bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077

Analysis

max time kernel
150s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
Size

184KB
MD5

2b5b3cc4082b34c5bf0df3e4a0e8af9c
SHA1

44922fc4d9353cf2a9f607195b66f93816732e90
SHA256

bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077
SHA512

c84fbf228aa929d9ab2853fa05c2436e7d99342ba8547da13401e7d4800464ae7e141c1ef1179e54194559b62afbec4d15795dd91235b563859fa396f461827d
SSDEEP

3072:53e3QKoCn4cudFaWe0WLRW9HhlhViFFn3:53EoAqFalL89HhlhViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-15376.exeUnicorn-3809.exeUnicorn-48412.exeUnicorn-38889.exeUnicorn-9554.exeUnicorn-58755.exeUnicorn-27396.exeUnicorn-60068.exeUnicorn-40202.exeUnicorn-62668.exeUnicorn-17874.exeUnicorn-62476.exeUnicorn-20562.exeUnicorn-19493.exeUnicorn-33368.exeUnicorn-59651.exeUnicorn-6921.exeUnicorn-58198.exeUnicorn-8805.exeUnicorn-26019.exeUnicorn-24950.exeUnicorn-58691.exeUnicorn-38825.exeUnicorn-55162.exeUnicorn-60471.exeUnicorn-8810.exeUnicorn-12147.exeUnicorn-28292.exeUnicorn-7357.exeUnicorn-60772.exeUnicorn-57243.exeUnicorn-46740.exeUnicorn-59547.exeUnicorn-30212.exeUnicorn-62884.exeUnicorn-43018.exeUnicorn-30020.exeUnicorn-26490.exeUnicorn-46356.exeUnicorn-34037.exeUnicorn-17317.exeUnicorn-33195.exeUnicorn-3860.exeUnicorn-16667.exeUnicorn-20005.exeUnicorn-16475.exeUnicorn-4545.exeUnicorn-35957.exeUnicorn-49833.exeUnicorn-38069.exeUnicorn-2744.exeUnicorn-55282.exeUnicorn-6081.exeUnicorn-18888.exeUnicorn-18888.exeUnicorn-5889.exeUnicorn-5889.exeUnicorn-18696.exeUnicorn-54898.exeUnicorn-36101.exeUnicorn-55967.exeUnicorn-35577.exeUnicorn-38339.exeUnicorn-24524.exe

pid	process
2340	Unicorn-15376.exe
2596	Unicorn-3809.exe
2824	Unicorn-48412.exe
2620	Unicorn-38889.exe
2856	Unicorn-9554.exe
2648	Unicorn-58755.exe
2180	Unicorn-27396.exe
1716	Unicorn-60068.exe
2492	Unicorn-40202.exe
2504	Unicorn-62668.exe
1660	Unicorn-17874.exe
548	Unicorn-62476.exe
2852	Unicorn-20562.exe
824	Unicorn-19493.exe
2056	Unicorn-33368.exe
1812	Unicorn-59651.exe
2012	Unicorn-6921.exe
1140	Unicorn-58198.exe
2916	Unicorn-8805.exe
1924	Unicorn-26019.exe
1300	Unicorn-24950.exe
2000	Unicorn-58691.exe
1372	Unicorn-38825.exe
796	Unicorn-55162.exe
2400	Unicorn-60471.exe
1352	Unicorn-8810.exe
1084	Unicorn-12147.exe
1604	Unicorn-28292.exe
1612	Unicorn-7357.exe
2268	Unicorn-60772.exe
2232	Unicorn-57243.exe
1460	Unicorn-46740.exe
2992	Unicorn-59547.exe
2664	Unicorn-30212.exe
2676	Unicorn-62884.exe
2808	Unicorn-43018.exe
2564	Unicorn-30020.exe
2872	Unicorn-26490.exe
2628	Unicorn-46356.exe
1844	Unicorn-34037.exe
2732	Unicorn-17317.exe
772	Unicorn-33195.exe
632	Unicorn-3860.exe
912	Unicorn-16667.exe
328	Unicorn-20005.exe
2312	Unicorn-16475.exe
2612	Unicorn-4545.exe
1868	Unicorn-35957.exe
1020	Unicorn-49833.exe
2500	Unicorn-38069.exe
1784	Unicorn-2744.exe
1336	Unicorn-55282.exe
2008	Unicorn-6081.exe
2304	Unicorn-18888.exe
2488	Unicorn-18888.exe
2884	Unicorn-5889.exe
1576	Unicorn-5889.exe
2940	Unicorn-18696.exe
3044	Unicorn-54898.exe
2028	Unicorn-36101.exe
3028	Unicorn-55967.exe
2976	Unicorn-35577.exe
1072	Unicorn-38339.exe
1980	Unicorn-24524.exe

Loads dropped DLL 64 IoCs

Processes:

bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exeUnicorn-15376.exeUnicorn-3809.exeUnicorn-48412.exeWerFault.exeUnicorn-38889.exeUnicorn-58755.exeWerFault.exeWerFault.exeUnicorn-9554.exeUnicorn-27396.exeUnicorn-40202.exeUnicorn-60068.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-17874.exe

pid	process
1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
2340	Unicorn-15376.exe
2340	Unicorn-15376.exe
1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
2340	Unicorn-15376.exe
2596	Unicorn-3809.exe
2340	Unicorn-15376.exe
2596	Unicorn-3809.exe
2824	Unicorn-48412.exe
2824	Unicorn-48412.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2520	WerFault.exe
2620	Unicorn-38889.exe
2620	Unicorn-38889.exe
2648	Unicorn-58755.exe
2648	Unicorn-58755.exe
2596	Unicorn-3809.exe
2596	Unicorn-3809.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
2324	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
1064	WerFault.exe
2324	WerFault.exe
2856	Unicorn-9554.exe
2856	Unicorn-9554.exe
2180	Unicorn-27396.exe
2180	Unicorn-27396.exe
2620	Unicorn-38889.exe
2620	Unicorn-38889.exe
2492	Unicorn-40202.exe
2492	Unicorn-40202.exe
2648	Unicorn-58755.exe
1716	Unicorn-60068.exe
1716	Unicorn-60068.exe
2648	Unicorn-58755.exe
484	WerFault.exe
484	WerFault.exe
484	WerFault.exe
484	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
1320	WerFault.exe
600	WerFault.exe
600	WerFault.exe
600	WerFault.exe
600	WerFault.exe
484	WerFault.exe
1320	WerFault.exe
600	WerFault.exe
1660	Unicorn-17874.exe
1660	Unicorn-17874.exe
2180	Unicorn-27396.exe
2180	Unicorn-27396.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2656	1588	WerFault.exe	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
2520	2340	WerFault.exe	Unicorn-15376.exe
2324	2596	WerFault.exe	Unicorn-3809.exe
1064	2824	WerFault.exe	Unicorn-48412.exe
484	2620	WerFault.exe	Unicorn-38889.exe
600	2648	WerFault.exe	Unicorn-58755.exe
1320	2856	WerFault.exe	Unicorn-9554.exe
2928	2180	WerFault.exe	Unicorn-27396.exe
1676	2492	WerFault.exe	Unicorn-40202.exe
704	1716	WerFault.exe	Unicorn-60068.exe
1100	1660	WerFault.exe	Unicorn-17874.exe
1620	548	WerFault.exe	Unicorn-62476.exe
856	2056	WerFault.exe	Unicorn-33368.exe
1552	2852	WerFault.exe	Unicorn-20562.exe
1952	824	WerFault.exe	Unicorn-19493.exe
1760	1812	WerFault.exe	Unicorn-59651.exe
1600	2012	WerFault.exe	Unicorn-6921.exe
1636	1140	WerFault.exe	Unicorn-58198.exe
3068	2916	WerFault.exe	Unicorn-8805.exe
2632	1300	WerFault.exe	Unicorn-24950.exe
2888	1924	WerFault.exe	Unicorn-26019.exe
1736	1372	WerFault.exe	Unicorn-38825.exe
2788	2000	WerFault.exe	Unicorn-58691.exe
2240	796	WerFault.exe	Unicorn-55162.exe
1456	1352	WerFault.exe	Unicorn-8810.exe
2576	1084	WerFault.exe	Unicorn-12147.exe
2736	2268	WerFault.exe	Unicorn-60772.exe
340	2232	WerFault.exe	Unicorn-57243.exe
1528	1604	WerFault.exe	Unicorn-28292.exe
1108	1460	WerFault.exe	Unicorn-46740.exe
1872	2992	WerFault.exe	Unicorn-59547.exe
2016	2808	WerFault.exe	Unicorn-43018.exe
1984	2628	WerFault.exe	Unicorn-46356.exe
2152	2872	WerFault.exe	Unicorn-26490.exe
2952	2564	WerFault.exe	Unicorn-30020.exe
2544	2676	WerFault.exe	Unicorn-62884.exe
1824	1612	WerFault.exe	Unicorn-7357.exe
1380	2400	WerFault.exe	Unicorn-60471.exe
2480	2664	WerFault.exe	Unicorn-30212.exe
3864	632	WerFault.exe	Unicorn-3860.exe
3904	1844	WerFault.exe	Unicorn-34037.exe
3124	1020	WerFault.exe	Unicorn-49833.exe
3148	912	WerFault.exe	Unicorn-16667.exe
3200	328	WerFault.exe	Unicorn-20005.exe
3256	2732	WerFault.exe	Unicorn-17317.exe
3484	2884	WerFault.exe	Unicorn-5889.exe
3512	2304	WerFault.exe	Unicorn-18888.exe
3872	3028	WerFault.exe	Unicorn-55967.exe
3748	1784	WerFault.exe	Unicorn-2744.exe
3768	2612	WerFault.exe	Unicorn-4545.exe
3848	2488	WerFault.exe	Unicorn-18888.exe
3856	3044	WerFault.exe	Unicorn-54898.exe
3916	1576	WerFault.exe	Unicorn-5889.exe
3948	2312	WerFault.exe	Unicorn-16475.exe
4016	2008	WerFault.exe	Unicorn-6081.exe
3120	2840	WerFault.exe	Unicorn-892.exe
3188	604	WerFault.exe	Unicorn-47296.exe
3156	1808	WerFault.exe	Unicorn-50285.exe
3244	2940	WerFault.exe	Unicorn-18696.exe
3364	1792	WerFault.exe	Unicorn-62708.exe
3540	1584	WerFault.exe	Unicorn-46564.exe
3592	1988	WerFault.exe	Unicorn-17037.exe
3604	2080	WerFault.exe	Unicorn-47597.exe
3720	1508	WerFault.exe	Unicorn-10518.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exeUnicorn-15376.exeUnicorn-3809.exeUnicorn-48412.exeUnicorn-38889.exeUnicorn-9554.exeUnicorn-58755.exeUnicorn-27396.exeUnicorn-60068.exeUnicorn-40202.exeUnicorn-62668.exeUnicorn-17874.exeUnicorn-62476.exeUnicorn-20562.exeUnicorn-33368.exeUnicorn-19493.exeUnicorn-59651.exeUnicorn-6921.exeUnicorn-58198.exeUnicorn-8805.exeUnicorn-24950.exeUnicorn-26019.exeUnicorn-38825.exeUnicorn-58691.exeUnicorn-55162.exeUnicorn-60471.exeUnicorn-8810.exeUnicorn-12147.exeUnicorn-28292.exeUnicorn-7357.exeUnicorn-60772.exeUnicorn-57243.exeUnicorn-46740.exeUnicorn-59547.exeUnicorn-30212.exeUnicorn-43018.exeUnicorn-62884.exeUnicorn-30020.exeUnicorn-46356.exeUnicorn-26490.exeUnicorn-34037.exeUnicorn-17317.exeUnicorn-33195.exeUnicorn-3860.exeUnicorn-16667.exeUnicorn-20005.exeUnicorn-16475.exeUnicorn-4545.exeUnicorn-35957.exeUnicorn-49833.exeUnicorn-38069.exeUnicorn-2744.exeUnicorn-55282.exeUnicorn-6081.exeUnicorn-18888.exeUnicorn-18888.exeUnicorn-5889.exeUnicorn-5889.exeUnicorn-18696.exeUnicorn-54898.exeUnicorn-36101.exeUnicorn-38339.exeUnicorn-24524.exeUnicorn-61603.exe

pid	process
1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
2340	Unicorn-15376.exe
2596	Unicorn-3809.exe
2824	Unicorn-48412.exe
2620	Unicorn-38889.exe
2856	Unicorn-9554.exe
2648	Unicorn-58755.exe
2180	Unicorn-27396.exe
1716	Unicorn-60068.exe
2492	Unicorn-40202.exe
2504	Unicorn-62668.exe
1660	Unicorn-17874.exe
548	Unicorn-62476.exe
2852	Unicorn-20562.exe
2056	Unicorn-33368.exe
824	Unicorn-19493.exe
1812	Unicorn-59651.exe
2012	Unicorn-6921.exe
1140	Unicorn-58198.exe
2916	Unicorn-8805.exe
1300	Unicorn-24950.exe
1924	Unicorn-26019.exe
1372	Unicorn-38825.exe
2000	Unicorn-58691.exe
796	Unicorn-55162.exe
2400	Unicorn-60471.exe
1352	Unicorn-8810.exe
1084	Unicorn-12147.exe
1604	Unicorn-28292.exe
1612	Unicorn-7357.exe
2268	Unicorn-60772.exe
2232	Unicorn-57243.exe
1460	Unicorn-46740.exe
2992	Unicorn-59547.exe
2664	Unicorn-30212.exe
2808	Unicorn-43018.exe
2676	Unicorn-62884.exe
2564	Unicorn-30020.exe
2628	Unicorn-46356.exe
2872	Unicorn-26490.exe
1844	Unicorn-34037.exe
2732	Unicorn-17317.exe
772	Unicorn-33195.exe
632	Unicorn-3860.exe
912	Unicorn-16667.exe
328	Unicorn-20005.exe
2312	Unicorn-16475.exe
2612	Unicorn-4545.exe
1868	Unicorn-35957.exe
1020	Unicorn-49833.exe
2500	Unicorn-38069.exe
1784	Unicorn-2744.exe
1336	Unicorn-55282.exe
2008	Unicorn-6081.exe
2304	Unicorn-18888.exe
2488	Unicorn-18888.exe
2884	Unicorn-5889.exe
1576	Unicorn-5889.exe
2940	Unicorn-18696.exe
3044	Unicorn-54898.exe
2028	Unicorn-36101.exe
1072	Unicorn-38339.exe
1980	Unicorn-24524.exe
1340	Unicorn-61603.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exeUnicorn-15376.exeUnicorn-3809.exeUnicorn-48412.exeUnicorn-38889.exeUnicorn-58755.exeUnicorn-9554.exeUnicorn-27396.exe

description	pid	process	target process
PID 1588 wrote to memory of 2340	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-15376.exe
PID 1588 wrote to memory of 2340	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-15376.exe
PID 1588 wrote to memory of 2340	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-15376.exe
PID 1588 wrote to memory of 2340	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-15376.exe
PID 2340 wrote to memory of 2596	2340	Unicorn-15376.exe	Unicorn-3809.exe
PID 2340 wrote to memory of 2596	2340	Unicorn-15376.exe	Unicorn-3809.exe
PID 2340 wrote to memory of 2596	2340	Unicorn-15376.exe	Unicorn-3809.exe
PID 2340 wrote to memory of 2596	2340	Unicorn-15376.exe	Unicorn-3809.exe
PID 1588 wrote to memory of 2824	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-48412.exe
PID 1588 wrote to memory of 2824	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-48412.exe
PID 1588 wrote to memory of 2824	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-48412.exe
PID 1588 wrote to memory of 2824	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	Unicorn-48412.exe
PID 1588 wrote to memory of 2656	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	WerFault.exe
PID 1588 wrote to memory of 2656	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	WerFault.exe
PID 1588 wrote to memory of 2656	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	WerFault.exe
PID 1588 wrote to memory of 2656	1588	bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe	WerFault.exe
PID 2340 wrote to memory of 2620	2340	Unicorn-15376.exe	Unicorn-38889.exe
PID 2340 wrote to memory of 2620	2340	Unicorn-15376.exe	Unicorn-38889.exe
PID 2340 wrote to memory of 2620	2340	Unicorn-15376.exe	Unicorn-38889.exe
PID 2340 wrote to memory of 2620	2340	Unicorn-15376.exe	Unicorn-38889.exe
PID 2596 wrote to memory of 2648	2596	Unicorn-3809.exe	Unicorn-58755.exe
PID 2596 wrote to memory of 2648	2596	Unicorn-3809.exe	Unicorn-58755.exe
PID 2596 wrote to memory of 2648	2596	Unicorn-3809.exe	Unicorn-58755.exe
PID 2596 wrote to memory of 2648	2596	Unicorn-3809.exe	Unicorn-58755.exe
PID 2824 wrote to memory of 2856	2824	Unicorn-48412.exe	Unicorn-9554.exe
PID 2824 wrote to memory of 2856	2824	Unicorn-48412.exe	Unicorn-9554.exe
PID 2824 wrote to memory of 2856	2824	Unicorn-48412.exe	Unicorn-9554.exe
PID 2824 wrote to memory of 2856	2824	Unicorn-48412.exe	Unicorn-9554.exe
PID 2340 wrote to memory of 2520	2340	Unicorn-15376.exe	WerFault.exe
PID 2340 wrote to memory of 2520	2340	Unicorn-15376.exe	WerFault.exe
PID 2340 wrote to memory of 2520	2340	Unicorn-15376.exe	WerFault.exe
PID 2340 wrote to memory of 2520	2340	Unicorn-15376.exe	WerFault.exe
PID 2620 wrote to memory of 2180	2620	Unicorn-38889.exe	Unicorn-27396.exe
PID 2620 wrote to memory of 2180	2620	Unicorn-38889.exe	Unicorn-27396.exe
PID 2620 wrote to memory of 2180	2620	Unicorn-38889.exe	Unicorn-27396.exe
PID 2620 wrote to memory of 2180	2620	Unicorn-38889.exe	Unicorn-27396.exe
PID 2648 wrote to memory of 1716	2648	Unicorn-58755.exe	Unicorn-60068.exe
PID 2648 wrote to memory of 1716	2648	Unicorn-58755.exe	Unicorn-60068.exe
PID 2648 wrote to memory of 1716	2648	Unicorn-58755.exe	Unicorn-60068.exe
PID 2648 wrote to memory of 1716	2648	Unicorn-58755.exe	Unicorn-60068.exe
PID 2596 wrote to memory of 2492	2596	Unicorn-3809.exe	Unicorn-40202.exe
PID 2596 wrote to memory of 2492	2596	Unicorn-3809.exe	Unicorn-40202.exe
PID 2596 wrote to memory of 2492	2596	Unicorn-3809.exe	Unicorn-40202.exe
PID 2596 wrote to memory of 2492	2596	Unicorn-3809.exe	Unicorn-40202.exe
PID 2596 wrote to memory of 2324	2596	Unicorn-3809.exe	WerFault.exe
PID 2596 wrote to memory of 2324	2596	Unicorn-3809.exe	WerFault.exe
PID 2596 wrote to memory of 2324	2596	Unicorn-3809.exe	WerFault.exe
PID 2596 wrote to memory of 2324	2596	Unicorn-3809.exe	WerFault.exe
PID 2824 wrote to memory of 1064	2824	Unicorn-48412.exe	WerFault.exe
PID 2824 wrote to memory of 1064	2824	Unicorn-48412.exe	WerFault.exe
PID 2824 wrote to memory of 1064	2824	Unicorn-48412.exe	WerFault.exe
PID 2824 wrote to memory of 1064	2824	Unicorn-48412.exe	WerFault.exe
PID 2856 wrote to memory of 2504	2856	Unicorn-9554.exe	Unicorn-62668.exe
PID 2856 wrote to memory of 2504	2856	Unicorn-9554.exe	Unicorn-62668.exe
PID 2856 wrote to memory of 2504	2856	Unicorn-9554.exe	Unicorn-62668.exe
PID 2856 wrote to memory of 2504	2856	Unicorn-9554.exe	Unicorn-62668.exe
PID 2180 wrote to memory of 1660	2180	Unicorn-27396.exe	Unicorn-17874.exe
PID 2180 wrote to memory of 1660	2180	Unicorn-27396.exe	Unicorn-17874.exe
PID 2180 wrote to memory of 1660	2180	Unicorn-27396.exe	Unicorn-17874.exe
PID 2180 wrote to memory of 1660	2180	Unicorn-27396.exe	Unicorn-17874.exe
PID 2620 wrote to memory of 548	2620	Unicorn-38889.exe	Unicorn-62476.exe
PID 2620 wrote to memory of 548	2620	Unicorn-38889.exe	Unicorn-62476.exe
PID 2620 wrote to memory of 548	2620	Unicorn-38889.exe	Unicorn-62476.exe
PID 2620 wrote to memory of 548	2620	Unicorn-38889.exe	Unicorn-62476.exe

C:\Users\Admin\AppData\Local\Temp\bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe
"C:\Users\Admin\AppData\Local\Temp\bebc21c58a8758d61a39312c960e98d5a3f684a94edb67b875c7c77df5933077.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58691.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30020.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54898.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33565.exe
10⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34310.exe
11⤵
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45587.exe
12⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51704.exe
13⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59892.exe
14⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27942.exe
15⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
15⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
14⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
13⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3384 -s 216
12⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 236
11⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47117.exe
10⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28426.exe
11⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
12⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
13⤵
PID:8948

C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33235.exe
14⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8948 -s 216
14⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
13⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
12⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 236
11⤵
PID:5160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
10⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
9⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18742.exe
10⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39671.exe
11⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
12⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54443.exe
13⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44039.exe
14⤵
PID:10836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 216
14⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
13⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
12⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
11⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
10⤵
- Program crash
PID:3364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
9⤵
- Program crash
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36101.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
9⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
10⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24212.exe
11⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
12⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37230.exe
13⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5559.exe
14⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
14⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
13⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
12⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
11⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24512.exe
10⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58834.exe
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20126.exe
12⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28196.exe
13⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 216
13⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
12⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
11⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 220
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20661.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18940.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47283.exe
11⤵
PID:6776

C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15380.exe
12⤵
PID:9280

C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60665.exe
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6776 -s 216
12⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
10⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
9⤵
PID:3900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
8⤵
- Program crash
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26490.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-55967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55967.exe
8⤵
- Executes dropped EXE
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
9⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32582.exe
10⤵
PID:332

C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
11⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61221.exe
12⤵
PID:6196

C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39617.exe
13⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
14⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 216
14⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6196 -s 216
13⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4668 -s 216
12⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 332 -s 236
11⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
10⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12524.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23937.exe
10⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4651.exe
11⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
12⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54049.exe
13⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
13⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 236
12⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
11⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
9⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46372.exe
8⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27371.exe
9⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32801.exe
10⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19243.exe
11⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57662.exe
12⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
12⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
9⤵
PID:4304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
8⤵
- Program crash
PID:2152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
7⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55162.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:796

C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46356.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
9⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56754.exe
10⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49848.exe
11⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2823.exe
12⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65464.exe
13⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 236
13⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
12⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
11⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 236
10⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
9⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
8⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7683.exe
10⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11662.exe
11⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
12⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21561.exe
13⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 236
13⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
12⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
11⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
9⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
8⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16736.exe
8⤵
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50729.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27850.exe
10⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43074.exe
11⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
12⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15622.exe
13⤵
PID:1768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 236
13⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
12⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4380 -s 236
11⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 236
10⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 216
9⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62800.exe
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
10⤵
PID:6640

C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
11⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8380 -s 212
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6640 -s 216
11⤵
PID:9900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5060 -s 216
10⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 236
9⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
8⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 796 -s 240
7⤵
- Program crash
PID:2240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
6⤵
- Program crash
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33368.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26019.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30212.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50285.exe
9⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16054.exe
10⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45447.exe
11⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29042.exe
12⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6477.exe
13⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29182.exe
14⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 216
14⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 236
13⤵
PID:9620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
11⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 236
10⤵
- Program crash
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48077.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46381.exe
10⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33640.exe
11⤵
PID:6328

C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38657.exe
12⤵
PID:8976

C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
13⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8976 -s 220
13⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6328 -s 216
12⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
11⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
10⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
9⤵
- Program crash
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30227.exe
8⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23890.exe
9⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32936.exe
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
12⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
11⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 236
10⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
9⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
8⤵
- Program crash
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-892.exe
8⤵
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40418.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32059.exe
10⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50763.exe
11⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22385.exe
12⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
12⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
11⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 236
9⤵
PID:4848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 236
8⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
7⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43018.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5889.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17037.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33817.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6422.exe
10⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43458.exe
11⤵
PID:5792

C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3898.exe
12⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64085.exe
13⤵
PID:952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
13⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 236
12⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
11⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
10⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
9⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
8⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10828.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-775.exe
10⤵
PID:6360

C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44132.exe
11⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56473.exe
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 216
12⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6360 -s 216
11⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
9⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
8⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62708.exe
7⤵
PID:1880

C:\Users\Admin\AppData\Local\Temp\Unicorn-4299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4299.exe
8⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50782.exe
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36347.exe
10⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32084.exe
11⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 216
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5280 -s 236
10⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
9⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1880 -s 216
8⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
7⤵
- Program crash
PID:2016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
6⤵
- Program crash
PID:856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46740.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38069.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
9⤵
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23999.exe
10⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58239.exe
11⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61375.exe
12⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5557.exe
13⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57264.exe
14⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
13⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
12⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
11⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 236
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20085.exe
9⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10356.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13985.exe
11⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50389.exe
12⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
10⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46948.exe
8⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35353.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29578.exe
10⤵
PID:4592

C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61605.exe
11⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
12⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3914.exe
13⤵
PID:10620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
13⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 236
12⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4592 -s 216
11⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
10⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 236
9⤵
PID:4116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 240
8⤵
- Program crash
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2744.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47597.exe
8⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34694.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13708.exe
10⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
11⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54692.exe
12⤵
PID:8912

C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50557.exe
13⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
13⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
12⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
11⤵
PID:7648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:5288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
9⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62768.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43418.exe
9⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61522.exe
10⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38553.exe
11⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40865.exe
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 216
12⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 236
11⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
10⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 220
8⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 240
7⤵
- Program crash
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59547.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25209.exe
7⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62724.exe
8⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32629.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38948.exe
10⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
12⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
12⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
11⤵
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
10⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 216
9⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59743.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24724.exe
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25652.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17525.exe
11⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
11⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 236
10⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
8⤵
PID:4920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
7⤵
- Program crash
PID:1872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
6⤵
- Program crash
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38825.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62884.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-55282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55282.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13855.exe
8⤵
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18441.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
10⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52088.exe
11⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
12⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30511.exe
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 204
13⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
12⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
11⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 236
9⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46515.exe
8⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11954.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49675.exe
10⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28263.exe
11⤵
PID:8376

C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62389.exe
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 216
12⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 216
10⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 236
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 220
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13206.exe
7⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64923.exe
9⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45480.exe
10⤵
PID:7300

C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
11⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7300 -s 216
11⤵
PID:11164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
10⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
8⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 220
7⤵
- Program crash
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18888.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1276.exe
7⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35545.exe
8⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60496.exe
9⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64667.exe
10⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10883.exe
11⤵
PID:9132

C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57049.exe
12⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9132 -s 220
12⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
11⤵
PID:9916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15487.exe
7⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44077.exe
8⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43624.exe
9⤵
PID:6236

C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-31981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31981.exe
11⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 236
11⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6236 -s 216
10⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
9⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
8⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
- Program crash
PID:3848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 240
6⤵
- Program crash
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
5⤵
- Program crash
PID:1676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59651.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60471.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17317.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47104.exe
9⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56095.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10465.exe
11⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44271.exe
12⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27727.exe
13⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
13⤵
PID:10952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 236
12⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
11⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 216
10⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 236
9⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28115.exe
8⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
9⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63496.exe
10⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29144.exe
11⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35563.exe
12⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49677.exe
13⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7312 -s 216
12⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
11⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
10⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 216
9⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
8⤵
- Program crash
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1812 -s 240
7⤵
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8810.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34037.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61603.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
9⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30216.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23463.exe
11⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42180.exe
12⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49764.exe
13⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 236
13⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
12⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
11⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60594.exe
9⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38839.exe
10⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18859.exe
11⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9395.exe
12⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 220
12⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 236
11⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
10⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 220
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59387.exe
8⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64232.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5808.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36155.exe
11⤵
PID:7560

C:\Users\Admin\AppData\Local\Temp\Unicorn-8653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8653.exe
12⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7560 -s 216
12⤵
PID:11256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
10⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 216
9⤵
PID:4840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 240
8⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29860.exe
8⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29339.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19627.exe
11⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42862.exe
12⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 236
11⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
9⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44450.exe
8⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
10⤵
PID:7956

C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48036.exe
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7956 -s 216
11⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5528 -s 236
10⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 240
7⤵
- Program crash
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
6⤵
- Program crash
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6921.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12147.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3860.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38339.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1072

C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47156.exe
9⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13988.exe
10⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56462.exe
11⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36238.exe
12⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15171.exe
13⤵
PID:10592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
13⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 236
12⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-60319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60319.exe
9⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21953.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-51889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51889.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55607.exe
12⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
11⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
10⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1072 -s 240
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43434.exe
8⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15909.exe
9⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7811.exe
10⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58407.exe
11⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52691.exe
12⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 216
12⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
11⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
8⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24524.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30244.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31560.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43716.exe
11⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
12⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
12⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 236
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
9⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9046.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9014.exe
10⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
11⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 236
10⤵
PID:9096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
8⤵
PID:5228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
7⤵
- Program crash
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63824.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41212.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59090.exe
9⤵
PID:4224

C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12641.exe
10⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
11⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
11⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4224 -s 216
10⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
7⤵
- Program crash
PID:3148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
6⤵
- Program crash
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
5⤵
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58198.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20005.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47296.exe
8⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32390.exe
9⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36324.exe
10⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59711.exe
11⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18590.exe
12⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37106.exe
13⤵
PID:1644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
13⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
11⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
10⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 216
9⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
8⤵
- Program crash
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43574.exe
7⤵
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-459.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28483.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33339.exe
10⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27879.exe
11⤵
PID:8564

C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58694.exe
12⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8564 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
11⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
8⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
7⤵
- Program crash
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16475.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63632.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50646.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11487.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1818.exe
10⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25767.exe
11⤵
PID:9192

C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60064.exe
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9192 -s 216
12⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
11⤵
PID:9864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 236
9⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
8⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29519.exe
7⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59837.exe
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
9⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27988.exe
10⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42384.exe
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 220
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
10⤵
PID:9784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
9⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
8⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 240
6⤵
- Program crash
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7357.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
7⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33049.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11871.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33064.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15169.exe
11⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
12⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
8⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
7⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59562.exe
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10292.exe
9⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39809.exe
10⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41424.exe
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 220
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5236 -s 216
10⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
9⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
8⤵
PID:6076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 220
7⤵
- Program crash
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43766.exe
6⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24274.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27461.exe
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45122.exe
9⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6852.exe
10⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
10⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
9⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
8⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 236
7⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
6⤵
- Program crash
PID:1824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
5⤵
- Program crash
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8805.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60772.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35577.exe
7⤵
- Executes dropped EXE
PID:2976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
7⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49833.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47488.exe
7⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7387.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16662.exe
9⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50993.exe
10⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
11⤵
PID:8732

C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29156.exe
12⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8732 -s 220
12⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 236
11⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
10⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
9⤵
PID:5732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35570.exe
7⤵
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 220
7⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
6⤵
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57243.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63248.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40745.exe
8⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13132.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5357.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15765.exe
11⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 200
12⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
11⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
9⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-21730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21730.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40642.exe
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12558.exe
9⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
10⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5567.exe
11⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 236
10⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
9⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
8⤵
PID:6008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 240
7⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10518.exe
6⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33433.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8067.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26271.exe
9⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21771.exe
10⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20910.exe
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 216
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
10⤵
PID:9484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
9⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
8⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
7⤵
- Program crash
PID:3720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
6⤵
- Program crash
PID:340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:1064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
2⤵
- Program crash
PID:2656

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-17421.exe
Filesize
184KB

MD5
7461b9df7538a8a9afac070813c0a4ed

SHA1
0181815963257b527aaa789b017260e60881f10c

SHA256
891de373fb3351eedf9ee0e685d06a3c88cee0425dcdb41ee2f40f00e2effdf2

SHA512
139fa03b86ad16b0b5b3e2a281a38a6a7e541b393eec08e956baf197b7c9ea64445687b6116d29ef6ee52c0464c24dfef5b42d3df6204ce7c31e1948c7351743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-20562.exe
Filesize
184KB

MD5
5d33cfefc28ad42e0ce002ef79897b39

SHA1
271f0a07eb2773f08c0352a795f039b4443c8e3e

SHA256
13cfe30c7018eae2ca3fd196f76661bbe8fb2768d7d9b472f7da850736789242

SHA512
261eae0a5f4b0751a6299e305cc172e4b980e136c03b464720397eab70bbbcbb30ead09450f1bd0392a85185479750bbf36f858bd1008ebe274b75cd4d945fcd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22887.exe
Filesize
184KB

MD5
a4835ef2373626258c94ba9459fe14d6

SHA1
aae6c2844ff19f99d15c263d899fda988d4b0d77

SHA256
e337b253cd6123dead2e78076ae39bab9a4afdff3d90b4ef4515025748af1841

SHA512
f770ca9f1ef8a8ecaee33904c6655dc75a961a7b2a57cacf1e34b8c4940450e5fccece7bd2eb3c4b5aefe2302c59a065fcb856c6037e33f201255b399e2612d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23281.exe
Filesize
184KB

MD5
b5d499e854740efe75b6b60e6e531ff8

SHA1
90247f99409aa9fe7f63021ee5364e011f6f20a2

SHA256
84be2bddcfe1c5817ff5ccefbfd192d65d7398152c5153a0934f25e24ae08b55

SHA512
fa35f2bba871ee6a9c29b6e3df3ffc96b84efe6177b8340435cbf77eeebbb263de93f86f39ec800f25c02312d92f9a3c074145e4fad8e5c9a0a05b52de60ce27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38889.exe
Filesize
184KB

MD5
2e275033624eaedef9651fdcfe3c3c7a

SHA1
653fb30cb1985fc4cbc3522652b4252c7c08e8a7

SHA256
6a08ae0112988f82b4465503993a5f8a8b19f36f6053f475615c8ffa89081f0a

SHA512
f297ccf0a6c108a5661864e5107f50b7d5fb767a7816945f3a4f18208a8eba37b1288bc82823a748a1c56a7225a2d8df4c526b0da680be047b898160921275d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
Filesize
184KB

MD5
7a251841335151aa3d40d0402bb0049f

SHA1
a7039ea7df9bd50db670300445ef2aadedb9d161

SHA256
8abb29605600dd796e4d712d192b695bb94f2eded9f2d910a1d8e0a75778cc3b

SHA512
d5f6deb05f382058a05c78572ec1ba760525519cbb400553375a302d9576be3737beb181cad40538daecd89e2d5493c3c219296e189cd2886e38215f08290823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60068.exe
Filesize
184KB

MD5
ecbfddacf5f789047d2dd220892a541a

SHA1
f86b03011c728d13b0913d9ac1d9e53a2810aa4a

SHA256
b994dbbf39ef7135849030e9a24674859a054679de1ec3f9ad3a3051b635939f

SHA512
2dbee1ccfbf0a22cad4b459b8996b4fa8769a7dec7e2419422c754d3dbd01d445a12c36891b2f6e66a5e290d5292d6f21af245d2e558d41c838a1228f5bb0489

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6081.exe
Filesize
184KB

MD5
e36d315b7d2224addcd0a5912e5d41a1

SHA1
5016ae97ba22a6d69890fea030942b4e1a10fb15

SHA256
debe738a236a8ae4f2af4d59d09bbc818e7cd1aa3900632d3b4c7565ddb5bdc4

SHA512
76c14317b81d6cad43ed2aeb9ccb5f3fc8a6431bb73d5ab86479a992cd46d1b911faea82fa455f12688f35ca19d45018f5ce9ff8a9dcb50e00d03b32ee7dbd35

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9554.exe
Filesize
184KB

MD5
16c5ac5287018b58a6560642dc7e3e63

SHA1
a901db565ea3099b6e1bc028ca2c011f83957635

SHA256
3b0039b042682e94b47b36cfd093986b002248b4d9875db6e9db0c60b85cc98a

SHA512
4f46d202f54fd463763fe0e6441ac49b69fba6c4044885d9ef5f35c6a03e704ff43a0e995706d6c3bdf45ea67e23c1ba3b3a03627f248d142bdfe37b62e9dfcb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15376.exe
Filesize
184KB

MD5
93fa48b1c3b3fe1f6f1741e95286154b

SHA1
db1d1e9fc5814442e1bea5907372f503c839d190

SHA256
bb31c9200f9046c9b4d44f94262a843c66d2f90acf6aa7c57e42ca422f549318

SHA512
bffe3ca04947771442425f31a6f668f6709d0017dd8a8160f634b91a5ff127c38033bc86619143e15061692cbdadae996558aabb7d89cb2bc189b368815194c3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-17874.exe
Filesize
184KB

MD5
dc64e9a69052066b7ec76cf5b5827428

SHA1
743e754febcf38dbd0c6db88ed9fa28ce9e54652

SHA256
2b8961874207c1e9fa235a41f5f2fab08165be1624a7971665aa2addcdc4bbd4

SHA512
3b6a6b49466d0374a9df89a6f8a4ee7df181e9f8d20507069a1895a4081debacbc5977e30450af5d9e0812685b6d775f4b602794478553db428c0909ef4197ad

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27396.exe
Filesize
184KB

MD5
dda1d136a015bb3a7eaf4b3d78133a5a

SHA1
7f11eba6eb359f8f495c435e10225c334d7c6d00

SHA256
43b841dfed5d8d54cfeafafcf5dcb6ed0f23ae2aec349b5b9bacdd4eff0f8eee

SHA512
2c579be47285974ac7ed95b8123c8d9791d0ca79b98166a43ba118ccfb466174b7552f449eef297df3f39dc3f9f796af7fff5efeb078b092f483facc9d07d3cc

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3809.exe
Filesize
184KB

MD5
76769cb399964781836bcbd0e34f8244

SHA1
7f8acc9fd71defab36d97953dfcbc9c600131de2

SHA256
a5344e45384da1c2f60683c98642b7edcb13bb27d4b55dce235cd40c2d8ee83f

SHA512
2b704c4fa461e5f32fe59dd649edb7201468c83ef85f05bb56155c8a4e353866b3dbbf4b48ae7a1d125193ad18cc1fe3ec64ea9f275461f308ab37dc2a6f8907

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40202.exe
Filesize
184KB

MD5
d9a091ea022fb2c4744cc8c425ffc020

SHA1
df88d7f4b2db1b18dfa20f7a49b428e97e1c6b03

SHA256
a86ef3a3f61e43bc978ed419620e878482e08a5e3161a0809afaabf201873159

SHA512
a0b8395bf7979e074885dd816659170f0b596004357df0f56417c6e9e3e23927dfd121ac4b3b51403141e0cfd29a61169c209d4951e50f68b7a598992c81bf38

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
Filesize
184KB

MD5
ad8dc038e3952bde2cbf4f7d37162b32

SHA1
bed13271046c3f4b07824d96bfc5dfaaf044ccea

SHA256
1cdc4a6f5e954b3f6457331e06940f5c6574c5941ac003e30b775d782fa262f2

SHA512
12f0e3c6e0b286b9602ad5aaea1e28880e2b004748681c04a6984f9f5eb33076283d26bccd225bd2f7830fb3915c4f0fb2a3bba754cde965c3ef89d7c2c382c2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58755.exe
Filesize
184KB

MD5
d6a7b672e74fab4f775c4baa7c7d37e5

SHA1
12f99d2add4c156cdd1eff82aef7091fe5e29bdf

SHA256
7656ac01c20885ae71ea06ac07f160e1230fe9fb93bb3e18c7a4f815a5fc042c

SHA512
a06177af33f4a7723babeca0f20324d4ec71e0c93021af09c95fe042e4f7d4fcced4ef5019c6fba609da329945cac9a1653b5fcd9ee0fcf2f3304b9352c5e520

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62476.exe
Filesize
184KB

MD5
197484869a20cd576c140f2dc84c3d5c

SHA1
b80dbc47d576babd64a21c07dbb66451f41ade22

SHA256
330200f273c3e75fea171d9e360f0237ab325c38bc816165a8a53c39852a0841

SHA512
85a065ff9cf9c7c34eaf7cc806525c9bea76c7eb08cac24c039faadef8c0f5451cca1f257fc0ca2a9f7d9aebc54138faf4d9336fac4c0d5089f93355eefb469b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62668.exe
Filesize
184KB

MD5
d1108d3afbfc0eb9cdc4cdff9899f095

SHA1
fdaee9aad5b218d9f96624ef0a8a5dea0f2417f5

SHA256
9064a15b3fa4477477f594207e355f3b2b91039785eb79ae5c00bf30301207bd

SHA512
0f8766c4b3bd83310d551c29716284fd951ca5bd063189f109563a317c6c921882782be9cdc7862778dc8d6f583a224ec30437a99f96e4d02a16e59bf879fc9a

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads