-8421.exe
4140	600	WerFault.exe	Unicorn-26175.exe
4172	1984	WerFault.exe	Unicorn-58909.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exeUnicorn-53587.exeUnicorn-17626.exeUnicorn-63297.exeUnicorn-61464.exeUnicorn-46176.exeUnicorn-43675.exeUnicorn-36974.exeUnicorn-3123.exeUnicorn-2931.exeUnicorn-855.exeUnicorn-21908.exeUnicorn-48861.exeUnicorn-60490.exeUnicorn-30304.exeUnicorn-11014.exeUnicorn-9198.exeUnicorn-57242.exeUnicorn-2758.exeUnicorn-558.exeUnicorn-42422.exeUnicorn-20060.exeUnicorn-40886.exeUnicorn-28127.exeUnicorn-46457.exeUnicorn-24091.exeUnicorn-41688.exeUnicorn-63317.exeUnicorn-43451.exeUnicorn-2549.exeUnicorn-8833.exeUnicorn-25854.exeUnicorn-59026.exeUnicorn-13354.exeUnicorn-30376.exeUnicorn-1590.exeUnicorn-38216.exeUnicorn-22696.exeUnicorn-56546.exeUnicorn-62747.exeUnicorn-65399.exeUnicorn-1626.exeUnicorn-20148.exeUnicorn-9623.exeUnicorn-29297.exeUnicorn-47854.exeUnicorn-58139.exeUnicorn-8087.exeUnicorn-27953.exeUnicorn-31428.exeUnicorn-46337.exeUnicorn-4681.exeUnicorn-6041.exeUnicorn-53981.exeUnicorn-34691.exeUnicorn-13358.exeUnicorn-9113.exeUnicorn-63638.exeUnicorn-17967.exeUnicorn-16658.exeUnicorn-10073.exeUnicorn-37763.exeUnicorn-34412.exeUnicorn-55517.exe

pid	process
2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
1728	Unicorn-53587.exe
2612	Unicorn-17626.exe
2452	Unicorn-63297.exe
2976	Unicorn-61464.exe
2680	Unicorn-46176.exe
2528	Unicorn-43675.exe
1264	Unicorn-36974.exe
2848	Unicorn-3123.exe
1348	Unicorn-2931.exe
2820	Unicorn-855.exe
1304	Unicorn-21908.exe
1084	Unicorn-48861.exe
2408	Unicorn-60490.exe
308	Unicorn-30304.exe
2548	Unicorn-11014.exe
1492	Unicorn-9198.exe
2924	Unicorn-57242.exe
1648	Unicorn-2758.exe
2936	Unicorn-558.exe
2332	Unicorn-42422.exe
1780	Unicorn-20060.exe
960	Unicorn-40886.exe
2000	Unicorn-28127.exe
964	Unicorn-46457.exe
1516	Unicorn-24091.exe
2036	Unicorn-41688.exe
2228	Unicorn-63317.exe
2056	Unicorn-43451.exe
1948	Unicorn-2549.exe
1628	Unicorn-8833.exe
1588	Unicorn-25854.exe
2648	Unicorn-59026.exe
2656	Unicorn-13354.exe
2644	Unicorn-30376.exe
2172	Unicorn-1590.exe
2992	Unicorn-38216.exe
2496	Unicorn-22696.exe
2824	Unicorn-56546.exe
2424	Unicorn-62747.exe
1820	Unicorn-65399.exe
1288	Unicorn-1626.exe
1212	Unicorn-20148.exe
2176	Unicorn-9623.exe
700	Unicorn-29297.exe
1296	Unicorn-47854.exe
2876	Unicorn-58139.exe
1416	Unicorn-8087.exe
2800	Unicorn-27953.exe
1500	Unicorn-31428.exe
1544	Unicorn-46337.exe
2592	Unicorn-4681.exe
2956	Unicorn-6041.exe
1744	Unicorn-53981.exe
2052	Unicorn-34691.exe
2980	Unicorn-13358.exe
1964	Unicorn-9113.exe
2708	Unicorn-63638.exe
2732	Unicorn-17967.exe
2700	Unicorn-16658.exe
2540	Unicorn-10073.exe
3004	Unicorn-37763.exe
2804	Unicorn-34412.exe
2868	Unicorn-55517.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exeUnicorn-53587.exeUnicorn-17626.exeUnicorn-63297.exeUnicorn-46176.exeUnicorn-61464.exeUnicorn-43675.exeUnicorn-3123.exe

description	pid	process	target process
PID 2064 wrote to memory of 1728	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-53587.exe
PID 2064 wrote to memory of 1728	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-53587.exe
PID 2064 wrote to memory of 1728	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-53587.exe
PID 2064 wrote to memory of 1728	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-53587.exe
PID 1728 wrote to memory of 2612	1728	Unicorn-53587.exe	Unicorn-17626.exe
PID 1728 wrote to memory of 2612	1728	Unicorn-53587.exe	Unicorn-17626.exe
PID 1728 wrote to memory of 2612	1728	Unicorn-53587.exe	Unicorn-17626.exe
PID 1728 wrote to memory of 2612	1728	Unicorn-53587.exe	Unicorn-17626.exe
PID 2064 wrote to memory of 2452	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-63297.exe
PID 2064 wrote to memory of 2452	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-63297.exe
PID 2064 wrote to memory of 2452	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-63297.exe
PID 2064 wrote to memory of 2452	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	Unicorn-63297.exe
PID 2064 wrote to memory of 2288	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	WerFault.exe
PID 2064 wrote to memory of 2288	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	WerFault.exe
PID 2064 wrote to memory of 2288	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	WerFault.exe
PID 2064 wrote to memory of 2288	2064	9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe	WerFault.exe
PID 2612 wrote to memory of 2976	2612	Unicorn-17626.exe	Unicorn-61464.exe
PID 2612 wrote to memory of 2976	2612	Unicorn-17626.exe	Unicorn-61464.exe
PID 2612 wrote to memory of 2976	2612	Unicorn-17626.exe	Unicorn-61464.exe
PID 2612 wrote to memory of 2976	2612	Unicorn-17626.exe	Unicorn-61464.exe
PID 1728 wrote to memory of 2680	1728	Unicorn-53587.exe	Unicorn-46176.exe
PID 1728 wrote to memory of 2680	1728	Unicorn-53587.exe	Unicorn-46176.exe
PID 1728 wrote to memory of 2680	1728	Unicorn-53587.exe	Unicorn-46176.exe
PID 1728 wrote to memory of 2680	1728	Unicorn-53587.exe	Unicorn-46176.exe
PID 2452 wrote to memory of 2528	2452	Unicorn-63297.exe	Unicorn-43675.exe
PID 2452 wrote to memory of 2528	2452	Unicorn-63297.exe	Unicorn-43675.exe
PID 2452 wrote to memory of 2528	2452	Unicorn-63297.exe	Unicorn-43675.exe
PID 2452 wrote to memory of 2528	2452	Unicorn-63297.exe	Unicorn-43675.exe
PID 1728 wrote to memory of 2384	1728	Unicorn-53587.exe	WerFault.exe
PID 1728 wrote to memory of 2384	1728	Unicorn-53587.exe	WerFault.exe
PID 1728 wrote to memory of 2384	1728	Unicorn-53587.exe	WerFault.exe
PID 1728 wrote to memory of 2384	1728	Unicorn-53587.exe	WerFault.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46176.exe	Unicorn-36974.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46176.exe	Unicorn-36974.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46176.exe	Unicorn-36974.exe
PID 2680 wrote to memory of 1264	2680	Unicorn-46176.exe	Unicorn-36974.exe
PID 2612 wrote to memory of 2820	2612	Unicorn-17626.exe	Unicorn-855.exe
PID 2612 wrote to memory of 2820	2612	Unicorn-17626.exe	Unicorn-855.exe
PID 2612 wrote to memory of 2820	2612	Unicorn-17626.exe	Unicorn-855.exe
PID 2612 wrote to memory of 2820	2612	Unicorn-17626.exe	Unicorn-855.exe
PID 2976 wrote to memory of 2848	2976	Unicorn-61464.exe	Unicorn-3123.exe
PID 2976 wrote to memory of 2848	2976	Unicorn-61464.exe	Unicorn-3123.exe
PID 2976 wrote to memory of 2848	2976	Unicorn-61464.exe	Unicorn-3123.exe
PID 2976 wrote to memory of 2848	2976	Unicorn-61464.exe	Unicorn-3123.exe
PID 2528 wrote to memory of 1348	2528	Unicorn-43675.exe	Unicorn-2931.exe
PID 2528 wrote to memory of 1348	2528	Unicorn-43675.exe	Unicorn-2931.exe
PID 2528 wrote to memory of 1348	2528	Unicorn-43675.exe	Unicorn-2931.exe
PID 2528 wrote to memory of 1348	2528	Unicorn-43675.exe	Unicorn-2931.exe
PID 2452 wrote to memory of 1304	2452	Unicorn-63297.exe	Unicorn-21908.exe
PID 2452 wrote to memory of 1304	2452	Unicorn-63297.exe	Unicorn-21908.exe
PID 2452 wrote to memory of 1304	2452	Unicorn-63297.exe	Unicorn-21908.exe
PID 2452 wrote to memory of 1304	2452	Unicorn-63297.exe	Unicorn-21908.exe
PID 2612 wrote to memory of 1332	2612	Unicorn-17626.exe	WerFault.exe
PID 2612 wrote to memory of 1332	2612	Unicorn-17626.exe	WerFault.exe
PID 2612 wrote to memory of 1332	2612	Unicorn-17626.exe	WerFault.exe
PID 2612 wrote to memory of 1332	2612	Unicorn-17626.exe	WerFault.exe
PID 2452 wrote to memory of 1992	2452	Unicorn-63297.exe	WerFault.exe
PID 2452 wrote to memory of 1992	2452	Unicorn-63297.exe	WerFault.exe
PID 2452 wrote to memory of 1992	2452	Unicorn-63297.exe	WerFault.exe
PID 2452 wrote to memory of 1992	2452	Unicorn-63297.exe	WerFault.exe
PID 2848 wrote to memory of 1084	2848	Unicorn-3123.exe	Unicorn-48861.exe
PID 2848 wrote to memory of 1084	2848	Unicorn-3123.exe	Unicorn-48861.exe
PID 2848 wrote to memory of 1084	2848	Unicorn-3123.exe	Unicorn-48861.exe
PID 2848 wrote to memory of 1084	2848	Unicorn-3123.exe	Unicorn-48861.exe

C:\Users\Admin\AppData\Local\Temp\9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe
"C:\Users\Admin\AppData\Local\Temp\9a4ca4fab0914b51f7f0901ea0ebde52f166f4bc454e9c9aa9a1f8b51834daff.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42422.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13354.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46337.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49916.exe
10⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
11⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
12⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2245.exe
13⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
14⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58524.exe
15⤵
PID:10076

C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49571.exe
16⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10076 -s 216
16⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
15⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
14⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
13⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 236
12⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
11⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1005.exe
12⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2325.exe
13⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44206.exe
14⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 236
14⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
13⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 216
12⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
11⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22996.exe
10⤵
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24657.exe
11⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56244.exe
12⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35896.exe
13⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27279.exe
14⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
14⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
13⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
12⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 236
11⤵
PID:5712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
10⤵
- Program crash
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55764.exe
9⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
10⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
11⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29080.exe
12⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26660.exe
13⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61161.exe
14⤵
PID:11952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 216
14⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
13⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
12⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 216
11⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
10⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8462.exe
11⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45166.exe
12⤵
PID:8936

C:\Users\Admin\AppData\Local\Temp\Unicorn-60700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60700.exe
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8936 -s 216
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 236
12⤵
PID:10136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
10⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
9⤵
- Program crash
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4681.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54524.exe
9⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65140.exe
10⤵
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 200
11⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 236
10⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15508.exe
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17657.exe
10⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22358.exe
11⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25806.exe
12⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37196.exe
13⤵
PID:11620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
13⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6452 -s 216
12⤵
PID:10156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
11⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 236
10⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 220
9⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
8⤵
- Program crash
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59026.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31428.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25002.exe
9⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18109.exe
10⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26769.exe
11⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29132.exe
12⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60599.exe
13⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8638.exe
14⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 236
14⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
13⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
12⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 216
11⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
10⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14466.exe
11⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50716.exe
12⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2532.exe
13⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
13⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 236
12⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
11⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19924.exe
9⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44034.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30370.exe
11⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5937.exe
12⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25743.exe
13⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
13⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
12⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 236
10⤵
PID:5764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
9⤵
- Program crash
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51156.exe
8⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4927.exe
9⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44665.exe
10⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8357.exe
11⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6972.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5450.exe
13⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 236
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
12⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10935.exe
9⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50237.exe
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57073.exe
11⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65189.exe
12⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 236
12⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
11⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
9⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
8⤵
- Program crash
PID:2360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
7⤵
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20060.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30376.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10073.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
9⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14635.exe
10⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30980.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30248.exe
11⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8223.exe
12⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59346.exe
13⤵
PID:11712

C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17076.exe
14⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
13⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
12⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 220
11⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 216
10⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15055.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7534.exe
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28822.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
12⤵
PID:11064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64622.exe
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11064 -s 236
13⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 236
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6104 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
10⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 220
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
8⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64879.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38993.exe
10⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24056.exe
11⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1880.exe
12⤵
PID:11464

C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32216.exe
13⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 236
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5300 -s 216
11⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 236
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
8⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37763.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48868.exe
8⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48678.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64026.exe
10⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10889.exe
11⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14633.exe
12⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
13⤵
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
13⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
12⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 236
11⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
9⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8511.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7800.exe
10⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37907.exe
11⤵
PID:9264

C:\Users\Admin\AppData\Local\Temp\Unicorn-6385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6385.exe
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9264 -s 216
12⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
11⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
10⤵
PID:1764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
8⤵
- Program crash
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
7⤵
- Program crash
PID:1532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
6⤵
- Program crash
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24091.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65399.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9113.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-824.exe
9⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35411.exe
10⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49186.exe
11⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25730.exe
12⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
13⤵
PID:9232

C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64117.exe
14⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9232 -s 216
14⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 216
13⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
11⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31798.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4462.exe
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62376.exe
11⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8390.exe
12⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21483.exe
13⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 236
13⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
12⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
11⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21633.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35219.exe
9⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16000.exe
10⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6267.exe
11⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34157.exe
12⤵
PID:10168

C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10168 -s 216
13⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
12⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
10⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
PID:4272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
8⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63638.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6932.exe
8⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10932.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17155.exe
10⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60508.exe
11⤵
PID:7588

C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4130.exe
12⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6399.exe
13⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
13⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7588 -s 216
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
11⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
10⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 216
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47285.exe
9⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44444.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
11⤵
PID:9332

C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33454.exe
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9332 -s 236
12⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
11⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 236
9⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
8⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
7⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1626.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
7⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
8⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13067.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42263.exe
11⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28898.exe
12⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51543.exe
13⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
13⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 216
9⤵
PID:4460

C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45258.exe
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47762.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
11⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64804.exe
12⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 220
12⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 220
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
10⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
9⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 220
8⤵
PID:4812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 216
7⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
6⤵
- Program crash
PID:2888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-558.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 240
6⤵
- Program crash
PID:492

C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8833.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47854.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26732.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
8⤵
PID:664

C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47928.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
10⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24839.exe
11⤵
PID:6892

C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9553.exe
12⤵
PID:9640

C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12079.exe
13⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6892 -s 216
12⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
11⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
10⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 664 -s 236
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30558.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62438.exe
9⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1779.exe
10⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34018.exe
11⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52359.exe
12⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 216
12⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
11⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
8⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51068.exe
7⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-878.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39517.exe
9⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34634.exe
10⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8181.exe
11⤵
PID:10556

C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1697.exe
12⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10556 -s 216
12⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
10⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 220
7⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
6⤵
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57633.exe
7⤵
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38291.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48421.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55567.exe
10⤵
PID:7728

C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
11⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19986.exe
12⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 220
12⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7728 -s 216
11⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
10⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
9⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 236
8⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14829.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58807.exe
8⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57852.exe
9⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32827.exe
10⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2252.exe
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
11⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 220
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
8⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
7⤵
PID:4256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 220
6⤵
- Program crash
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 240
5⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40886.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1590.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44732.exe
9⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40543.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6259.exe
11⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25887.exe
12⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4944.exe
13⤵
PID:9296

C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6225.exe
14⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9296 -s 236
14⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
13⤵
PID:9824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
12⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
11⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
10⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
9⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6554.exe
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
11⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-29614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29614.exe
12⤵
PID:9828

C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58626.exe
13⤵
PID:11304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9828 -s 216
13⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
11⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 236
10⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
9⤵
- Program crash
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8421.exe
8⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53724.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36565.exe
10⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22045.exe
11⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47979.exe
12⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37957.exe
13⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
13⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
12⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 216
11⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 236
10⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
9⤵
- Program crash
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
8⤵
- Program crash
PID:1940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
7⤵
- Program crash
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38216.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53981.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26175.exe
8⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14476.exe
9⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54204.exe
11⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54928.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26406.exe
13⤵
PID:12108

C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21655.exe
13⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 220
13⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
12⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 236
10⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 236
9⤵
- Program crash
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44109.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53559.exe
10⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-48683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48683.exe
11⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
12⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 236
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
11⤵
PID:11580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
8⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57949.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-5260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5260.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56316.exe
10⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
10⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42957.exe
11⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33439.exe
12⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
12⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 220
10⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
9⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
8⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
7⤵
- Program crash
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
6⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22696.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4436.exe
8⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10296.exe
11⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58125.exe
12⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43141.exe
13⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
12⤵
PID:11148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
11⤵
PID:8236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 216
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31082.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30385.exe
9⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
10⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45904.exe
11⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11569.exe
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
12⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
11⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
10⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
9⤵
PID:6268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
8⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11981.exe
7⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52484.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6522.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
10⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52803.exe
11⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55651.exe
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 236
12⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 216
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16658.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41188.exe
7⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36947.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37648.exe
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24649.exe
10⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
11⤵
PID:10380

C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49968.exe
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10380 -s 236
12⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
9⤵
PID:6952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9401.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-44161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44161.exe
8⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11659.exe
9⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37665.exe
10⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52080.exe
11⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 220
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
10⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
9⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
8⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
7⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
6⤵
- Program crash
PID:2004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
5⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11014.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46457.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56546.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34412.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22418.exe
8⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28862.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39638.exe
10⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45476.exe
11⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
12⤵
PID:9304

C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
13⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9304 -s 216
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
12⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 216
9⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49064.exe
8⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56259.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60244.exe
10⤵
PID:6784

C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1124.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10906.exe
12⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 236
12⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6784 -s 216
11⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 216
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
8⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59449.exe
7⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54298.exe
8⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33599.exe
9⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
10⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33706.exe
11⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
11⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
10⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
9⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
8⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
7⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62102.exe
6⤵
- Executes dropped EXE
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
7⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52536.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42677.exe
9⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26133.exe
10⤵
PID:7580

C:\Users\Admin\AppData\Local\Temp\Unicorn-51178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51178.exe
11⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55564.exe
12⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7580 -s 216
11⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
10⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 236
8⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4684.exe
7⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11059.exe
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5164.exe
9⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41854.exe
10⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42488.exe
11⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
11⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
10⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
9⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
8⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
7⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
6⤵
- Program crash
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62747.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13358.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43772.exe
7⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18548.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26880.exe
9⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37380.exe
10⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63412.exe
11⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 236
11⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
10⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
9⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 216
8⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
7⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58909.exe
6⤵
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60880.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12107.exe
8⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65376.exe
9⤵
PID:6584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60584.exe
10⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31377.exe
11⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6584 -s 216
10⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
9⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
8⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1984 -s 236
7⤵
- Program crash
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 240
6⤵
- Program crash
PID:3156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
5⤵
- Program crash
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57242.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2549.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29297.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
8⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56272.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1796.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27433.exe
12⤵
PID:9288

C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
13⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9288 -s 216
13⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 220
12⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
10⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
9⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 236
8⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
7⤵
- Program crash
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58139.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27308.exe
7⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39076.exe
8⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22578.exe
9⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3273.exe
10⤵
PID:5304

C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55792.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26421.exe
12⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
13⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 216
12⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5304 -s 216
11⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
10⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16941.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6939.exe
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-23722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23722.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31029.exe
11⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35091.exe
12⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
12⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
10⤵
PID:8396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 220
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47352.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44353.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44218.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61967.exe
11⤵
PID:10520

C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5313.exe
12⤵
PID:12684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 216
12⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
11⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 216
8⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
7⤵
- Program crash
PID:3360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
6⤵
- Program crash
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25854.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27953.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13953.exe
7⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20313.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-37671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37671.exe
10⤵
PID:7340

C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59451.exe
11⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27603.exe
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7340 -s 216
11⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:8476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
8⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 216
7⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
6⤵
- Program crash
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
5⤵
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2758.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63317.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43196.exe
7⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32458.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46114.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19582.exe
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
11⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40006.exe
12⤵
PID:3700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 236
12⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
11⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
8⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
7⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14655.exe
8⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-58708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58708.exe
9⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51368.exe
10⤵
PID:9988

C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20123.exe
11⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
10⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
9⤵
PID:7244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 236
8⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
- Program crash
PID:3636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
6⤵
- Program crash
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8087.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1416 -s 220
6⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
5⤵
- Program crash
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9198.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41688.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20148.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-857.exe
7⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24167.exe
8⤵
PID:816

C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1716.exe
9⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12403.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
11⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17482.exe
12⤵
PID:9524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32644.exe
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9524 -s 220
13⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 216
12⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
10⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 816 -s 216
9⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32670.exe
8⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1021.exe
9⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
10⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-47530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47530.exe
11⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57700.exe
12⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
11⤵
PID:10580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 216
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 220
8⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36807.exe
7⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1664.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49710.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26375.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51105.exe
11⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61849.exe
12⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 236
12⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 236
10⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 236
9⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
8⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
7⤵
- Program crash
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24463.exe
6⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12241.exe
7⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3392.exe
8⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19859.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26185.exe
10⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37229.exe
11⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
12⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 220
11⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47528.exe
7⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17012.exe
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
9⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43652.exe
10⤵
PID:9564

C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53316.exe
11⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9564 -s 220
11⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 220
10⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
9⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
8⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
7⤵
- Program crash
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
6⤵
- Program crash
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9623.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55517.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21458.exe
7⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37767.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
9⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20106.exe
10⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58245.exe
11⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-45473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45473.exe
12⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 216
12⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
11⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11773.exe
8⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41336.exe
9⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14600.exe
10⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32124.exe
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
11⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7032 -s 216
10⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
9⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
8⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
7⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29002.exe
6⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58628.exe
7⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47531.exe
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
9⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-25373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25373.exe
10⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50213.exe
11⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
11⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
10⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
9⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
8⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 216
7⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
6⤵
- Program crash
PID:3276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
5⤵
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43451.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
5⤵
- Program crash
PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
4⤵
- Program crash
PID:2864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 240
2⤵
- Program crash
PID:2288

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
Filesize
184KB

MD5
5ae1853ff5535f258b7c3035bf5f507c

SHA1
2b1bb5ee4de83a08f90c224b12ccd2f966f75ac9

SHA256
77e247dec485e40ccd23cf7dd3fd6295b66205d12fb01ce53ef948fbdf4a83cf

SHA512
d886d7e0514823e651df6725cfb1adf0b07043e3ee0adce49a46d28d40169cd7c22e09ab9166f2ecc2a9b8c2291beef271a4c0e1bc05cf3ee9ec092a886f1095

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2931.exe
Filesize
184KB

MD5
99c1934ed19e20508fe725f48acc63aa

SHA1
37c566e54be85449e9283d48ae99ea649bfbfe87

SHA256
d4bd41ebd832c3d944c22b4acf4fc60d18f4f3eb8065efd4d4cdf9c023f56599

SHA512
9eede750baf8eeb8355c786bd21794331518e0dde6bdc888ad06ab893872c07ece6a6175aa975f14ea051fb3e1137bc680a7e0df5b3f5a9d556c57d44e3d0f40

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31397.exe
Filesize
184KB

MD5
44b0bf209b0786ca6553887bc7cfcc32

SHA1
2af1c9d442f3627cf0b09c3835bb1725cf196ccc

SHA256
4a104cf3e5ad5458b4a010814e7daf33ff79fd3f110797bf4044ac6455e07688

SHA512
1a38b578fa59c89987b7946b0dee65748132208893e75afcaf62629e071252aca3982489c59a622641986e8ff32c94fa0a73cc8fa98690757433617d3eb87fe7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35588.exe
Filesize
184KB

MD5
32ad2ab5a2f536d31e6d021c7019404b

SHA1
4802aae496324033a0530d32acc548d9e40e7784

SHA256
552a08dc0bfa7efbb73c2bfee41e985b1412e2d568a21ee9fa7eb5f8bb3441ea

SHA512
58a019824f9d0d6111ad620bc582e287e8f1d8ee5ddc9e6126b2531f9df482d7d38d10d367a19e246f63a3c8150a5ea3eb0998559e5632095c6fc3b66a7ff666

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40822.exe
Filesize
184KB

MD5
d248f9e9d7f133abfe670af1f228e3d8

SHA1
0fa7b4d308197dd620b6d8cf49b0a918e52b8184

SHA256
827c5d0ccc491b80f439e259162f4c6b72e1424d907963b5745141cf295f5d67

SHA512
d4a269d2934a2d69cd557a7f96e23eace43cc83f5e7691fc42dc090e1176c8cd7d64d787b6ea84e23475f0e6a9b2652cf0ec85fd68245b73781b9de807e99d0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41014.exe
Filesize
184KB

MD5
ef2521dedaca9383a39f4c412ded60ad

SHA1
1b721a56b291345cae9541825e386f041610effa

SHA256
120c054d2e1aee2a63c5ad6d2050f0660e4e3d6fbabaef75fdc74d1f4eae2cff

SHA512
1a272d782e07fe12067dbfd6685810de09ee571d762000134993c030a18b94fc3956f5cf666a7ebbcbdf0bf6977fa17571abe219e93c9021c087a39371f89f01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43675.exe
Filesize
184KB

MD5
fb948c26900898884a9fb2bcf642a886

SHA1
e5758ef43f0b97b8a912b79ea69e8b670f07cdad

SHA256
064e85d4810bd0c0f460f05418b06df4b31191d846d3347750f8e0bcfe63017f

SHA512
7efea01065d90cff084bc01dd13997dfa1cf8e3f9fe17b5d98b20901957ef054b636fc9a005518292d9c07fb4ca31c5269ed132ed617f8a863337243339b49f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45257.exe
Filesize
184KB

MD5
d5383eebf193d689e0f98927259ca2e9

SHA1
3567b5723a504e8e49cf7b0da7a2d500c4acd59d

SHA256
6c8e04a21be4c665a762c384ba9c4ec0c4a94e3c3452bfe73ee646bff550fce0

SHA512
59a906492bf506315061867501ba4d4665b3cf553b98e5fbd9e097996119256c036d407e61e520ed7e1b94c49862c21b2abf587d4b19594eadb9547cc74b7528

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
Filesize
184KB

MD5
d5909f7409477f608d89dcddeecb3df0

SHA1
9a7cfae8a66569e80708a75fb8b3c11e5b91e983

SHA256
f0a7544216d8a63dae007ac85923442f1a99953a6ab0c93518c7086d16a943f7

SHA512
ddc263baccf71b04d4e4b54c4a1f3cf5456b736d5442f1e3efd9bd9de240681cc102b9d718fb550cdb9ef7b4090b6aa2112c82e780c8b27fcc3d559a33a8fa1c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6041.exe
Filesize
184KB

MD5
ede5f394387854f0c0f585c8cbe75cd8

SHA1
0f2aad01a3507973ac39b7b2ba5ff9f3ed42054a

SHA256
34db3e9920fb289200dbf337079d1b7428d60eac7849d289b3380c3ceb84e72f

SHA512
33f6097bb8118bedd310411dd3d7e8fe7e841e015d3cdd91c2aae1a6c3ed9dcca08b9603038f21b42e11991293239750870d3003e520de1c8de9c997156cfba9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-61464.exe
Filesize
184KB

MD5
a58feb7a073f062d34664fe5af8b5313

SHA1
300f0d2d48038d9ae0015eb31364b12fc7b209fd

SHA256
d94e197d69f4d830da19c1e9e1826829351d152ac42c08af8fc8637e32926a37

SHA512
e51b7c3daf7ff575ad1e297b79b8c3e70399b3ddc6dffd27f2fb311730e7a046934f0bfc9ba6dc2552563bd1943835847297f68a077f2636d09f19e7366d8b5f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-855.exe
Filesize
184KB

MD5
8edddb8419dbaaa9f6f2e4dff0a7116b

SHA1
d2df68a4c71b4ba7a130645254300b4e71658575

SHA256
fc07e05ea276ee2373ae7b9102e64d3da39f52c18d1f7bfc9daad9934e2980a9

SHA512
3bf5872213972433ac878235ff22237dd3fc04ae5530bd7403b0bffbcbd1aeec379ca14f951e5a90dfd332d0f0714a4bf32579734ff9aaf65c1ed2039dbad113

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17626.exe
Filesize
184KB

MD5
0bd28fd114b55dbaed12da4274a21de3

SHA1
60152e9f83d420464a3a2a65ceeca55ea16f15d5

SHA256
314b44a4930e584ce2e4db6058f3b49fd8b93bc5fecde2ce2d33f660a4da8e51

SHA512
0aebdfb1da2b908df5884ea0afae2625088b51434d91bb976916a60b8565c14ffe159cf478f575e51100717fe6b4ac835a03f86dc44b21a348a9fd3b097889d9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21908.exe
Filesize
184KB

MD5
52186d1bf5f33f428abb762b82f2235a

SHA1
e401880c2fd05433bc0d711e483e29356d582b95

SHA256
525024f2987c0b7a6594c27a569cd9c63304bb2a56543c528443b8258b29d947

SHA512
7dab03bb4fdd468f8e3333c62df7c2e646201a39a40307d2ac46b401490abbad0244588b612d0e10f0913c0cc9541c7d7214aa3db441e33242ebbbcea0c9974c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
Filesize
184KB

MD5
492dd1aed6dabaa85a805894674161e5

SHA1
ae8b69bb5823dd7e9ceec8d1b314361f351188c3

SHA256
1191093607dda05f13dea92e2aac944cedc05fd22f7315991a0370a3a9068ccc

SHA512
89372f33b7e92a757edb8b88996a5a0a4a0bd934625d5932c5692a4ed774231d8ebcfbd6a3473d9930ff5498af5da15236b5486bd61e12124802ec39bea9ee61

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
Filesize
184KB

MD5
4e9038a536a9b5b43bfac1829e25fca2

SHA1
658021e6045f7e221c31ca8ab05911f2fa408062

SHA256
074f45acae68f0e4afbcb10447653d2da8c34e616f6571565ea8668e8bd1e03e

SHA512
6959b8ba7ab554513ea806068ee3593b7d2be3d91da363ec7112b5251016babc63cf681d8e1c7734fe98f8c2fad4c218fc529669b8606f1111a907d473121eca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36974.exe
Filesize
184KB

MD5
efcc2d2f62b6275b8524045df5819114

SHA1
8ee71917079ddcfaf8a14a4357907c8fc1775fbf

SHA256
212875570496a28511d752f067c65d35b382d56c46e665b5057b4318cc3f738a

SHA512
965ea5e80cc9ef0959d506be35083c9e61e059d36ff649dd6c75fb0992609646d463c00f3893f0e7e943bd3c45f5e8a94eae088575c6d86dac48a016be25f15f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46176.exe
Filesize
184KB

MD5
04cdcf4d605715799b606b00a63cfd1e

SHA1
ac4976385ae36c3bf18552ece501b45c8cf2de71

SHA256
9facfa2cc16b28466d5af5667e765ad22692b5985d0ef46392548b79d6749b80

SHA512
7f3ddb3c54f39e404e0d435d46d95b73c419bdba830633af06ff71b732ae21eab2490379d2bf22d1041f47a34fa947bade67a6a667254ad2663895e643cff44d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48861.exe
Filesize
184KB

MD5
509ac2fc450492afa04dd0f8d81ab41f

SHA1
6b381076d03dab279f918514f73c86e1e4f4fa28

SHA256
7cf2e4a61a88fbb60cd7c8d6e40c79bb6d7dee6a677e053b75bdb140d45ddb2d

SHA512
dfbd3488f2b09a6d6212b81ecd4427ceede7fe7606b0901b96472d8170f1f15a16fe2c0e373fe19fc279e928d770a46a8f254fad2d8097b6d004c5c0b96be0ce

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53587.exe
Filesize
184KB

MD5
22ba22517c7fd6e6e6046ff8bed77e51

SHA1
41b7d684aef5b44ca81378923e8d8fd158366438

SHA256
1ab7f372cc0e01a2da1aaac39751bc7d16051dd780ad3475b30723c68200ee58

SHA512
878e0c019e1d08e1a2310a202fdac0c1360125bc2d2699495a959a4330da40002f43f5ae386ab5aae594683ed03c624fc15bcd1802de8d71a0d0ddd5738774c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60490.exe
Filesize
184KB

MD5
89a09ccd6d41ce41d9a4d4d73c6ef929

SHA1
728e78332c4c9d474cc315ad915471b61f53b958

SHA256
135851c62e32fcd419d073dd4b1e986fb437f363c59720d6535aaae3ba40870a

SHA512
7e31d7fac7fb14448ded9e3f2ee1c4d707cdbe20449ddd724122aba40d0e8e0a7d7fc633391e6b55c6cf0ad5d6ea5e88e16d43835d31a9d04a3ed67eb5829701

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
Filesize
184KB

MD5
b7e3ecaf7aa0a630a765c67a4dcf5bea

SHA1
f4b0fa68a71905ee3c5254bc09644fcb044ad978

SHA256
0399f1783cf76045ce330e1503d7d68ce346b3afbb406c1e8dd2a926e73ab7fa

SHA512
9911de2d3c0e34773fdb486c26ba53aac031b2ce73b3f014fcbd700c57ddf837095388fc6c9fafc7823dc884706b15020e50c760d335cc3f4bd0a5bf52dcdea4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads