9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f

Analysis

max time kernel
149s
max time network
118s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
Size

184KB
MD5

978b484909c4a822f6e40724ff815d4e
SHA1

e1e0a876f0943ed62cf6c325fbaf49d04136ce1d
SHA256

9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f
SHA512

f3b142fc45d1a159223ec7a4661336741726830141d907d151919e1aa2e8631a62a6422124331fe80bb4279082d78c7e2473791a1cb266903ee6006cc5da5d9b
SSDEEP

3072:CYL3HxoTEJOTdGkWoswLRKzshl2ViFDbn3:CYdonJGkJLYzshl2ViFDb

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-53695.exeUnicorn-17446.exeUnicorn-28498.exeUnicorn-45044.exeUnicorn-17826.exeUnicorn-63497.exeUnicorn-32313.exeUnicorn-29276.exeUnicorn-26776.exeUnicorn-60771.exeUnicorn-32889.exeUnicorn-2975.exeUnicorn-49607.exeUnicorn-49187.exeUnicorn-49187.exeUnicorn-49187.exeUnicorn-64324.exeUnicorn-37018.exeUnicorn-17152.exeUnicorn-31635.exeUnicorn-11769.exeUnicorn-51697.exeUnicorn-44209.exeUnicorn-44209.exeUnicorn-46025.exeUnicorn-5018.exeUnicorn-42481.exeUnicorn-52766.exeUnicorn-7094.exeUnicorn-24692.exeUnicorn-8438.exeUnicorn-54110.exeUnicorn-19410.exeUnicorn-30462.exeUnicorn-3156.exeUnicorn-50904.exeUnicorn-31038.exeUnicorn-30710.exeUnicorn-37761.exeUnicorn-30741.exeUnicorn-42369.exeUnicorn-11415.exeUnicorn-17529.exeUnicorn-45411.exeUnicorn-34742.exeUnicorn-9272.exeUnicorn-6236.exeUnicorn-26102.exeUnicorn-57020.exeUnicorn-9848.exeUnicorn-37730.exeUnicorn-52314.exeUnicorn-33024.exeUnicorn-52890.exeUnicorn-11691.exeUnicorn-30912.exeUnicorn-13123.exeUnicorn-59439.exeUnicorn-51354.exeUnicorn-25309.exeUnicorn-55267.exeUnicorn-39049.exeUnicorn-34494.exeUnicorn-57799.exe

pid	process
2912	Unicorn-53695.exe
2516	Unicorn-17446.exe
2768	Unicorn-28498.exe
2432	Unicorn-45044.exe
2404	Unicorn-17826.exe
1724	Unicorn-63497.exe
1372	Unicorn-32313.exe
2476	Unicorn-29276.exe
2704	Unicorn-26776.exe
320	Unicorn-60771.exe
2368	Unicorn-32889.exe
2084	Unicorn-2975.exe
1628	Unicorn-49607.exe
2732	Unicorn-49187.exe
1112	Unicorn-49187.exe
2236	Unicorn-49187.exe
268	Unicorn-64324.exe
1124	Unicorn-37018.exe
580	Unicorn-17152.exe
1052	Unicorn-31635.exe
3044	Unicorn-11769.exe
1260	Unicorn-51697.exe
1800	Unicorn-44209.exe
768	Unicorn-44209.exe
2784	Unicorn-46025.exe
904	Unicorn-5018.exe
568	Unicorn-42481.exe
2128	Unicorn-52766.exe
1576	Unicorn-7094.exe
1664	Unicorn-24692.exe
2804	Unicorn-8438.exe
2056	Unicorn-54110.exe
2144	Unicorn-19410.exe
2532	Unicorn-30462.exe
2416	Unicorn-3156.exe
2572	Unicorn-50904.exe
2472	Unicorn-31038.exe
1736	Unicorn-30710.exe
1620	Unicorn-37761.exe
2340	Unicorn-30741.exe
2172	Unicorn-42369.exe
1528	Unicorn-11415.exe
1496	Unicorn-17529.exe
2332	Unicorn-45411.exe
2288	Unicorn-34742.exe
2720	Unicorn-9272.exe
2712	Unicorn-6236.exe
2948	Unicorn-26102.exe
2228	Unicorn-57020.exe
1908	Unicorn-9848.exe
1972	Unicorn-37730.exe
1064	Unicorn-52314.exe
1876	Unicorn-33024.exe
2872	Unicorn-52890.exe
2624	Unicorn-11691.exe
1436	Unicorn-30912.exe
1856	Unicorn-13123.exe
1532	Unicorn-59439.exe
2620	Unicorn-51354.exe
2544	Unicorn-25309.exe
2836	Unicorn-55267.exe
2456	Unicorn-39049.exe
1924	Unicorn-34494.exe
1280	Unicorn-57799.exe

Loads dropped DLL 64 IoCs

Processes:

9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exeUnicorn-53695.exeUnicorn-28498.exeUnicorn-17446.exeWerFault.exeUnicorn-45044.exeUnicorn-63497.exeUnicorn-17826.exeWerFault.exeWerFault.exeUnicorn-32313.exeUnicorn-29276.exeUnicorn-32889.exeUnicorn-26776.exeUnicorn-60771.exeWerFault.exeWerFault.exe

pid	process
2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
2912	Unicorn-53695.exe
2912	Unicorn-53695.exe
2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
2768	Unicorn-28498.exe
2768	Unicorn-28498.exe
2912	Unicorn-53695.exe
2516	Unicorn-17446.exe
2912	Unicorn-53695.exe
2516	Unicorn-17446.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2160	WerFault.exe
2432	Unicorn-45044.exe
2432	Unicorn-45044.exe
2768	Unicorn-28498.exe
2768	Unicorn-28498.exe
1724	Unicorn-63497.exe
2404	Unicorn-17826.exe
2404	Unicorn-17826.exe
1724	Unicorn-63497.exe
2516	Unicorn-17446.exe
2516	Unicorn-17446.exe
1584	WerFault.exe
1584	WerFault.exe
1584	WerFault.exe
1584	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
1584	WerFault.exe
1372	Unicorn-32313.exe
1372	Unicorn-32313.exe
2432	Unicorn-45044.exe
2432	Unicorn-45044.exe
2476	Unicorn-29276.exe
2368	Unicorn-32889.exe
2704	Unicorn-26776.exe
2704	Unicorn-26776.exe
2476	Unicorn-29276.exe
2368	Unicorn-32889.exe
1724	Unicorn-63497.exe
1724	Unicorn-63497.exe
320	Unicorn-60771.exe
2404	Unicorn-17826.exe
320	Unicorn-60771.exe
2404	Unicorn-17826.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2268	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe
2148	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2944	2272	WerFault.exe	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
2160	2912	WerFault.exe	Unicorn-53695.exe
1584	2768	WerFault.exe	Unicorn-28498.exe
2036	2516	WerFault.exe	Unicorn-17446.exe
2268	2432	WerFault.exe	Unicorn-45044.exe
2148	1724	WerFault.exe	Unicorn-63497.exe
2940	2404	WerFault.exe	Unicorn-17826.exe
1944	1372	WerFault.exe	Unicorn-32313.exe
2500	2476	WerFault.exe	Unicorn-29276.exe
2120	2704	WerFault.exe	Unicorn-26776.exe
1964	2368	WerFault.exe	Unicorn-32889.exe
2560	320	WerFault.exe	Unicorn-60771.exe
2052	1576	WerFault.exe	Unicorn-7094.exe
2136	1112	WerFault.exe	Unicorn-49187.exe
1712	2084	WerFault.exe	Unicorn-2975.exe
1072	1628	WerFault.exe	Unicorn-49607.exe
2376	2732	WerFault.exe	Unicorn-49187.exe
1956	2236	WerFault.exe	Unicorn-49187.exe
800	1124	WerFault.exe	Unicorn-37018.exe
1304	268	WerFault.exe	Unicorn-64324.exe
2788	580	WerFault.exe	Unicorn-17152.exe
540	1908	WerFault.exe	Unicorn-9848.exe
984	2288	WerFault.exe	Unicorn-34742.exe
1412	2784	WerFault.exe	Unicorn-46025.exe
2324	904	WerFault.exe	Unicorn-5018.exe
1740	1052	WerFault.exe	Unicorn-31635.exe
2592	3044	WerFault.exe	Unicorn-11769.exe
1360	1260	WerFault.exe	Unicorn-51697.exe
1272	1800	WerFault.exe	Unicorn-44209.exe
496	768	WerFault.exe	Unicorn-44209.exe
2016	1664	WerFault.exe	Unicorn-24692.exe
2736	568	WerFault.exe	Unicorn-42481.exe
2392	2128	WerFault.exe	Unicorn-52766.exe
1424	2056	WerFault.exe	Unicorn-54110.exe
2772	2804	WerFault.exe	Unicorn-8438.exe
1448	1496	WerFault.exe	Unicorn-17529.exe
2608	876	WerFault.exe	Unicorn-50158.exe
3096	1048	WerFault.exe	Unicorn-57086.exe
3116	3048	WerFault.exe	Unicorn-55550.exe
3132	1936	WerFault.exe	Unicorn-32800.exe
3208	1972	WerFault.exe	Unicorn-37730.exe
3220	2228	WerFault.exe	Unicorn-57020.exe
3280	2948	WerFault.exe	Unicorn-26102.exe
3448	2144	WerFault.exe	Unicorn-19410.exe
3472	2532	WerFault.exe	Unicorn-30462.exe
3504	2416	WerFault.exe	Unicorn-3156.exe
3528	2572	WerFault.exe	Unicorn-50904.exe
3560	2472	WerFault.exe	Unicorn-31038.exe
3676	2172	WerFault.exe	Unicorn-42369.exe
3716	1736	WerFault.exe	Unicorn-30710.exe
3740	2340	WerFault.exe	Unicorn-30741.exe
3764	1620	WerFault.exe	Unicorn-37761.exe
3788	2712	WerFault.exe	Unicorn-6236.exe
3812	1528	WerFault.exe	Unicorn-11415.exe
3864	2332	WerFault.exe	Unicorn-45411.exe
3928	2988	WerFault.exe	Unicorn-34294.exe
992	2724	WerFault.exe	Unicorn-8161.exe
3300	2412	WerFault.exe	Unicorn-37335.exe
3352	2644	WerFault.exe	Unicorn-57393.exe
3324	1592	WerFault.exe	Unicorn-59282.exe
3912	3236	WerFault.exe	Unicorn-16582.exe
4016	2044	WerFault.exe	Unicorn-21836.exe
3644	1896	WerFault.exe	Unicorn-49910.exe
3672	1064	WerFault.exe	Unicorn-52314.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exeUnicorn-53695.exeUnicorn-28498.exeUnicorn-17446.exeUnicorn-45044.exeUnicorn-63497.exeUnicorn-17826.exeUnicorn-32313.exeUnicorn-29276.exeUnicorn-60771.exeUnicorn-26776.exeUnicorn-32889.exeUnicorn-2975.exeUnicorn-49607.exeUnicorn-49187.exeUnicorn-49187.exeUnicorn-49187.exeUnicorn-64324.exeUnicorn-37018.exeUnicorn-17152.exeUnicorn-31635.exeUnicorn-11769.exeUnicorn-51697.exeUnicorn-44209.exeUnicorn-44209.exeUnicorn-46025.exeUnicorn-5018.exeUnicorn-52766.exeUnicorn-24692.exeUnicorn-42481.exeUnicorn-7094.exeUnicorn-54110.exeUnicorn-8438.exeUnicorn-19410.exeUnicorn-30462.exeUnicorn-3156.exeUnicorn-50904.exeUnicorn-31038.exeUnicorn-30710.exeUnicorn-37761.exeUnicorn-30741.exeUnicorn-42369.exeUnicorn-17529.exeUnicorn-11415.exeUnicorn-45411.exeUnicorn-34742.exeUnicorn-9272.exeUnicorn-6236.exeUnicorn-26102.exeUnicorn-57020.exeUnicorn-9848.exeUnicorn-37730.exeUnicorn-52314.exeUnicorn-33024.exeUnicorn-52890.exeUnicorn-30912.exeUnicorn-11691.exeUnicorn-59439.exeUnicorn-13123.exeUnicorn-51354.exeUnicorn-25309.exeUnicorn-55267.exeUnicorn-39049.exeUnicorn-57799.exe

pid	process
2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
2912	Unicorn-53695.exe
2768	Unicorn-28498.exe
2516	Unicorn-17446.exe
2432	Unicorn-45044.exe
1724	Unicorn-63497.exe
2404	Unicorn-17826.exe
1372	Unicorn-32313.exe
2476	Unicorn-29276.exe
320	Unicorn-60771.exe
2704	Unicorn-26776.exe
2368	Unicorn-32889.exe
2084	Unicorn-2975.exe
1628	Unicorn-49607.exe
2732	Unicorn-49187.exe
2236	Unicorn-49187.exe
1112	Unicorn-49187.exe
268	Unicorn-64324.exe
1124	Unicorn-37018.exe
580	Unicorn-17152.exe
1052	Unicorn-31635.exe
3044	Unicorn-11769.exe
1260	Unicorn-51697.exe
1800	Unicorn-44209.exe
768	Unicorn-44209.exe
2784	Unicorn-46025.exe
904	Unicorn-5018.exe
2128	Unicorn-52766.exe
1664	Unicorn-24692.exe
568	Unicorn-42481.exe
1576	Unicorn-7094.exe
2056	Unicorn-54110.exe
2804	Unicorn-8438.exe
2144	Unicorn-19410.exe
2532	Unicorn-30462.exe
2416	Unicorn-3156.exe
2572	Unicorn-50904.exe
2472	Unicorn-31038.exe
1736	Unicorn-30710.exe
1620	Unicorn-37761.exe
2340	Unicorn-30741.exe
2172	Unicorn-42369.exe
1496	Unicorn-17529.exe
1528	Unicorn-11415.exe
2332	Unicorn-45411.exe
2288	Unicorn-34742.exe
2720	Unicorn-9272.exe
2712	Unicorn-6236.exe
2948	Unicorn-26102.exe
2228	Unicorn-57020.exe
1908	Unicorn-9848.exe
1972	Unicorn-37730.exe
1064	Unicorn-52314.exe
1876	Unicorn-33024.exe
2872	Unicorn-52890.exe
1436	Unicorn-30912.exe
2624	Unicorn-11691.exe
1532	Unicorn-59439.exe
1856	Unicorn-13123.exe
2620	Unicorn-51354.exe
2544	Unicorn-25309.exe
2836	Unicorn-55267.exe
2456	Unicorn-39049.exe
1280	Unicorn-57799.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exeUnicorn-53695.exeUnicorn-28498.exeUnicorn-17446.exeUnicorn-45044.exeUnicorn-17826.exeUnicorn-63497.exeUnicorn-32313.exe

description	pid	process	target process
PID 2272 wrote to memory of 2912	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-53695.exe
PID 2272 wrote to memory of 2912	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-53695.exe
PID 2272 wrote to memory of 2912	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-53695.exe
PID 2272 wrote to memory of 2912	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-53695.exe
PID 2912 wrote to memory of 2516	2912	Unicorn-53695.exe	Unicorn-17446.exe
PID 2912 wrote to memory of 2516	2912	Unicorn-53695.exe	Unicorn-17446.exe
PID 2912 wrote to memory of 2516	2912	Unicorn-53695.exe	Unicorn-17446.exe
PID 2912 wrote to memory of 2516	2912	Unicorn-53695.exe	Unicorn-17446.exe
PID 2272 wrote to memory of 2768	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-28498.exe
PID 2272 wrote to memory of 2768	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-28498.exe
PID 2272 wrote to memory of 2768	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-28498.exe
PID 2272 wrote to memory of 2768	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	Unicorn-28498.exe
PID 2272 wrote to memory of 2944	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	WerFault.exe
PID 2272 wrote to memory of 2944	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	WerFault.exe
PID 2272 wrote to memory of 2944	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	WerFault.exe
PID 2272 wrote to memory of 2944	2272	9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe	WerFault.exe
PID 2768 wrote to memory of 2432	2768	Unicorn-28498.exe	Unicorn-45044.exe
PID 2768 wrote to memory of 2432	2768	Unicorn-28498.exe	Unicorn-45044.exe
PID 2768 wrote to memory of 2432	2768	Unicorn-28498.exe	Unicorn-45044.exe
PID 2768 wrote to memory of 2432	2768	Unicorn-28498.exe	Unicorn-45044.exe
PID 2912 wrote to memory of 1724	2912	Unicorn-53695.exe	Unicorn-63497.exe
PID 2912 wrote to memory of 1724	2912	Unicorn-53695.exe	Unicorn-63497.exe
PID 2912 wrote to memory of 1724	2912	Unicorn-53695.exe	Unicorn-63497.exe
PID 2912 wrote to memory of 1724	2912	Unicorn-53695.exe	Unicorn-63497.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-17446.exe	Unicorn-17826.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-17446.exe	Unicorn-17826.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-17446.exe	Unicorn-17826.exe
PID 2516 wrote to memory of 2404	2516	Unicorn-17446.exe	Unicorn-17826.exe
PID 2912 wrote to memory of 2160	2912	Unicorn-53695.exe	WerFault.exe
PID 2912 wrote to memory of 2160	2912	Unicorn-53695.exe	WerFault.exe
PID 2912 wrote to memory of 2160	2912	Unicorn-53695.exe	WerFault.exe
PID 2912 wrote to memory of 2160	2912	Unicorn-53695.exe	WerFault.exe
PID 2432 wrote to memory of 1372	2432	Unicorn-45044.exe	Unicorn-32313.exe
PID 2432 wrote to memory of 1372	2432	Unicorn-45044.exe	Unicorn-32313.exe
PID 2432 wrote to memory of 1372	2432	Unicorn-45044.exe	Unicorn-32313.exe
PID 2432 wrote to memory of 1372	2432	Unicorn-45044.exe	Unicorn-32313.exe
PID 2768 wrote to memory of 2476	2768	Unicorn-28498.exe	Unicorn-29276.exe
PID 2768 wrote to memory of 2476	2768	Unicorn-28498.exe	Unicorn-29276.exe
PID 2768 wrote to memory of 2476	2768	Unicorn-28498.exe	Unicorn-29276.exe
PID 2768 wrote to memory of 2476	2768	Unicorn-28498.exe	Unicorn-29276.exe
PID 2404 wrote to memory of 2368	2404	Unicorn-17826.exe	Unicorn-32889.exe
PID 2404 wrote to memory of 2368	2404	Unicorn-17826.exe	Unicorn-32889.exe
PID 2404 wrote to memory of 2368	2404	Unicorn-17826.exe	Unicorn-32889.exe
PID 2404 wrote to memory of 2368	2404	Unicorn-17826.exe	Unicorn-32889.exe
PID 1724 wrote to memory of 2704	1724	Unicorn-63497.exe	Unicorn-26776.exe
PID 1724 wrote to memory of 2704	1724	Unicorn-63497.exe	Unicorn-26776.exe
PID 1724 wrote to memory of 2704	1724	Unicorn-63497.exe	Unicorn-26776.exe
PID 1724 wrote to memory of 2704	1724	Unicorn-63497.exe	Unicorn-26776.exe
PID 2516 wrote to memory of 320	2516	Unicorn-17446.exe	Unicorn-60771.exe
PID 2516 wrote to memory of 320	2516	Unicorn-17446.exe	Unicorn-60771.exe
PID 2516 wrote to memory of 320	2516	Unicorn-17446.exe	Unicorn-60771.exe
PID 2516 wrote to memory of 320	2516	Unicorn-17446.exe	Unicorn-60771.exe
PID 2768 wrote to memory of 1584	2768	Unicorn-28498.exe	WerFault.exe
PID 2768 wrote to memory of 1584	2768	Unicorn-28498.exe	WerFault.exe
PID 2768 wrote to memory of 1584	2768	Unicorn-28498.exe	WerFault.exe
PID 2768 wrote to memory of 1584	2768	Unicorn-28498.exe	WerFault.exe
PID 2516 wrote to memory of 2036	2516	Unicorn-17446.exe	WerFault.exe
PID 2516 wrote to memory of 2036	2516	Unicorn-17446.exe	WerFault.exe
PID 2516 wrote to memory of 2036	2516	Unicorn-17446.exe	WerFault.exe
PID 2516 wrote to memory of 2036	2516	Unicorn-17446.exe	WerFault.exe
PID 1372 wrote to memory of 2084	1372	Unicorn-32313.exe	Unicorn-2975.exe
PID 1372 wrote to memory of 2084	1372	Unicorn-32313.exe	Unicorn-2975.exe
PID 1372 wrote to memory of 2084	1372	Unicorn-32313.exe	Unicorn-2975.exe
PID 1372 wrote to memory of 2084	1372	Unicorn-32313.exe	Unicorn-2975.exe

C:\Users\Admin\AppData\Local\Temp\9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe
"C:\Users\Admin\AppData\Local\Temp\9b7597f1f2daa75114e54f794255e6711dfb73bc7ce05d247c92817ba62b6e7f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34494.exe
9⤵
- Executes dropped EXE
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
10⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40490.exe
11⤵
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 244
12⤵
PID:4900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 216
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
10⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4202.exe
11⤵
PID:4836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 224
12⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60626.exe
9⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46323.exe
10⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32262.exe
11⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 224
12⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
11⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
10⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
9⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57799.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8353.exe
9⤵
PID:2200

C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42026.exe
10⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42127.exe
11⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20745.exe
12⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4232.exe
13⤵
PID:7492

C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5783.exe
14⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25296.exe
15⤵
PID:13228

C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15337.exe
16⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13228 -s 216
16⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
15⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7492 -s 216
14⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 236
12⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 236
11⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2200 -s 236
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31013.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21385.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27489.exe
11⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59230.exe
12⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60132.exe
13⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64553.exe
14⤵
PID:13032

C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8198.exe
15⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13032 -s 236
15⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 236
14⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
13⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
12⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
9⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
8⤵
- Program crash
PID:496

C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42369.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25309.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24887.exe
9⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26105.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64119.exe
11⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41823.exe
12⤵
PID:5900

C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
13⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15456.exe
14⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22914.exe
15⤵
PID:13124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27426.exe
16⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13124 -s 236
16⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 216
15⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 220
14⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5900 -s 216
13⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
12⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 236
11⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24796.exe
9⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
11⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9178.exe
12⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34946.exe
13⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45259.exe
14⤵
PID:13092

C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2184.exe
15⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13092 -s 216
15⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 216
14⤵
PID:1852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
13⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 236
12⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
11⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
10⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 220
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44684.exe
8⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57599.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6454.exe
10⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18316.exe
11⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47630.exe
12⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16263.exe
13⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22262.exe
14⤵
PID:12712

C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
15⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10828 -s 216
14⤵
PID:13748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 216
13⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
12⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
11⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
10⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
9⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
8⤵
- Program crash
PID:3676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5018.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:904

C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34742.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 224
8⤵
- Program crash
PID:984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 904 -s 236
7⤵
- Program crash
PID:2324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 220
6⤵
- Program crash
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17152.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24692.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17529.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58339.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
9⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48596.exe
10⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58261.exe
11⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47212.exe
12⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20468.exe
13⤵
PID:8456

C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7060.exe
14⤵
PID:11352

C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
15⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11352 -s 216
15⤵
PID:14316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8456 -s 216
14⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
13⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
12⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
11⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
10⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46012.exe
10⤵
PID:5200

C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23286.exe
11⤵
PID:6872

C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38501.exe
12⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34461.exe
13⤵
PID:11456

C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28747.exe
14⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11456 -s 236
14⤵
PID:13996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 236
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6872 -s 216
12⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5200 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
9⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
8⤵
- Program crash
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20199.exe
7⤵
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
8⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2628.exe
9⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-529.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29506.exe
11⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60315.exe
12⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59811.exe
13⤵
PID:11644

C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9972.exe
14⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11644 -s 236
14⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 236
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
12⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 236
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
10⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 236
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48876.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
9⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32495.exe
10⤵
PID:7352

C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
11⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
12⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2636.exe
13⤵
PID:12444

C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64873.exe
14⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12444 -s 216
14⤵
PID:14156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
13⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7352 -s 236
11⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
10⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 220
8⤵
PID:4152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
7⤵
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45411.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32800.exe
7⤵
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 220
8⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62253.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46100.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31064.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3660.exe
10⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3708.exe
11⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
12⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50265.exe
13⤵
PID:12924

C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61549.exe
14⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12924 -s 216
14⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
13⤵
PID:13388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 236
11⤵
PID:9468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 236
10⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
7⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
6⤵
- Program crash
PID:2788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
5⤵
- Program crash
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42481.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9272.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
8⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
9⤵
PID:2044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 244
10⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27194.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53580.exe
10⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44671.exe
11⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
12⤵
PID:8848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 224
13⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
12⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
9⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49910.exe
8⤵
PID:1896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 244
9⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
7⤵
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58566.exe
8⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13069.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47548.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50860.exe
11⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7380 -s 224
12⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 216
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40643.exe
9⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23817.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
11⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43555.exe
12⤵
PID:11176

C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59980.exe
13⤵
PID:13148

C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5787.exe
14⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13148 -s 216
14⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11176 -s 216
13⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 220
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 236
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
10⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 220
8⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
7⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57086.exe
7⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 244
8⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-28018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28018.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58251.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2872.exe
9⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29828.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10152.exe
11⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22205.exe
12⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57388.exe
13⤵
PID:11788

C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9090.exe
14⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11788 -s 236
14⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 236
13⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 236
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5252 -s 216
10⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
9⤵
PID:4044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
8⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:3788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 240
6⤵
- Program crash
PID:800

C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52766.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26102.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
7⤵
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
8⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 248
7⤵
- Program crash
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50158.exe
6⤵
PID:876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 220
7⤵
- Program crash
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
6⤵
- Program crash
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
5⤵
- Program crash
PID:2560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55267.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38473.exe
9⤵
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42602.exe
10⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18152.exe
11⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 220
12⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
11⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 236
10⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5139.exe
9⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32454.exe
10⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-25429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25429.exe
11⤵
PID:7080

C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20506.exe
12⤵
PID:8600

C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34182.exe
13⤵
PID:344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 244
14⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8600 -s 236
13⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7080 -s 236
12⤵
PID:9804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5132 -s 216
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 236
10⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59282.exe
8⤵
PID:1592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 220
9⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
8⤵
- Program crash
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39049.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8161.exe
8⤵
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 244
9⤵
- Program crash
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27941.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10684.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59971.exe
10⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65398.exe
11⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27993.exe
12⤵
PID:11148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50684.exe
13⤵
PID:13296

C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13046.exe
14⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11148 -s 216
13⤵
PID:13708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 216
12⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
11⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
8⤵
PID:4684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
7⤵
- Program crash
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37761.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57379.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15146.exe
8⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25005.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53093.exe
9⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26163.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11434.exe
11⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17843.exe
12⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13711.exe
13⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46835.exe
14⤵
PID:11316

C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8342.exe
15⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11316 -s 236
15⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 236
14⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
13⤵
PID:11488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
12⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 236
11⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4500 -s 236
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 220
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15271.exe
9⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
10⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46530.exe
11⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45946.exe
12⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22342.exe
13⤵
PID:13224

C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43174.exe
14⤵
PID:13924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 216
13⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 236
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
11⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
8⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18607.exe
7⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22509.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12168.exe
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35169.exe
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 240
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
10⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
9⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 236
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
7⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
6⤵
- Program crash
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46025.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18275.exe
7⤵
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22796.exe
8⤵
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43988.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37156.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59102.exe
11⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3195.exe
12⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45901.exe
13⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31175.exe
14⤵
PID:11512

C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52736.exe
15⤵
PID:13460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11512 -s 236
15⤵
PID:13680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 236
14⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 220
13⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 216
12⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 236
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27770.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1105.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28546.exe
10⤵
PID:7256

C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
11⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45400.exe
12⤵
PID:11396

C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58716.exe
13⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11396 -s 216
13⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 216
12⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7256 -s 216
11⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
8⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37164.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31575.exe
8⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45052.exe
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48800.exe
10⤵
PID:7436

C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
11⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
12⤵
PID:11856

C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19542.exe
13⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11856 -s 236
13⤵
PID:13452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 236
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7436 -s 236
11⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
10⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
9⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
8⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
6⤵
- Program crash
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
5⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64324.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7094.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 224
6⤵
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37730.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4486.exe
6⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46924.exe
7⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5651.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17590.exe
9⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21219.exe
10⤵
PID:7536

C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41347.exe
11⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31829.exe
12⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53396.exe
13⤵
PID:13188

C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17634.exe
14⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13188 -s 236
14⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
12⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7536 -s 236
11⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59821.exe
10⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59556.exe
11⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40492.exe
12⤵
PID:12380

C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19095.exe
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12380 -s 236
13⤵
PID:14068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 236
12⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
11⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 220
10⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 236
8⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24872.exe
7⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
8⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30442.exe
9⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-73.exe
10⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54616.exe
11⤵
PID:11320

C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
12⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11320 -s 236
12⤵
PID:14120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 236
11⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
10⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
9⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
8⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 220
7⤵
PID:5012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 248
6⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 240
5⤵
- Program crash
PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19410.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52314.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63376.exe
9⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2129.exe
10⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24806.exe
11⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43366.exe
12⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13196.exe
13⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63473.exe
14⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
15⤵
PID:13060

C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30970.exe
16⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13060 -s 216
16⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10408 -s 216
15⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 236
14⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
13⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
12⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
11⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19413.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1336.exe
11⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38024.exe
12⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65213.exe
13⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
14⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10584 -s 220
15⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
14⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
13⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
12⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
10⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56654.exe
9⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
10⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5291.exe
11⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36770.exe
12⤵
PID:7188

C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27257.exe
13⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28368.exe
14⤵
PID:13300

C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11512.exe
15⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13300 -s 216
15⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
14⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7188 -s 216
13⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 236
12⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
11⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
10⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
9⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12208.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10982.exe
9⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2055.exe
10⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53646.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36904.exe
12⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 224
13⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
12⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19991.exe
11⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34864.exe
12⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-2320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2320.exe
13⤵
PID:10932

C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40452.exe
14⤵
PID:13020

C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41547.exe
15⤵
PID:13900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13020 -s 216
15⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 216
14⤵
PID:13520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 220
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 240
11⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
10⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54032.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56725.exe
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53680.exe
11⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
12⤵
PID:9000

C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32349.exe
13⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54222.exe
14⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11496 -s 236
14⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9000 -s 216
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 236
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 236
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
9⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
8⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33024.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54160.exe
8⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38961.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10827.exe
11⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 220
12⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 236
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52126.exe
9⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5004.exe
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34191.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16505.exe
12⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64734.exe
13⤵
PID:12928

C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25364.exe
14⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12928 -s 216
14⤵
PID:14112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
13⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 236
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 236
11⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 236
10⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 220
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46499.exe
8⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6055.exe
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49362.exe
10⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
11⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38221.exe
12⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62088.exe
13⤵
PID:13004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38563.exe
14⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13004 -s 236
14⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
13⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 220
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 236
11⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 216
10⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
8⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 240
7⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30462.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23159.exe
8⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39478.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-40867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40867.exe
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-21569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21569.exe
11⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11238.exe
12⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
13⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18137.exe
14⤵
PID:12624

C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63264.exe
15⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12624 -s 216
15⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 216
14⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 220
13⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5460 -s 236
12⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
11⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33938.exe
9⤵
PID:4448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 200
10⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
9⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20188.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32793.exe
9⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54480.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5530.exe
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 224
12⤵
PID:10708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 236
10⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
9⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34294.exe
7⤵
PID:2988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
- Program crash
PID:3928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 240
7⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
6⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11769.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3156.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11691.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13293.exe
8⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27065.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32293.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2169.exe
11⤵
PID:7116

C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38613.exe
12⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-415.exe
13⤵
PID:11008

C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46331.exe
14⤵
PID:12736

C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32643.exe
15⤵
PID:13408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12736 -s 216
15⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11008 -s 216
14⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 220
13⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 236
12⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
11⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4703.exe
8⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-59155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59155.exe
9⤵
PID:4904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 220
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
8⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42135.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64828.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29190.exe
9⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 224
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
7⤵
- Program crash
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30912.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57201.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-827.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24781.exe
9⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50609.exe
10⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 224
11⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 236
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
9⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56311.exe
8⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27926.exe
9⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61726.exe
10⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
11⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
12⤵
PID:12640

C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
13⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12640 -s 236
13⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
10⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 236
9⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
8⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26405.exe
7⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17171.exe
8⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32296.exe
9⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33328.exe
10⤵
PID:8992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 224
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 216
10⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 236
9⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
8⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
7⤵
PID:4400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
6⤵
- Program crash
PID:2592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
5⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51697.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59439.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25529.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63787.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40308.exe
11⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12411.exe
12⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
13⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27711.exe
14⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20946.exe
15⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 236
14⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8464 -s 216
13⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
12⤵
PID:9936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
11⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
10⤵
PID:6092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13468.exe
8⤵
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 224
9⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
8⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37335.exe
7⤵
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 224
8⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
7⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13123.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57393.exe
7⤵
PID:2644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 224
8⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44003.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41610.exe
8⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41201.exe
9⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7227.exe
10⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33291.exe
11⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 244
12⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
10⤵
PID:10000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 236
9⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
7⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1260 -s 240
6⤵
- Program crash
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31038.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51354.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11757.exe
7⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7547.exe
8⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 244
9⤵
PID:4816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 236
8⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35621.exe
7⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59347.exe
8⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15030.exe
9⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61887.exe
10⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58760.exe
11⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23798.exe
12⤵
PID:12500

C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
13⤵
PID:13420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
12⤵
PID:13724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
10⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
9⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
8⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
7⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23386.exe
6⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8507.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19901.exe
8⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57859.exe
9⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
10⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29337.exe
11⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22226.exe
12⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
12⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
10⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
9⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 216
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
6⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:1072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49187.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8438.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9848.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 224
7⤵
- Program crash
PID:540

C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18663.exe
6⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41353.exe
7⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17102.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4862.exe
9⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61929.exe
10⤵
PID:7480

C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41810.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15977.exe
12⤵
PID:11696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49001.exe
13⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11696 -s 236
13⤵
PID:14008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 236
12⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7480 -s 216
11⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
10⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28730.exe
7⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44675.exe
8⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-550.exe
9⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46977.exe
10⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60596.exe
11⤵
PID:10988

C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63715.exe
12⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10988 -s 216
12⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
11⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 236
10⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 216
9⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
8⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
PID:4784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
6⤵
- Program crash
PID:2772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 248
5⤵
- Program crash
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54110.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57020.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34336.exe
6⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2492.exe
7⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47060.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9745.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23307.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4119.exe
11⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-418.exe
12⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8664.exe
13⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11552 -s 236
13⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 236
12⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 216
11⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
8⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7851.exe
7⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14517.exe
8⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-17987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17987.exe
9⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20455.exe
10⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
11⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20822.exe
12⤵
PID:12132

C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10636.exe
13⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12132 -s 216
13⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
11⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
10⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
9⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
8⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 220
7⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
6⤵
- Program crash
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-20775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20775.exe
5⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16582.exe
6⤵
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 240
7⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1896.exe
6⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15526.exe
7⤵
PID:5644

C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63067.exe
8⤵
PID:6796

C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25477.exe
9⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46951.exe
10⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36567.exe
11⤵
PID:13160

C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62952.exe
12⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 13160 -s 216
12⤵
PID:9156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
11⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
10⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6796 -s 216
9⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5644 -s 216
8⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 236
7⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
6⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
5⤵
- Program crash
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
4⤵
- Program crash
PID:2500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
2⤵
- Program crash
PID:2944

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17826.exe
Filesize
184KB

MD5
a60edbab5041c15968e15c57dde46caf

SHA1
06a2711bdda16f627528becb6eec8c373c1bbcb1

SHA256
c17a4b1ae83c40ac154b02c90c99abd58572c038c46b94141e405b34feadb9e7

SHA512
40cc178eb62e3c386bd4e4dbc7a5261d827dfb99df809a328b9d0924c1edcaa487e0e204504c5f1f3dd892868f382557b737d1720a4de31a6093ef5c7538489b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55533.exe
Filesize
184KB

MD5
79ad12de9fcf027f4d13a5f68bfe5904

SHA1
1ff433c0a63a179f4e332b4b2efdb6c6ca3193e1

SHA256
428990a4b8c62f18c60aff0d2bdf72015176d570e62b03ae56639228aec7b290

SHA512
06f18dbc76b245e72b6a39b2259b9d296fb2be2db8346d66db4401994ab21e50255a12f855ed6c305c8381a394d2b054ffdb3a4af2a2cbfbea3fa758ed3390a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57774.exe
Filesize
184KB

MD5
f437aa07827755822755c3d686ff2a7e

SHA1
d005f50beffdbd2d346a1b9eb9e1fabd883a4ac4

SHA256
1f9c388fac8ad1e336bcbf5773c90f0fb5f3168167e33a4f766a5d9a4bd5a7eb

SHA512
53d162e1b5e0f6efa22366d06de96f7839bc9f77cff5ffa712a955fef711b5770c743d745e771fb16dd831381d9c8d8d1c873505d268fbbe357888751ecefce1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63497.exe
Filesize
184KB

MD5
f4263251914bde15d3218ab62a3144b5

SHA1
9be7dc3effef78378d752e37f3934458bd8394ff

SHA256
e4b4e4dd2d0d67ac676f9fff316a2bd1f37deaa34d5ff058afa8f945b289c5e4

SHA512
582fbf0ad0ae30baf40f56639b25c7bc729d0f957dbceb51eb703003482781b768c2f6ae71996d932e9e90c16086537ffa6d7233064dfac3fb20f0cf2ad145d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17446.exe
Filesize
184KB

MD5
bd63b00b17153703a710b2e57055af04

SHA1
bd6e4f58b761c6e641eebdd2cf9e2c8b80828b58

SHA256
517dc09819f3690a20fba6162852f1345eee451f326be3c174174b2b67c6fdec

SHA512
226437ea877b573168c356d4a8b7312bf622d91d0ae56c23cd360d9a8fbef7ed552348505861eecc63f8037790e3f811e1ba1c4db86c8a1cf6fa1626bba5c058

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
Filesize
184KB

MD5
783965c565378eb6ecd754f8f8692d45

SHA1
a594a1f583622e926a47d25493be9c53045a2079

SHA256
cd30296e376dd0e086dec4ab82a184f8431bf3b1c88990f0e18621a5d26d02dd

SHA512
9dcf87d09fcb4e67f92731b84da5c381fabeaa3d9a55ceadc41bbb56af388460924a9e0223fdde6071d86115ab3049f4ccd19083d4b8d556ee79792a956638d7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28498.exe
Filesize
184KB

MD5
929aa0a2ee7ced682f526a27598c0939

SHA1
fbe91d2596f24d12a44a7502f8fa4a66b67c693b

SHA256
3ec5106a4481b0dd3f13268a4f07c44a8e6aa4301375cc630008f7d9472bdbbe

SHA512
4fe1ea30c82a9f6cfb328c5634e08ef517dfaea0ee8da6821e13836125a982f06d61f54dfc59269190125fae7f76a09394f8a59ce3a345aeaec65dab50a97ad9

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29276.exe
Filesize
184KB

MD5
1ac270e101aeae65f507b0c4c109f691

SHA1
d3009917faabb8cb69df7089ad9d18d71e9d0217

SHA256
4f4bb1ab43809a88316b96200b83a54906107a1c1efca3c97b06fd4167a6a453

SHA512
4f55164808585297ecd0bd2607b64190b0678230cb8e33dd727996ec08c3ccbb8d5ab8a6841077421dcf8b530bad9613d3c11ab9e6ae739164852c7c79b6986a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2975.exe
Filesize
184KB

MD5
b6f2cd4e8eed88e13d49ac3779117913

SHA1
77786481b53ba19b7d61de1b7bcd640a6532858f

SHA256
52aeecdd20be1b1f66f99f8d7c84fa9e50262046a230d0e517bf09cdc8b700bf

SHA512
87d6c3db5f1aad1a1c06542c3c21e71bca08feaf9c833f6cefbf846bdd18afea947c340f9f35f3d6ed3038581bf89f5d199100202cb3402ba855c69554d976c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32313.exe
Filesize
184KB

MD5
57a980166ce71481c9303424f131fe57

SHA1
51186c1bb91b763915286d202ca586d5f0f0e9b0

SHA256
a72da7d11568c34f87f896b0ed281544b277d6059113d1820c632f756f30411a

SHA512
c46f18800e8530dee6b9a1c3a87bd94df7e83c01fa75c28cd220960b87e1d1e1262abeaffdd6851b5e3534118df3b183326ec8bf517abd716a64b08770f2e31b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32889.exe
Filesize
184KB

MD5
4935dd79d815da93a6631999a4d5606f

SHA1
a3906210d011874ac4cb288a527bbea10b790f11

SHA256
11229137a26854628f970d632af80be8ffd9e4aa84ff144f126172dea5707a58

SHA512
aee93e12cd8d09bc953767909fc470ee4c22b721b9f2e93eb5fd4bb1fc6de49d763a4be998d8061baaf69beca2d27d481a05730e527b070d5fbad0405a249c94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45044.exe
Filesize
184KB

MD5
2d9459b6ffa702a32f6e1ff10be1fa76

SHA1
c5f4c7f81330de5fcd3bbe395823db70637f3385

SHA256
a2b81dc3682a5f37e793f6bbd050d9dd1726072cd1ffbfe18f92b6a37aa5a902

SHA512
6482d3dfaef85e67c6e7b9989a1a367bed5a12d53a11fe0350f4294cc266f227a35224b2ab0e9a604a39876a1267df04d099a1b95afe50e4ef7412aa6efe1e8d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49607.exe
Filesize
184KB

MD5
e0225761d1868c628df9d25aaa017f1e

SHA1
296006bba5030da86edfbf178cbdb279606cca96

SHA256
973f5494a5ef83dd7fd0c7eb8d209c8d7f942c3837b2597cb4df9b0002358e42

SHA512
56ecd78485854dcd4a780108b88b6e0af5b52d3c05a3825384b191ddbb09355c8a0e7474ab6a3bfae0e2c0955bcf50694304844b4bc627193db858fe8e730466

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53695.exe
Filesize
184KB

MD5
6eaec1e33bfe6f9f2543a2d26e80f371

SHA1
d4765138c9bf2ca6198540cbf6a835f2aaa8bad7

SHA256
43d9ddf9d45c72f237522aa516dac98b368eb9cf1fa0322bc0a9c0cdf8d6947f

SHA512
0c8a38077ad4a0148bd8d5047d00c09e7cd49a54d211d6fdef59fdfceba5c1d298146a26417b23c4893b1f8434269f0eaa33081cd905fb320325d04345b179a7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60771.exe
Filesize
184KB

MD5
0d2c51b85a88d083d09b84892eee9239

SHA1
61f23f6483c95990d5209fdf06f2147b8b2ca55e

SHA256
c4a5b61fbd4c35f610c39cc2d69f3b697f9be3e30026bb4650e157e44d456089

SHA512
2981ca5e09c01df8e15e7fc700b13cf9188ba000ebd8c9e08eb9e13f7ae9051786ace5edb08ea2a030a1bce830cbe043700ab6d92fe7ae5bc7b60fdf74301a8b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads