a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
Size

184KB
MD5

d7dc9b240b914a1bce5f36810fc3f6a9
SHA1

fa215398052c74243c57a6625c114ae0885f6a35
SHA256

a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87
SHA512

f696a3253f0e0bec70d72fe88ddbb49860bfac9be0d8383274422163f3778ee9ca59f55d01a81defe20df33de8887b62221ed9dc38a479c03af63feb78cd8356
SSDEEP

1536:GBSJ6jZlu3HxotxSt4OrlawMG29yvZc8RmdfjzLR2M0etihl5hj5nizpvS:K3a3HxoTs4OMdG4WeJzLRcsihlnViFK

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-19304.exeUnicorn-55287.exeUnicorn-9615.exeUnicorn-38054.exeUnicorn-54831.exeUnicorn-54893.exeUnicorn-16459.exeUnicorn-27127.exeUnicorn-34056.exeUnicorn-1767.exeUnicorn-47439.exeUnicorn-59178.exeUnicorn-39120.exeUnicorn-26314.exeUnicorn-37008.exeUnicorn-56874.exeUnicorn-6796.exeUnicorn-52468.exeUnicorn-56682.exeUnicorn-61267.exeUnicorn-15595.exeUnicorn-30671.exeUnicorn-31247.exeUnicorn-44246.exeUnicorn-63919.exeUnicorn-18502.exeUnicorn-64687.exeUnicorn-44822.exeUnicorn-20722.exeUnicorn-22860.exeUnicorn-40588.exeUnicorn-7469.exeUnicorn-3063.exeUnicorn-22929.exeUnicorn-36311.exeUnicorn-23889.exeUnicorn-23889.exeUnicorn-53909.exeUnicorn-3831.exeUnicorn-47407.exeUnicorn-34792.exeUnicorn-61112.exeUnicorn-34600.exeUnicorn-14734.exeUnicorn-48305.exeUnicorn-28439.exeUnicorn-2311.exeUnicorn-2311.exeUnicorn-35560.exeUnicorn-15186.exeUnicorn-45975.exeUnicorn-15763.exeUnicorn-45783.exeUnicorn-2249.exeUnicorn-2249.exeUnicorn-47921.exeUnicorn-7314.exeUnicorn-59338.exeUnicorn-39472.exeUnicorn-40048.exeUnicorn-40179.exeUnicorn-57610.exeUnicorn-24938.exeUnicorn-53780.exe

pid	process
2416	Unicorn-19304.exe
2584	Unicorn-55287.exe
2116	Unicorn-9615.exe
2172	Unicorn-38054.exe
2808	Unicorn-54831.exe
2548	Unicorn-54893.exe
2840	Unicorn-16459.exe
2888	Unicorn-27127.exe
1528	Unicorn-34056.exe
1616	Unicorn-1767.exe
2444	Unicorn-47439.exe
1432	Unicorn-59178.exe
3048	Unicorn-39120.exe
1916	Unicorn-26314.exe
2952	Unicorn-37008.exe
2352	Unicorn-56874.exe
820	Unicorn-6796.exe
308	Unicorn-52468.exe
1648	Unicorn-56682.exe
2292	Unicorn-61267.exe
1560	Unicorn-15595.exe
1328	Unicorn-30671.exe
2940	Unicorn-31247.exe
320	Unicorn-44246.exe
1184	Unicorn-63919.exe
2020	Unicorn-18502.exe
1216	Unicorn-64687.exe
2068	Unicorn-44822.exe
1512	Unicorn-20722.exe
2236	Unicorn-22860.exe
1788	Unicorn-40588.exe
2188	Unicorn-7469.exe
2784	Unicorn-3063.exe
2660	Unicorn-22929.exe
2488	Unicorn-36311.exe
3020	Unicorn-23889.exe
2512	Unicorn-23889.exe
2392	Unicorn-53909.exe
2812	Unicorn-3831.exe
2892	Unicorn-47407.exe
2560	Unicorn-34792.exe
2208	Unicorn-61112.exe
1704	Unicorn-34600.exe
2468	Unicorn-14734.exe
1292	Unicorn-48305.exe
3056	Unicorn-28439.exe
2472	Unicorn-2311.exe
2332	Unicorn-2311.exe
2672	Unicorn-35560.exe
2220	Unicorn-15186.exe
740	Unicorn-45975.exe
1988	Unicorn-15763.exe
1800	Unicorn-45783.exe
2324	Unicorn-2249.exe
1336	Unicorn-2249.exe
2476	Unicorn-47921.exe
2052	Unicorn-7314.exe
2064	Unicorn-59338.exe
2076	Unicorn-39472.exe
2768	Unicorn-40048.exe
2648	Unicorn-40179.exe
2516	Unicorn-57610.exe
2568	Unicorn-24938.exe
2124	Unicorn-53780.exe

Loads dropped DLL 64 IoCs

Processes:

a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exeUnicorn-19304.exeUnicorn-55287.exeUnicorn-9615.exeWerFault.exeUnicorn-38054.exeUnicorn-54831.exeUnicorn-54893.exeWerFault.exeWerFault.exeUnicorn-16459.exeUnicorn-27127.exeUnicorn-1767.exeUnicorn-34056.exeUnicorn-47439.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
2416	Unicorn-19304.exe
2416	Unicorn-19304.exe
2584	Unicorn-55287.exe
2584	Unicorn-55287.exe
2116	Unicorn-9615.exe
2116	Unicorn-9615.exe
2416	Unicorn-19304.exe
2416	Unicorn-19304.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2184	WerFault.exe
2172	Unicorn-38054.exe
2172	Unicorn-38054.exe
2584	Unicorn-55287.exe
2584	Unicorn-55287.exe
2808	Unicorn-54831.exe
2808	Unicorn-54831.exe
2548	Unicorn-54893.exe
2116	Unicorn-9615.exe
2548	Unicorn-54893.exe
2116	Unicorn-9615.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
796	WerFault.exe
992	WerFault.exe
992	WerFault.exe
992	WerFault.exe
992	WerFault.exe
992	WerFault.exe
2840	Unicorn-16459.exe
2840	Unicorn-16459.exe
2172	Unicorn-38054.exe
2172	Unicorn-38054.exe
2888	Unicorn-27127.exe
2888	Unicorn-27127.exe
2548	Unicorn-54893.exe
1616	Unicorn-1767.exe
2548	Unicorn-54893.exe
1616	Unicorn-1767.exe
1528	Unicorn-34056.exe
1528	Unicorn-34056.exe
2808	Unicorn-54831.exe
2808	Unicorn-54831.exe
2444	Unicorn-47439.exe
2444	Unicorn-47439.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1084	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
1152	WerFault.exe
2464	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2600	1740	WerFault.exe	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
2184	2416	WerFault.exe	Unicorn-19304.exe
992	2116	WerFault.exe	Unicorn-9615.exe
796	2584	WerFault.exe	Unicorn-55287.exe
1084	2172	WerFault.exe	Unicorn-38054.exe
2464	2548	WerFault.exe	Unicorn-54893.exe
1152	2808	WerFault.exe	Unicorn-54831.exe
2916	2840	WerFault.exe	Unicorn-16459.exe
1052	2888	WerFault.exe	Unicorn-27127.exe
2620	1616	WerFault.exe	Unicorn-1767.exe
2748	2444	WerFault.exe	Unicorn-47439.exe
2744	1528	WerFault.exe	Unicorn-34056.exe
1488	3048	WerFault.exe	Unicorn-39120.exe
3004	1916	WerFault.exe	Unicorn-26314.exe
572	1432	WerFault.exe	Unicorn-59178.exe
1804	2952	WerFault.exe	Unicorn-37008.exe
2448	1648	WerFault.exe	Unicorn-56682.exe
960	820	WerFault.exe	Unicorn-6796.exe
892	308	WerFault.exe	Unicorn-52468.exe
1932	2352	WerFault.exe	Unicorn-56874.exe
984	1560	WerFault.exe	Unicorn-15595.exe
1260	1328	WerFault.exe	Unicorn-30671.exe
2996	2292	WerFault.exe	Unicorn-61267.exe
896	320	WerFault.exe	Unicorn-44246.exe
2508	1216	WerFault.exe	Unicorn-64687.exe
2496	2020	WerFault.exe	Unicorn-18502.exe
2876	2068	WerFault.exe	Unicorn-44822.exe
2884	1512	WerFault.exe	Unicorn-20722.exe
2868	2236	WerFault.exe	Unicorn-22860.exe
2800	1788	WerFault.exe	Unicorn-40588.exe
1416	2940	WerFault.exe	Unicorn-31247.exe
2480	2188	WerFault.exe	Unicorn-7469.exe
2912	2488	WerFault.exe	Unicorn-36311.exe
2596	2660	WerFault.exe	Unicorn-22929.exe
680	3020	WerFault.exe	Unicorn-23889.exe
3076	2512	WerFault.exe	Unicorn-23889.exe
3116	2812	WerFault.exe	Unicorn-3831.exe
3236	2392	WerFault.exe	Unicorn-53909.exe
3260	2560	WerFault.exe	Unicorn-34792.exe
3388	2208	WerFault.exe	Unicorn-61112.exe
3380	2468	WerFault.exe	Unicorn-14734.exe
3444	3056	WerFault.exe	Unicorn-28439.exe
3484	1292	WerFault.exe	Unicorn-48305.exe
3476	2672	WerFault.exe	Unicorn-35560.exe
3460	2472	WerFault.exe	Unicorn-2311.exe
3420	2332	WerFault.exe	Unicorn-2311.exe
3412	2892	WerFault.exe	Unicorn-47407.exe
3276	1704	WerFault.exe	Unicorn-34600.exe
3924	2220	WerFault.exe	Unicorn-15186.exe
3952	740	WerFault.exe	Unicorn-45975.exe
676	2784	WerFault.exe	Unicorn-3063.exe
3720	1988	WerFault.exe	Unicorn-15763.exe
3796	2324	WerFault.exe	Unicorn-2249.exe
3872	1336	WerFault.exe	Unicorn-2249.exe
3616	2076	WerFault.exe	Unicorn-39472.exe
3148	2516	WerFault.exe	Unicorn-57610.exe
3084	2064	WerFault.exe	Unicorn-59338.exe
4052	2476	WerFault.exe	Unicorn-47921.exe
3904	2648	WerFault.exe	Unicorn-40179.exe
3808	1508	WerFault.exe	Unicorn-25898.exe
3912	2880	WerFault.exe	Unicorn-38512.exe
3828	2844	WerFault.exe	Unicorn-8108.exe
4100	588	WerFault.exe	Unicorn-44621.exe
3244	1168	WerFault.exe	Unicorn-24755.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exeUnicorn-19304.exeUnicorn-55287.exeUnicorn-9615.exeUnicorn-38054.exeUnicorn-54831.exeUnicorn-54893.exeUnicorn-16459.exeUnicorn-27127.exeUnicorn-34056.exeUnicorn-1767.exeUnicorn-47439.exeUnicorn-59178.exeUnicorn-39120.exeUnicorn-26314.exeUnicorn-37008.exeUnicorn-56874.exeUnicorn-52468.exeUnicorn-6796.exeUnicorn-56682.exeUnicorn-61267.exeUnicorn-15595.exeUnicorn-30671.exeUnicorn-31247.exeUnicorn-44246.exeUnicorn-63919.exeUnicorn-64687.exeUnicorn-18502.exeUnicorn-40588.exeUnicorn-44822.exeUnicorn-22860.exeUnicorn-20722.exeUnicorn-7469.exeUnicorn-3063.exeUnicorn-22929.exeUnicorn-36311.exeUnicorn-23889.exeUnicorn-23889.exeUnicorn-53909.exeUnicorn-3831.exeUnicorn-47407.exeUnicorn-34792.exeUnicorn-34600.exeUnicorn-61112.exeUnicorn-14734.exeUnicorn-48305.exeUnicorn-2311.exeUnicorn-2311.exeUnicorn-28439.exeUnicorn-35560.exeUnicorn-15186.exeUnicorn-45975.exeUnicorn-15763.exeUnicorn-45783.exeUnicorn-47921.exeUnicorn-2249.exeUnicorn-2249.exeUnicorn-7314.exeUnicorn-59338.exeUnicorn-39472.exeUnicorn-40048.exeUnicorn-40179.exeUnicorn-57610.exeUnicorn-24938.exe

pid	process
1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
2416	Unicorn-19304.exe
2584	Unicorn-55287.exe
2116	Unicorn-9615.exe
2172	Unicorn-38054.exe
2808	Unicorn-54831.exe
2548	Unicorn-54893.exe
2840	Unicorn-16459.exe
2888	Unicorn-27127.exe
1528	Unicorn-34056.exe
1616	Unicorn-1767.exe
2444	Unicorn-47439.exe
1432	Unicorn-59178.exe
3048	Unicorn-39120.exe
1916	Unicorn-26314.exe
2952	Unicorn-37008.exe
2352	Unicorn-56874.exe
308	Unicorn-52468.exe
820	Unicorn-6796.exe
1648	Unicorn-56682.exe
2292	Unicorn-61267.exe
1560	Unicorn-15595.exe
1328	Unicorn-30671.exe
2940	Unicorn-31247.exe
320	Unicorn-44246.exe
1184	Unicorn-63919.exe
1216	Unicorn-64687.exe
2020	Unicorn-18502.exe
1788	Unicorn-40588.exe
2068	Unicorn-44822.exe
2236	Unicorn-22860.exe
1512	Unicorn-20722.exe
2188	Unicorn-7469.exe
2784	Unicorn-3063.exe
2660	Unicorn-22929.exe
2488	Unicorn-36311.exe
3020	Unicorn-23889.exe
2512	Unicorn-23889.exe
2392	Unicorn-53909.exe
2812	Unicorn-3831.exe
2892	Unicorn-47407.exe
2560	Unicorn-34792.exe
1704	Unicorn-34600.exe
2208	Unicorn-61112.exe
2468	Unicorn-14734.exe
1292	Unicorn-48305.exe
2332	Unicorn-2311.exe
2472	Unicorn-2311.exe
3056	Unicorn-28439.exe
2672	Unicorn-35560.exe
2220	Unicorn-15186.exe
740	Unicorn-45975.exe
1988	Unicorn-15763.exe
1800	Unicorn-45783.exe
2476	Unicorn-47921.exe
2324	Unicorn-2249.exe
1336	Unicorn-2249.exe
2052	Unicorn-7314.exe
2064	Unicorn-59338.exe
2076	Unicorn-39472.exe
2768	Unicorn-40048.exe
2648	Unicorn-40179.exe
2516	Unicorn-57610.exe
2568	Unicorn-24938.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exeUnicorn-19304.exeUnicorn-55287.exeUnicorn-9615.exeUnicorn-38054.exeUnicorn-54831.exeUnicorn-54893.exeUnicorn-16459.exe

description	pid	process	target process
PID 1740 wrote to memory of 2416	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-19304.exe
PID 1740 wrote to memory of 2416	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-19304.exe
PID 1740 wrote to memory of 2416	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-19304.exe
PID 1740 wrote to memory of 2416	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-19304.exe
PID 1740 wrote to memory of 2584	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-55287.exe
PID 1740 wrote to memory of 2584	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-55287.exe
PID 1740 wrote to memory of 2584	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-55287.exe
PID 1740 wrote to memory of 2584	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	Unicorn-55287.exe
PID 2416 wrote to memory of 2116	2416	Unicorn-19304.exe	Unicorn-9615.exe
PID 2416 wrote to memory of 2116	2416	Unicorn-19304.exe	Unicorn-9615.exe
PID 2416 wrote to memory of 2116	2416	Unicorn-19304.exe	Unicorn-9615.exe
PID 2416 wrote to memory of 2116	2416	Unicorn-19304.exe	Unicorn-9615.exe
PID 1740 wrote to memory of 2600	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	WerFault.exe
PID 1740 wrote to memory of 2600	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	WerFault.exe
PID 1740 wrote to memory of 2600	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	WerFault.exe
PID 1740 wrote to memory of 2600	1740	a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe	WerFault.exe
PID 2584 wrote to memory of 2172	2584	Unicorn-55287.exe	Unicorn-38054.exe
PID 2584 wrote to memory of 2172	2584	Unicorn-55287.exe	Unicorn-38054.exe
PID 2584 wrote to memory of 2172	2584	Unicorn-55287.exe	Unicorn-38054.exe
PID 2584 wrote to memory of 2172	2584	Unicorn-55287.exe	Unicorn-38054.exe
PID 2116 wrote to memory of 2808	2116	Unicorn-9615.exe	Unicorn-54831.exe
PID 2116 wrote to memory of 2808	2116	Unicorn-9615.exe	Unicorn-54831.exe
PID 2116 wrote to memory of 2808	2116	Unicorn-9615.exe	Unicorn-54831.exe
PID 2116 wrote to memory of 2808	2116	Unicorn-9615.exe	Unicorn-54831.exe
PID 2416 wrote to memory of 2548	2416	Unicorn-19304.exe	Unicorn-54893.exe
PID 2416 wrote to memory of 2548	2416	Unicorn-19304.exe	Unicorn-54893.exe
PID 2416 wrote to memory of 2548	2416	Unicorn-19304.exe	Unicorn-54893.exe
PID 2416 wrote to memory of 2548	2416	Unicorn-19304.exe	Unicorn-54893.exe
PID 2416 wrote to memory of 2184	2416	Unicorn-19304.exe	WerFault.exe
PID 2416 wrote to memory of 2184	2416	Unicorn-19304.exe	WerFault.exe
PID 2416 wrote to memory of 2184	2416	Unicorn-19304.exe	WerFault.exe
PID 2416 wrote to memory of 2184	2416	Unicorn-19304.exe	WerFault.exe
PID 2172 wrote to memory of 2840	2172	Unicorn-38054.exe	Unicorn-16459.exe
PID 2172 wrote to memory of 2840	2172	Unicorn-38054.exe	Unicorn-16459.exe
PID 2172 wrote to memory of 2840	2172	Unicorn-38054.exe	Unicorn-16459.exe
PID 2172 wrote to memory of 2840	2172	Unicorn-38054.exe	Unicorn-16459.exe
PID 2584 wrote to memory of 2888	2584	Unicorn-55287.exe	Unicorn-27127.exe
PID 2584 wrote to memory of 2888	2584	Unicorn-55287.exe	Unicorn-27127.exe
PID 2584 wrote to memory of 2888	2584	Unicorn-55287.exe	Unicorn-27127.exe
PID 2584 wrote to memory of 2888	2584	Unicorn-55287.exe	Unicorn-27127.exe
PID 2808 wrote to memory of 1528	2808	Unicorn-54831.exe	Unicorn-34056.exe
PID 2808 wrote to memory of 1528	2808	Unicorn-54831.exe	Unicorn-34056.exe
PID 2808 wrote to memory of 1528	2808	Unicorn-54831.exe	Unicorn-34056.exe
PID 2808 wrote to memory of 1528	2808	Unicorn-54831.exe	Unicorn-34056.exe
PID 2548 wrote to memory of 1616	2548	Unicorn-54893.exe	Unicorn-1767.exe
PID 2548 wrote to memory of 1616	2548	Unicorn-54893.exe	Unicorn-1767.exe
PID 2548 wrote to memory of 1616	2548	Unicorn-54893.exe	Unicorn-1767.exe
PID 2548 wrote to memory of 1616	2548	Unicorn-54893.exe	Unicorn-1767.exe
PID 2116 wrote to memory of 2444	2116	Unicorn-9615.exe	Unicorn-47439.exe
PID 2116 wrote to memory of 2444	2116	Unicorn-9615.exe	Unicorn-47439.exe
PID 2116 wrote to memory of 2444	2116	Unicorn-9615.exe	Unicorn-47439.exe
PID 2116 wrote to memory of 2444	2116	Unicorn-9615.exe	Unicorn-47439.exe
PID 2584 wrote to memory of 796	2584	Unicorn-55287.exe	WerFault.exe
PID 2584 wrote to memory of 796	2584	Unicorn-55287.exe	WerFault.exe
PID 2584 wrote to memory of 796	2584	Unicorn-55287.exe	WerFault.exe
PID 2584 wrote to memory of 796	2584	Unicorn-55287.exe	WerFault.exe
PID 2116 wrote to memory of 992	2116	Unicorn-9615.exe	WerFault.exe
PID 2116 wrote to memory of 992	2116	Unicorn-9615.exe	WerFault.exe
PID 2116 wrote to memory of 992	2116	Unicorn-9615.exe	WerFault.exe
PID 2116 wrote to memory of 992	2116	Unicorn-9615.exe	WerFault.exe
PID 2840 wrote to memory of 1432	2840	Unicorn-16459.exe	Unicorn-59178.exe
PID 2840 wrote to memory of 1432	2840	Unicorn-16459.exe	Unicorn-59178.exe
PID 2840 wrote to memory of 1432	2840	Unicorn-16459.exe	Unicorn-59178.exe
PID 2840 wrote to memory of 1432	2840	Unicorn-16459.exe	Unicorn-59178.exe

C:\Users\Admin\AppData\Local\Temp\a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe
"C:\Users\Admin\AppData\Local\Temp\a865e50e2798aa84a84507030e87e4215e63d4954dee92d24dcc0dc89c3d7a87.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47407.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58570.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
9⤵
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
10⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19668.exe
11⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40430.exe
12⤵
PID:8020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29909.exe
13⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52513.exe
14⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8020 -s 236
13⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
12⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
11⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50115.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42287.exe
11⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20555.exe
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
12⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 236
11⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 220
9⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
8⤵
- Program crash
PID:3412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 236
7⤵
- Program crash
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25706.exe
8⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3342.exe
9⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10177.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16954.exe
11⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17463.exe
12⤵
PID:8000

C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60538.exe
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8000 -s 236
13⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 216
12⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:3180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
10⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55657.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35319.exe
10⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
11⤵
PID:9052

C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48659.exe
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9052 -s 216
12⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
11⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
10⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
9⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26860.exe
8⤵
PID:1388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63165.exe
10⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18346.exe
11⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25513.exe
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 236
12⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1388 -s 216
9⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
8⤵
- Program crash
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57620.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47494.exe
8⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16805.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3222.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40300.exe
11⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46502.exe
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
12⤵
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 236
9⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16866.exe
8⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61079.exe
9⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49141.exe
10⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32067.exe
11⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
11⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 236
9⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
8⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
7⤵
- Program crash
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
6⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52468.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64687.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34792.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24938.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
9⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9409.exe
10⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20960.exe
11⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50869.exe
12⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50960.exe
13⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
14⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
13⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
12⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
10⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54889.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37047.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
11⤵
PID:8988

C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2923.exe
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8988 -s 236
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
9⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27063.exe
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20695.exe
11⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
12⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 236
11⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
10⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
9⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
8⤵
- Program crash
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53780.exe
7⤵
- Executes dropped EXE
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
8⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39107.exe
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50135.exe
11⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
11⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 236
9⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7115.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
10⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19064.exe
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 216
11⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 220
8⤵
PID:4580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61112.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25898.exe
7⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60047.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13024.exe
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8470.exe
10⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
11⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45695.exe
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 236
12⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 216
10⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:5464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
8⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59725.exe
7⤵
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4443.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4950.exe
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51249.exe
11⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:12676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
10⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
8⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 240
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
6⤵
- Program crash
PID:892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56682.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40588.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48305.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
8⤵
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 588 -s 220
9⤵
- Program crash
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 216
8⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9872.exe
7⤵
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14821.exe
8⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36924.exe
9⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28407.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49726.exe
11⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59311.exe
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8908 -s 236
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
11⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65137.exe
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 200
10⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
9⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
8⤵
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
7⤵
- Program crash
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28439.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
7⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
8⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37692.exe
9⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46606.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14824.exe
11⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47817.exe
12⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22503.exe
13⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
12⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31147.exe
8⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52532.exe
9⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2905.exe
10⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18362.exe
11⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 236
11⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 236
10⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
9⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
8⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27628.exe
7⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50053.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31069.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1209.exe
10⤵
PID:7668

C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30207.exe
11⤵
PID:11624

C:\Users\Admin\AppData\Local\Temp\Unicorn-65499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65499.exe
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7668 -s 216
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 216
10⤵
PID:9248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:7028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 216
8⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 240
7⤵
- Program crash
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20722.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35560.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
7⤵
PID:452

C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50245.exe
9⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8302.exe
10⤵
PID:5092

C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17366.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
12⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5092 -s 216
11⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
10⤵
PID:7032

C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54576.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29893.exe
10⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
11⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 236
11⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
9⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63244.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21972.exe
9⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3237.exe
10⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17320.exe
11⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 236
11⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 216
10⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 452 -s 240
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42511.exe
7⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48360.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6001.exe
10⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27508.exe
11⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
11⤵
PID:12728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 216
10⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 216
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:3476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 236
6⤵
- Program crash
PID:2884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
5⤵
- Program crash
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56874.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18502.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34600.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8108.exe
8⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35247.exe
9⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48587.exe
10⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
11⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64461.exe
12⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22175.exe
13⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 216
11⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 216
10⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4593.exe
9⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45941.exe
10⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
11⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16715.exe
12⤵
PID:11740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35134.exe
13⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
11⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
10⤵
PID:5348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 240
9⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35308.exe
8⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
9⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51520.exe
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28096.exe
11⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11620.exe
12⤵
PID:10124

C:\Users\Admin\AppData\Local\Temp\Unicorn-15756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15756.exe
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10124 -s 236
13⤵
PID:1664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 236
12⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 216
11⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
10⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 236
9⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
8⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38512.exe
7⤵
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-34001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34001.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1815.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
10⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29094.exe
11⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26997.exe
12⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
10⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 236
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 236
8⤵
- Program crash
PID:3912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
7⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14734.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41357.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36015.exe
8⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1537.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8836.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35966.exe
10⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
11⤵
PID:10552

C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54011.exe
12⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10552 -s 216
12⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
11⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 236
10⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 220
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63436.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27136.exe
10⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36675.exe
11⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 236
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
10⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
9⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 220
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9263.exe
7⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17765.exe
8⤵
PID:3944

C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30109.exe
9⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30157.exe
10⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
11⤵
PID:11764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
11⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
10⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3944 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
8⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
6⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44822.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2311.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62218.exe
7⤵
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46918.exe
8⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45372.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2812.exe
10⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53315.exe
11⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29384.exe
12⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1919.exe
13⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 216
13⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 236
12⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
11⤵
PID:9944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23176.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1468.exe
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64013.exe
10⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43746.exe
11⤵
PID:11472

C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12447.exe
12⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
11⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
10⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2060 -s 220
8⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
7⤵
- Program crash
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24755.exe
6⤵
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
7⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19528.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25080.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21177.exe
10⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33702.exe
11⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39102.exe
12⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
12⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 236
11⤵
PID:11200

C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18159.exe
10⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
11⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
11⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 240
10⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 236
9⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
8⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
7⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
6⤵
- Program crash
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 240
5⤵
- Program crash
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37008.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63919.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3831.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40179.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37743.exe
7⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21579.exe
8⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37851.exe
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38682.exe
10⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31762.exe
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 216
11⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
10⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 236
9⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51618.exe
8⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26478.exe
9⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17120.exe
10⤵
PID:12080

C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52160.exe
11⤵
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62358.exe
12⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 216
12⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12080 -s 236
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
10⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
9⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
8⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32247.exe
7⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25682.exe
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-50562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50562.exe
9⤵
PID:7432

C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12993.exe
10⤵
PID:11556

C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36438.exe
11⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7432 -s 216
10⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
8⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 220
7⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1868.exe
6⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25227.exe
7⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41167.exe
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31943.exe
9⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50818.exe
10⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
10⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 236
9⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
8⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
7⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
6⤵
- Program crash
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
5⤵
- Program crash
PID:1804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15595.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7469.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15186.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31381.exe
9⤵
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56503.exe
10⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63574.exe
11⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
12⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22687.exe
13⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-25853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25853.exe
14⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 236
14⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
13⤵
PID:10388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
12⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
11⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46231.exe
10⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20839.exe
11⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
12⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
13⤵
PID:8472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 236
11⤵
PID:7844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
10⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
9⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-367.exe
10⤵
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 240
11⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
10⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
9⤵
- Program crash
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31058.exe
8⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8563.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33040.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
11⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2619.exe
12⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47077.exe
13⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 236
13⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 236
12⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58976.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18222.exe
11⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38121.exe
12⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 236
12⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 236
11⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 236
10⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
8⤵
- Program crash
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45975.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50924.exe
8⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41262.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12012.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44565.exe
11⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-62899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62899.exe
12⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33655.exe
13⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39080.exe
14⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10448 -s 216
14⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 236
13⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4381.exe
12⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31541.exe
13⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 216
13⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 240
12⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
11⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25587.exe
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
10⤵
PID:6504

C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60786.exe
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6504 -s 216
11⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2045.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15853.exe
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48981.exe
10⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28261.exe
11⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
10⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
9⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 240
8⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
7⤵
- Program crash
PID:984

C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3063.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15763.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21132.exe
8⤵
PID:1680

C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17799.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-19023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19023.exe
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5074.exe
12⤵
PID:11348

C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7886.exe
13⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
12⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
11⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
10⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21581.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33138.exe
10⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52651.exe
11⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34366.exe
12⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
11⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 236
10⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1680 -s 240
9⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41655.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24312.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
10⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24468.exe
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
8⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16917.exe
7⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28849.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32350.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10216.exe
10⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60930.exe
11⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31972.exe
12⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
12⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 236
11⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
9⤵
PID:6032

C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44991.exe
8⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53940.exe
9⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24050.exe
10⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13042.exe
11⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
10⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
9⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
8⤵
PID:5396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
6⤵
- Program crash
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61267.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59338.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
8⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46465.exe
9⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 220
10⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
9⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 216
8⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
7⤵
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11521.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41385.exe
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55067.exe
10⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46981.exe
11⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38074.exe
12⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 236
12⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 236
11⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 216
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 216
8⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
7⤵
- Program crash
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21734.exe
7⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10945.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1800.exe
9⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10244.exe
10⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22607.exe
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 216
11⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
10⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 236
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
7⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20192.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1393.exe
9⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32001.exe
10⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
10⤵
PID:6520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
9⤵
PID:8640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
8⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
7⤵
PID:4572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
6⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
5⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30671.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22929.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4878.exe
8⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62194.exe
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42313.exe
11⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43930.exe
12⤵
PID:10540

C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55421.exe
13⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6484 -s 236
12⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
11⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23361.exe
9⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65305.exe
10⤵
PID:7464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 200
11⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4480 -s 216
10⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
9⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51599.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15162.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14658.exe
10⤵
PID:6836

C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17501.exe
11⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9335.exe
12⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6836 -s 236
11⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
9⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 220
8⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65267.exe
7⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11713.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56346.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39276.exe
10⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
11⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30886.exe
12⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 236
11⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 236
9⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 216
8⤵
PID:4200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
7⤵
- Program crash
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47921.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45121.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29708.exe
9⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46003.exe
10⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
10⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
9⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 216
7⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
6⤵
- Program crash
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36311.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2249.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3534.exe
7⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45870.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29278.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
10⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17073.exe
11⤵
PID:11840

C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64848.exe
12⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
11⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
10⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
9⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59464.exe
8⤵
PID:4612

C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14056.exe
9⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32723.exe
10⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8977.exe
11⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 216
11⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 236
10⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 216
9⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 240
8⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41463.exe
7⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-87.exe
8⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45961.exe
9⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11594.exe
10⤵
PID:10360

C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9461.exe
11⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10360 -s 216
11⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 236
10⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 216
9⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 236
8⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
7⤵
- Program crash
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4172.exe
6⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26737.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31992.exe
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26776.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54783.exe
10⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40589.exe
11⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39821.exe
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 216
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
11⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 236
10⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 236
9⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 236
8⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12894.exe
7⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
8⤵
PID:6808

C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9750.exe
9⤵
PID:11960

C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30687.exe
10⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6808 -s 216
9⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4860 -s 216
8⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
7⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
6⤵
- Program crash
PID:2912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
5⤵
- Program crash
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31247.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45783.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56902.exe
7⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8058.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63750.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56730.exe
11⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
11⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 236
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
9⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18177.exe
8⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22464.exe
9⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
10⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22617.exe
11⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
11⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 236
10⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
9⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
8⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-945.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5230.exe
8⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9038.exe
9⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29192.exe
10⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2776.exe
11⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38093.exe
12⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
11⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 236
10⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
8⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 220
7⤵
PID:4164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 216
6⤵
- Program crash
PID:1416

C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53909.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57610.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31582.exe
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62165.exe
9⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3744.exe
10⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
9⤵
PID:8372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
8⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
7⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47670.exe
6⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42466.exe
7⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49626.exe
8⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8919.exe
9⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13364.exe
10⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 236
10⤵
PID:13032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
9⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
8⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
7⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
6⤵
- Program crash
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
5⤵
- Program crash
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-44246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44246.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23889.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1998.exe
7⤵
PID:1124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20043.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36725.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47682.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
11⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44310.exe
12⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 236
11⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1124 -s 236
8⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-753.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21959.exe
9⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46930.exe
10⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9574.exe
11⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
10⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
9⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
8⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48246.exe
6⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49547.exe
7⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36378.exe
8⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30994.exe
9⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
8⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 236
7⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 240
6⤵
- Program crash
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42231.exe
6⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61374.exe
7⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
8⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40858.exe
9⤵
PID:10480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 220
10⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
9⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
8⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
7⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 216
6⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
5⤵
- Program crash
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
4⤵
- Program crash
PID:1052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
2⤵
- Program crash
PID:2600

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-24651.exe
Filesize
184KB

MD5
fe5bfebea72b2506e6c838f0caf223f8

SHA1
d59c45ccdeb9b6d33e94ee3c04257ef620026f26

SHA256
f0f8614fcb60b750e6d30bdecb41b02ba77b5749c2d84a66e2277e4ccb33bacc

SHA512
dc3e2749fc90bac0aa621f4975d88b5d373102c1a1391cdb164189f994197259dc7476358067b8a49a2d58044bccfccf3c672392ed6d7dd42802eeba9abc0d1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-27127.exe
Filesize
184KB

MD5
59634777caf2d6979eb25ef89420e8ad

SHA1
ca672f5e2de3cc340e17563092c9c9920a3199d1

SHA256
d256d2de445c5ab1e88d712125196ee66fb5ceba1b3817d37ac08699f86b9241

SHA512
0cc20b28b1ec7413ffbfa5ff08aa5a74c10d7fb98ac8108d5c8f7dad9c4b8d952d80de30f48d9dd28684977f899dec0a31dcf21a2c86a2df564f9cc277c838cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-34056.exe
Filesize
184KB

MD5
1804538e0c81720ab3d1c96aa7fae5c4

SHA1
8b23c56088ba8c10738d6ede1780fe091160bfb9

SHA256
57f9b72bbca7a199272e47f337d3890a0cf9172fa37409034d1cc00dd9bb92c4

SHA512
6d7dbb8a4c561c7920c2beed9958f7a3a963fa1f79ea188789ba6314a56fe150f79a42f97b99b0ed10fc9aa5c0db6586e03013c6e50f93fe3538eab7e43bde17

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39120.exe
Filesize
184KB

MD5
9e45dd07f26da2704a1902f21a067388

SHA1
dee2102cf420c9029ff74ecfbcbaea1bf5fe4a44

SHA256
ae07ecc7c62bc2bb80dc3ec4fe1b275b67c4f7d8c448740239ba730645588261

SHA512
78331067acfc1c28a643d8eb58495ddab0e60f76bb0379327ea835734c0e02dde8c132ead09fe77caf96145a9d362ac92ae952e03bf60bfd9afb2f09a409814e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
Filesize
184KB

MD5
261471d2f84ab7332883d69fb6ba2422

SHA1
bbea12b5680d3ee11d3574ab5d012dcdf1f1c049

SHA256
97b417f023b358f1cd8c2de318f3726abda882c9dcf7c735ac19b48d228d1486

SHA512
6fe0369cae30b5992d317b884f5c2d6f331615567482836212266a522bf6c40d66c19ba0a5abf5e21b90de6ddf334093ec310e3df15445adde0695f1b4387393

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40284.exe
Filesize
184KB

MD5
a5c7055f12654cd7552bc9b331f9a961

SHA1
c8ab3d065de3fde23d962ebb6b257b4f30b203b8

SHA256
02fd56a123bc623b6126ef7389496faf6e4eeb9c90c6263ad8f67bfb7e9d62f1

SHA512
baf8b8d87ba3ccde9dcb204575950b0c6e2bff1f20c17de3bfac1b533983bc2f0bda5d71e75dac73c889a359d9f2b11ffd8772e7ae0ffd52e219458d66f8b172

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47439.exe
Filesize
184KB

MD5
bc2ab0e0f49e9d721e2a4a11a10dc5bb

SHA1
527afa05be817b99ae47bce09ab99d0264e0e7f5

SHA256
58c4b084f28588262881937f777d63b7e180a70f45b0dc50c6cbcbb0cf15e22d

SHA512
da18f7a6756439b7a84703bfb415ff317fae9f94c57656af2b20d507b9ddf1791eec856056fa317e0bd68646457474827138c5d7810acb98c3f292942e3cb312

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54831.exe
Filesize
184KB

MD5
0cd4d1bb864a589a53589e2a191b4f24

SHA1
fe9700cd1d8d9f0bce9d85c0074daea7ee9ad668

SHA256
d9f91d73039fd4c85a9789726f879e709cb365d044a63032d3d2e63567166325

SHA512
2cb02c43dd7f2e4db9192f06f36eb6f1a582eb87d31c6c46a20671fe602a8c23f7f3ebb749cdaf358e2da2b1bb9eeb2246ab89028bd128d32b5dbda8d6d936b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55884.exe
Filesize
184KB

MD5
c2343dea0cda25fe7d3a2074176a8b3e

SHA1
2d5d776cdf9dad4fc4f83f6b96ba0679dc1458e9

SHA256
4cf52b4b19142fa18b092ec9dfaef762e39eecace19838120fd284cdd05d96d3

SHA512
423b92488859b018fb3e45a61d862b078979e2f16377df7501bf033b2d8572d2f71b7f0e195fda59d01bb99f2b6be847c787189e00515187caf1d2f1d2343932

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5763.exe
Filesize
184KB

MD5
99723edb56b921e9111f47320907fbc8

SHA1
9da8ad3d0175a99a2d588e49a19dc0668590dfcd

SHA256
12d5381ef1fffe052d6a3562ca24f785e9ea469c31803bc17733f2b0aae9cb02

SHA512
350dba9c03bccc6507070586b8213c5c51ea8618638c14dc12136629dc0ecc92c0c7d5f968fee5471d3dc995f066c9fb7359ada7a2f8df9c5e966f2d52822c1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59178.exe
Filesize
184KB

MD5
20037c80ca8231394c4c102bbf6b7637

SHA1
dc015a6a86032e93f3b1c1d44aa5cdbf6e4b3ecd

SHA256
fb2a89d2d698bdc33544f2d2062872631bf2c1358de8bfdfc2b99a07c81f0def

SHA512
e7560b1544423606abfeb22dbfce905b8d8732ec1e874665188e26dac4b8f61b1a4e62e57d5ad9576ff2ca395d99b279872b6a40350ba29061a66fb9c8f9d90a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6119.exe
Filesize
184KB

MD5
7cf37a37cea08c4370f8bf2a740fa069

SHA1
8ae4a7ca589b30bca681c3d67e9de9d1b8e29968

SHA256
9c2710dbe2405a1f293cc6639a48461c0b9ad5e369df21686d492a3ac7fc6d7d

SHA512
de39f058aeae618d6ad278d7548b8ddebf12e3e6ac41a596ce6b73a65980ac404241cb4c8a7ee8751c02bc2930e088e2b795c78776f2e01756b4d57dd6debc61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6796.exe
Filesize
184KB

MD5
43469c7dc8fcff253dbdbe40385610ee

SHA1
94468bd4c1068e935b1ce939296ad655d5cfcff7

SHA256
62aef5d7d10c469c17c8260f8d5bbef64c874c04da4e32d2af13b0335b6ff33c

SHA512
21c7f649e9c1f64cb0adc29a1e6b65cf7412e25a057fd6c576d224be6bede5ed2d01748377e2b002b2326b5d9fa998f056cbe02869b029fd56ab5c671546a91d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16459.exe
Filesize
184KB

MD5
0567e9f30ef8d575c3e467945f9f8c67

SHA1
a8fc3a9cd6b3d6897edf1cdb666efbbc04b39f8b

SHA256
0612ea243a57cb7c59f41e5c55a62e3c01eaaab93391f6adda1e32affa3f296b

SHA512
0cb6b181cb802f18ac1b1dd4f511e7b6a6dd1e4cd8ff36416c8e56503b8d4ca7bc655411feccfa371b95c19ea221b1b65148bc1751179735f85bad662bee0ffb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1767.exe
Filesize
184KB

MD5
95375199d96e5e177a61bf5d9aa530e0

SHA1
15efb70d37caeab0ceb90f228f26bb626a37f736

SHA256
7e18188cc10160f11c73222efcc96359f918c92e1b09033e2fa9f23b883c3728

SHA512
4905a7ee99de5da221ec6dfdd0a501a64f7b3865728784ca857afcf50d2b8a7f7d6bd38e14b490b9c53406a0dfb766d2b639c91f3a83e09112c14a3d779b5dc4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19304.exe
Filesize
184KB

MD5
84c3f400bc372a99c2a7dfa13e721ad5

SHA1
091d8ed91a797a59c071218a204ea5a6bfd68c96

SHA256
4b3683a86a3edd0110f891c94c264453dbc479a726c991fae8d91e5ba963d944

SHA512
0ce0c68c1d618f02e5e838a2073cb5597cc8f18ca7156e4ce007a45d2e405fe15b966f4425ccf8707ea2e641c36c410cdd192ae40a79d3f79ad8d7af8ce3b96a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26314.exe
Filesize
184KB

MD5
03079030eaa621b749f75ed936b5fe00

SHA1
97280d85793df17fbdb1a95b8aaf79eb0fb20148

SHA256
ba8f7182d61c9ba4ca3730bf14c36dda24db3dbe57adcd3bfe02d2cdb9284676

SHA512
09951a2bc9ec5198cf8c67ce89f489f2722255881ef6118ad680a354380646995c4d3a96b3a2870642640771856ff72f8c20aa0c17abeff07ec75cd9086f7238

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-38054.exe
Filesize
184KB

MD5
cbc9a18fe2b67299edcf7b1eeda13fe6

SHA1
708ab2ed2f99d7e79ae8137db480343fa429a634

SHA256
215d308d6b93ac6d0c52d7963c405fa1cde8a27fa1c594d2e0651c2fb6ac7c90

SHA512
0c04ac902830f75abe54dafdf13fdaa803a07826c08a6f0d0a22c49b0036fea69a3efe510ae911277b289b8b0dcff755d0a0386d04187507c948ad6bcbb3e26b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54893.exe
Filesize
184KB

MD5
d23ff1aa5b31dd79d0efb6216454c3e7

SHA1
c7876f3f2ec9ad8f063e5a9cf53e760f5ff1f897

SHA256
8ea48c002d4f6ae252a50681561707daa8389c9f2ceef4d5304919609dabcd91

SHA512
e43248f33d90af763423ef47610a1cb2f452ebe36fa3d8ade24368d47218e274fe0b80e68a4d7c8ec21dd619131546c2cf7044d44909db26afb23a6d29e50c99

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55287.exe
Filesize
184KB

MD5
a0bc4824d0f4027158832bf028ff7cfd

SHA1
99469e2caae2c2b4eb54aa07f45ae29b17d1341d

SHA256
701aaa67de997d98278e4c6d5fffb5d84616c246a76ed05e9473f7021fa05c7d

SHA512
1b7e21399233bebdbc9d765d660221ed70af3499a95e10fa4edab30b8d4ede9e562bf4e4dd25284c9ff2cfd6b4c58ffabc4e033b64218c30f2e051a9eea1a965

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9615.exe
Filesize
184KB

MD5
92d42e2e105744e945efb82f4072d32f

SHA1
0b1f722f9d5b7c9a20cf273813c5c4eb5f49f6be

SHA256
40157062adec4b3db2264aa5c59fb6d535792073c07390b539b9fcdf043ff445

SHA512
631c5ecf54a7578f1bcf12455b07eb453f34cd33a3f0669cb96e96594e827724b1d31470cea6580dd0ec7c1a1400bd30064037d8e942ad53992222560cee9380

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads