b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe
Size

184KB
MD5

4b184a7b53576c965a565e4ae80722fc
SHA1

fbbb4b1cf82404fa106ac3c3a6ec45a63346409b
SHA256

b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b
SHA512

6c74f5070f6cd156deed7bd21ff77527c47ae1878029b0236f71d352b3cb6f0eefd21ba14fe48b55f424767c16f61c24d32f76def6d2fb154aef4db05ebd9962
SSDEEP

3072:qnMQCEoldyIzdpjYeu7LQxNEIK4YCPJJiHWCB5blUDbhlnVOFBnT:qnxolppj4LENEI90bGhlnVOFB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-18133.exeUnicorn-23520.exeUnicorn-53924.exeUnicorn-56086.exeUnicorn-3548.exeUnicorn-23414.exeUnicorn-26855.exeUnicorn-31192.exeUnicorn-51058.exeUnicorn-44836.exeUnicorn-4685.exeUnicorn-20640.exeUnicorn-40506.exeUnicorn-18467.exeUnicorn-21181.exeUnicorn-18912.exeUnicorn-52483.exeUnicorn-52161.exeUnicorn-6489.exeUnicorn-26184.exeUnicorn-39182.exeUnicorn-59240.exeUnicorn-54834.exeUnicorn-26760.exeUnicorn-26952.exeUnicorn-30734.exeUnicorn-6744.exeUnicorn-57590.exeUnicorn-57590.exeUnicorn-53184.exeUnicorn-51560.exeUnicorn-53376.exeUnicorn-22718.exeUnicorn-16365.exeUnicorn-46750.exeUnicorn-27975.exeUnicorn-41165.exeUnicorn-43268.exeUnicorn-43460.exeUnicorn-23594.exeUnicorn-10979.exeUnicorn-6573.exeUnicorn-26439.exeUnicorn-11171.exeUnicorn-56843.exeUnicorn-59687.exeUnicorn-372.exeUnicorn-372.exeUnicorn-60491.exeUnicorn-30279.exeUnicorn-30279.exeUnicorn-10413.exeUnicorn-10413.exeUnicorn-1963.exeUnicorn-47827.exeUnicorn-24029.exeUnicorn-41626.exeUnicorn-48595.exeUnicorn-21533.exeUnicorn-51937.exeUnicorn-6265.exeUnicorn-39322.exeUnicorn-34915.exeUnicorn-22493.exe

pid	process
2420	Unicorn-18133.exe
1648	Unicorn-23520.exe
2668	Unicorn-53924.exe
2624	Unicorn-56086.exe
2636	Unicorn-3548.exe
2876	Unicorn-23414.exe
2688	Unicorn-26855.exe
2892	Unicorn-31192.exe
3048	Unicorn-51058.exe
2864	Unicorn-44836.exe
2300	Unicorn-4685.exe
2084	Unicorn-20640.exe
552	Unicorn-40506.exe
1724	Unicorn-18467.exe
1400	Unicorn-21181.exe
2940	Unicorn-18912.exe
536	Unicorn-52483.exe
1232	Unicorn-52161.exe
1304	Unicorn-6489.exe
2392	Unicorn-26184.exe
2044	Unicorn-39182.exe
1540	Unicorn-59240.exe
620	Unicorn-54834.exe
1924	Unicorn-26760.exe
616	Unicorn-26952.exe
2948	Unicorn-30734.exe
2328	Unicorn-6744.exe
2196	Unicorn-57590.exe
468	Unicorn-57590.exe
548	Unicorn-53184.exe
1940	Unicorn-51560.exe
2428	Unicorn-53376.exe
2612	Unicorn-22718.exe
2672	Unicorn-16365.exe
2912	Unicorn-46750.exe
3060	Unicorn-27975.exe
2744	Unicorn-41165.exe
352	Unicorn-43268.exe
3024	Unicorn-43460.exe
2404	Unicorn-23594.exe
2792	Unicorn-10979.exe
3004	Unicorn-6573.exe
2412	Unicorn-26439.exe
1048	Unicorn-11171.exe
316	Unicorn-56843.exe
288	Unicorn-59687.exe
1636	Unicorn-372.exe
2844	Unicorn-372.exe
1660	Unicorn-60491.exe
1568	Unicorn-30279.exe
1564	Unicorn-30279.exe
1240	Unicorn-10413.exe
2052	Unicorn-10413.exe
1496	Unicorn-1963.exe
1524	Unicorn-47827.exe
1920	Unicorn-24029.exe
900	Unicorn-41626.exe
2140	Unicorn-48595.exe
1736	Unicorn-21533.exe
888	Unicorn-51937.exe
2292	Unicorn-6265.exe
1592	Unicorn-39322.exe
1700	Unicorn-34915.exe
2780	Unicorn-22493.exe

Loads dropped DLL 64 IoCs

Processes:

b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exeUnicorn-18133.exeUnicorn-53924.exeUnicorn-23520.exeWerFault.exeUnicorn-3548.exeUnicorn-56086.exeUnicorn-23414.exeWerFault.exeWerFault.exeUnicorn-26855.exeUnicorn-31192.exeUnicorn-51058.exeUnicorn-44836.exeUnicorn-4685.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe
2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe
2420	Unicorn-18133.exe
2420	Unicorn-18133.exe
2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe
2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe
2668	Unicorn-53924.exe
2668	Unicorn-53924.exe
2420	Unicorn-18133.exe
2420	Unicorn-18133.exe
1648	Unicorn-23520.exe
1648	Unicorn-23520.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
2552	WerFault.exe
2636	Unicorn-3548.exe
2636	Unicorn-3548.exe
2668	Unicorn-53924.exe
2624	Unicorn-56086.exe
2668	Unicorn-53924.exe
2876	Unicorn-23414.exe
2624	Unicorn-56086.exe
2876	Unicorn-23414.exe
1648	Unicorn-23520.exe
1648	Unicorn-23520.exe
2768	WerFault.exe
2768	WerFault.exe
2768	WerFault.exe
2768	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2508	WerFault.exe
2768	WerFault.exe
2508	WerFault.exe
2636	Unicorn-3548.exe
2636	Unicorn-3548.exe
2688	Unicorn-26855.exe
2688	Unicorn-26855.exe
2892	Unicorn-31192.exe
2892	Unicorn-31192.exe
3048	Unicorn-51058.exe
3048	Unicorn-51058.exe
2876	Unicorn-23414.exe
2876	Unicorn-23414.exe
2864	Unicorn-44836.exe
2864	Unicorn-44836.exe
2624	Unicorn-56086.exe
2300	Unicorn-4685.exe
2624	Unicorn-56086.exe
2300	Unicorn-4685.exe
1684	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe
1684	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1992	WerFault.exe
1140	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2552	2420	WerFault.exe	Unicorn-18133.exe
2768	2668	WerFault.exe	Unicorn-53924.exe
2508	1648	WerFault.exe	Unicorn-23520.exe
1684	2636	WerFault.exe	Unicorn-3548.exe
1992	2624	WerFault.exe	Unicorn-56086.exe
1140	2876	WerFault.exe	Unicorn-23414.exe
2240	2688	WerFault.exe	Unicorn-26855.exe
1976	2892	WerFault.exe	Unicorn-31192.exe
2000	3048	WerFault.exe	Unicorn-51058.exe
2628	2300	WerFault.exe	Unicorn-4685.exe
2736	2864	WerFault.exe	Unicorn-44836.exe
2064	1724	WerFault.exe	Unicorn-18467.exe
780	2084	WerFault.exe	Unicorn-20640.exe
928	1400	WerFault.exe	Unicorn-21181.exe
1484	2940	WerFault.exe	Unicorn-18912.exe
1392	1232	WerFault.exe	Unicorn-52161.exe
1748	1304	WerFault.exe	Unicorn-6489.exe
3068	2392	WerFault.exe	Unicorn-26184.exe
2068	2044	WerFault.exe	Unicorn-39182.exe
2104	1540	WerFault.exe	Unicorn-59240.exe
1532	1924	WerFault.exe	Unicorn-26760.exe
484	620	WerFault.exe	Unicorn-54834.exe
2340	2328	WerFault.exe	Unicorn-6744.exe
1756	2948	WerFault.exe	Unicorn-30734.exe
1944	616	WerFault.exe	Unicorn-26952.exe
2584	468	WerFault.exe	Unicorn-57590.exe
2812	1940	WerFault.exe	Unicorn-51560.exe
1732	2196	WerFault.exe	Unicorn-57590.exe
1192	548	WerFault.exe	Unicorn-53184.exe
1348	2428	WerFault.exe	Unicorn-53376.exe
3424	2612	WerFault.exe	Unicorn-22718.exe
3448	2672	WerFault.exe	Unicorn-16365.exe
3472	3060	WerFault.exe	Unicorn-27975.exe
3516	352	WerFault.exe	Unicorn-43268.exe
3636	2912	WerFault.exe	Unicorn-46750.exe
3664	2744	WerFault.exe	Unicorn-41165.exe
3672	2792	WerFault.exe	Unicorn-10979.exe
3748	2404	WerFault.exe	Unicorn-23594.exe
3800	1568	WerFault.exe	Unicorn-30279.exe
3832	2052	WerFault.exe	Unicorn-10413.exe
3848	3024	WerFault.exe	Unicorn-43460.exe
3856	1240	WerFault.exe	Unicorn-10413.exe
3908	1660	WerFault.exe	Unicorn-60491.exe
3932	1564	WerFault.exe	Unicorn-30279.exe
2344	2412	WerFault.exe	Unicorn-26439.exe
3108	1048	WerFault.exe	Unicorn-11171.exe
3120	2844	WerFault.exe	Unicorn-372.exe
3872	1496	WerFault.exe	Unicorn-1963.exe
4060	3004	WerFault.exe	Unicorn-6573.exe
3388	2140	WerFault.exe	Unicorn-48595.exe
3988	316	WerFault.exe	Unicorn-56843.exe
3136	1544	WerFault.exe	Unicorn-59581.exe
3332	1636	WerFault.exe	Unicorn-372.exe
3408	1628	WerFault.exe	Unicorn-35657.exe
3692	2820	WerFault.exe	Unicorn-32384.exe
4040	288	WerFault.exe	Unicorn-59687.exe
3556	1036	WerFault.exe	Unicorn-65336.exe
3656	1524	WerFault.exe	Unicorn-47827.exe
4080	1104	WerFault.exe	Unicorn-35159.exe
3256	2568	WerFault.exe	Unicorn-55009.exe
3348	2172	WerFault.exe	Unicorn-32576.exe
1624	3008	WerFault.exe	Unicorn-12710.exe
4120	1912	WerFault.exe	Unicorn-48611.exe
4112	872	WerFault.exe	Unicorn-55025.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exeUnicorn-18133.exeUnicorn-23520.exeUnicorn-53924.exeUnicorn-3548.exeUnicorn-56086.exeUnicorn-23414.exeUnicorn-26855.exeUnicorn-31192.exeUnicorn-51058.exeUnicorn-44836.exeUnicorn-4685.exeUnicorn-20640.exeUnicorn-40506.exeUnicorn-18467.exeUnicorn-21181.exeUnicorn-18912.exeUnicorn-52483.exeUnicorn-52161.exeUnicorn-6489.exeUnicorn-26184.exeUnicorn-39182.exeUnicorn-59240.exeUnicorn-54834.exeUnicorn-26760.exeUnicorn-26952.exeUnicorn-30734.exeUnicorn-6744.exeUnicorn-57590.exeUnicorn-57590.exeUnicorn-53184.exeUnicorn-51560.exeUnicorn-53376.exeUnicorn-22718.exeUnicorn-16365.exeUnicorn-46750.exeUnicorn-27975.exeUnicorn-41165.exeUnicorn-43268.exeUnicorn-43460.exeUnicorn-23594.exeUnicorn-10979.exeUnicorn-11171.exeUnicorn-6573.exeUnicorn-26439.exeUnicorn-56843.exeUnicorn-59687.exeUnicorn-372.exeUnicorn-372.exeUnicorn-30279.exeUnicorn-60491.exeUnicorn-10413.exeUnicorn-30279.exeUnicorn-10413.exeUnicorn-1963.exeUnicorn-47827.exeUnicorn-24029.exeUnicorn-41626.exeUnicorn-48595.exeUnicorn-6265.exeUnicorn-21533.exeUnicorn-51937.exeUnicorn-39322.exeUnicorn-34915.exe

pid	process
2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe
2420	Unicorn-18133.exe
1648	Unicorn-23520.exe
2668	Unicorn-53924.exe
2636	Unicorn-3548.exe
2624	Unicorn-56086.exe
2876	Unicorn-23414.exe
2688	Unicorn-26855.exe
2892	Unicorn-31192.exe
3048	Unicorn-51058.exe
2864	Unicorn-44836.exe
2300	Unicorn-4685.exe
2084	Unicorn-20640.exe
552	Unicorn-40506.exe
1724	Unicorn-18467.exe
1400	Unicorn-21181.exe
2940	Unicorn-18912.exe
536	Unicorn-52483.exe
1232	Unicorn-52161.exe
1304	Unicorn-6489.exe
2392	Unicorn-26184.exe
2044	Unicorn-39182.exe
1540	Unicorn-59240.exe
620	Unicorn-54834.exe
1924	Unicorn-26760.exe
616	Unicorn-26952.exe
2948	Unicorn-30734.exe
2328	Unicorn-6744.exe
468	Unicorn-57590.exe
2196	Unicorn-57590.exe
548	Unicorn-53184.exe
1940	Unicorn-51560.exe
2428	Unicorn-53376.exe
2612	Unicorn-22718.exe
2672	Unicorn-16365.exe
2912	Unicorn-46750.exe
3060	Unicorn-27975.exe
2744	Unicorn-41165.exe
352	Unicorn-43268.exe
3024	Unicorn-43460.exe
2404	Unicorn-23594.exe
2792	Unicorn-10979.exe
1048	Unicorn-11171.exe
3004	Unicorn-6573.exe
2412	Unicorn-26439.exe
316	Unicorn-56843.exe
288	Unicorn-59687.exe
1636	Unicorn-372.exe
2844	Unicorn-372.exe
1568	Unicorn-30279.exe
1660	Unicorn-60491.exe
1240	Unicorn-10413.exe
1564	Unicorn-30279.exe
2052	Unicorn-10413.exe
1496	Unicorn-1963.exe
1524	Unicorn-47827.exe
1920	Unicorn-24029.exe
900	Unicorn-41626.exe
2140	Unicorn-48595.exe
2292	Unicorn-6265.exe
1736	Unicorn-21533.exe
888	Unicorn-51937.exe
1592	Unicorn-39322.exe
1700	Unicorn-34915.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exeUnicorn-18133.exeUnicorn-53924.exeUnicorn-23520.exeUnicorn-3548.exeUnicorn-56086.exeUnicorn-23414.exeUnicorn-26855.exe

description	pid	process	target process
PID 2228 wrote to memory of 2420	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-18133.exe
PID 2228 wrote to memory of 2420	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-18133.exe
PID 2228 wrote to memory of 2420	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-18133.exe
PID 2228 wrote to memory of 2420	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-18133.exe
PID 2420 wrote to memory of 1648	2420	Unicorn-18133.exe	Unicorn-23520.exe
PID 2420 wrote to memory of 1648	2420	Unicorn-18133.exe	Unicorn-23520.exe
PID 2420 wrote to memory of 1648	2420	Unicorn-18133.exe	Unicorn-23520.exe
PID 2420 wrote to memory of 1648	2420	Unicorn-18133.exe	Unicorn-23520.exe
PID 2228 wrote to memory of 2668	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-53924.exe
PID 2228 wrote to memory of 2668	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-53924.exe
PID 2228 wrote to memory of 2668	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-53924.exe
PID 2228 wrote to memory of 2668	2228	b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe	Unicorn-53924.exe
PID 2668 wrote to memory of 2624	2668	Unicorn-53924.exe	Unicorn-56086.exe
PID 2668 wrote to memory of 2624	2668	Unicorn-53924.exe	Unicorn-56086.exe
PID 2668 wrote to memory of 2624	2668	Unicorn-53924.exe	Unicorn-56086.exe
PID 2668 wrote to memory of 2624	2668	Unicorn-53924.exe	Unicorn-56086.exe
PID 2420 wrote to memory of 2636	2420	Unicorn-18133.exe	Unicorn-3548.exe
PID 2420 wrote to memory of 2636	2420	Unicorn-18133.exe	Unicorn-3548.exe
PID 2420 wrote to memory of 2636	2420	Unicorn-18133.exe	Unicorn-3548.exe
PID 2420 wrote to memory of 2636	2420	Unicorn-18133.exe	Unicorn-3548.exe
PID 1648 wrote to memory of 2876	1648	Unicorn-23520.exe	Unicorn-23414.exe
PID 1648 wrote to memory of 2876	1648	Unicorn-23520.exe	Unicorn-23414.exe
PID 1648 wrote to memory of 2876	1648	Unicorn-23520.exe	Unicorn-23414.exe
PID 1648 wrote to memory of 2876	1648	Unicorn-23520.exe	Unicorn-23414.exe
PID 2420 wrote to memory of 2552	2420	Unicorn-18133.exe	WerFault.exe
PID 2420 wrote to memory of 2552	2420	Unicorn-18133.exe	WerFault.exe
PID 2420 wrote to memory of 2552	2420	Unicorn-18133.exe	WerFault.exe
PID 2420 wrote to memory of 2552	2420	Unicorn-18133.exe	WerFault.exe
PID 2636 wrote to memory of 2688	2636	Unicorn-3548.exe	Unicorn-26855.exe
PID 2636 wrote to memory of 2688	2636	Unicorn-3548.exe	Unicorn-26855.exe
PID 2636 wrote to memory of 2688	2636	Unicorn-3548.exe	Unicorn-26855.exe
PID 2636 wrote to memory of 2688	2636	Unicorn-3548.exe	Unicorn-26855.exe
PID 2668 wrote to memory of 2892	2668	Unicorn-53924.exe	Unicorn-31192.exe
PID 2668 wrote to memory of 2892	2668	Unicorn-53924.exe	Unicorn-31192.exe
PID 2668 wrote to memory of 2892	2668	Unicorn-53924.exe	Unicorn-31192.exe
PID 2668 wrote to memory of 2892	2668	Unicorn-53924.exe	Unicorn-31192.exe
PID 2624 wrote to memory of 2864	2624	Unicorn-56086.exe	Unicorn-44836.exe
PID 2624 wrote to memory of 2864	2624	Unicorn-56086.exe	Unicorn-44836.exe
PID 2624 wrote to memory of 2864	2624	Unicorn-56086.exe	Unicorn-44836.exe
PID 2624 wrote to memory of 2864	2624	Unicorn-56086.exe	Unicorn-44836.exe
PID 2876 wrote to memory of 3048	2876	Unicorn-23414.exe	Unicorn-51058.exe
PID 2876 wrote to memory of 3048	2876	Unicorn-23414.exe	Unicorn-51058.exe
PID 2876 wrote to memory of 3048	2876	Unicorn-23414.exe	Unicorn-51058.exe
PID 2876 wrote to memory of 3048	2876	Unicorn-23414.exe	Unicorn-51058.exe
PID 1648 wrote to memory of 2300	1648	Unicorn-23520.exe	Unicorn-4685.exe
PID 1648 wrote to memory of 2300	1648	Unicorn-23520.exe	Unicorn-4685.exe
PID 1648 wrote to memory of 2300	1648	Unicorn-23520.exe	Unicorn-4685.exe
PID 1648 wrote to memory of 2300	1648	Unicorn-23520.exe	Unicorn-4685.exe
PID 2668 wrote to memory of 2768	2668	Unicorn-53924.exe	WerFault.exe
PID 2668 wrote to memory of 2768	2668	Unicorn-53924.exe	WerFault.exe
PID 2668 wrote to memory of 2768	2668	Unicorn-53924.exe	WerFault.exe
PID 2668 wrote to memory of 2768	2668	Unicorn-53924.exe	WerFault.exe
PID 1648 wrote to memory of 2508	1648	Unicorn-23520.exe	WerFault.exe
PID 1648 wrote to memory of 2508	1648	Unicorn-23520.exe	WerFault.exe
PID 1648 wrote to memory of 2508	1648	Unicorn-23520.exe	WerFault.exe
PID 1648 wrote to memory of 2508	1648	Unicorn-23520.exe	WerFault.exe
PID 2636 wrote to memory of 2084	2636	Unicorn-3548.exe	Unicorn-20640.exe
PID 2636 wrote to memory of 2084	2636	Unicorn-3548.exe	Unicorn-20640.exe
PID 2636 wrote to memory of 2084	2636	Unicorn-3548.exe	Unicorn-20640.exe
PID 2636 wrote to memory of 2084	2636	Unicorn-3548.exe	Unicorn-20640.exe
PID 2688 wrote to memory of 552	2688	Unicorn-26855.exe	Unicorn-40506.exe
PID 2688 wrote to memory of 552	2688	Unicorn-26855.exe	Unicorn-40506.exe
PID 2688 wrote to memory of 552	2688	Unicorn-26855.exe	Unicorn-40506.exe
PID 2688 wrote to memory of 552	2688	Unicorn-26855.exe	Unicorn-40506.exe

C:\Users\Admin\AppData\Local\Temp\b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe
"C:\Users\Admin\AppData\Local\Temp\b39973045e9973267b96a333bd0f7ca2be836504f4932722bd03c5a6260ae06b.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21181.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26952.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26439.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
9⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20636.exe
10⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24791.exe
11⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7195.exe
12⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
13⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
14⤵
PID:12280

C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43081.exe
15⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
14⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 220
13⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 216
12⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 216
11⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
10⤵
- Program crash
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55508.exe
9⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8781.exe
10⤵
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17409.exe
11⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59880.exe
12⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12462.exe
13⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 236
13⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 216
12⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4372 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
10⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
9⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
8⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
9⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15026.exe
11⤵
PID:6552

C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49999.exe
12⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4571.exe
13⤵
PID:11528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 216
13⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6552 -s 216
12⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
10⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
9⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
8⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56843.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41549.exe
9⤵
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27095.exe
10⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25100.exe
11⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36941.exe
12⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12214.exe
13⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
13⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 216
12⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
11⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 236
10⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 236
9⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
8⤵
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-17879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17879.exe
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21005.exe
10⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40928.exe
11⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30731.exe
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 220
12⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6816 -s 216
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
10⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 216
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 240
8⤵
- Program crash
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
7⤵
- Program crash
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30734.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11171.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
8⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10028.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25367.exe
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29926.exe
11⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65415.exe
12⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37495.exe
13⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
13⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 236
12⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 220
11⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46947.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24237.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52996.exe
11⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50805.exe
12⤵
PID:13764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
12⤵
PID:13980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 236
10⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
8⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46535.exe
7⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26858.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48866.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15902.exe
11⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10637.exe
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 220
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:9612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 236
9⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 236
8⤵
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
7⤵
- Program crash
PID:1756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
6⤵
- Program crash
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18912.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10979.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59581.exe
8⤵
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4309.exe
9⤵
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14219.exe
10⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47758.exe
11⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33037.exe
12⤵
PID:8760

C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
13⤵
PID:12120

C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
14⤵
PID:13780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8760 -s 216
13⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 220
12⤵
PID:9684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
11⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 216
10⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 236
9⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65440.exe
8⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4427.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11611.exe
10⤵
PID:6172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34327.exe
12⤵
PID:11588

C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32422.exe
13⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
12⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6172 -s 216
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 220
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35657.exe
7⤵
PID:1628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
8⤵
- Program crash
PID:3408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
7⤵
- Program crash
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6573.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21777.exe
7⤵
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-883.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37522.exe
10⤵
PID:6528

C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
11⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11472.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
12⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6528 -s 216
11⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 236
8⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
7⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10099.exe
8⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64606.exe
9⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49719.exe
10⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1463.exe
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 216
11⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 220
10⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 220
9⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
8⤵
PID:5420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
7⤵
- Program crash
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
6⤵
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:468

C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59687.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15362.exe
8⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
9⤵
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
10⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21669.exe
11⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
12⤵
PID:8704

C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
13⤵
PID:11860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8704 -s 220
13⤵
PID:13188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 220
12⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
11⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 216
10⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 216
9⤵
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55700.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
9⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15821.exe
10⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18313.exe
11⤵
PID:8940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22335.exe
12⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8940 -s 216
12⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6644 -s 216
11⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 220
10⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
8⤵
- Program crash
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13286.exe
7⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16749.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29155.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12589.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
11⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12590.exe
12⤵
PID:11912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16869.exe
13⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 216
12⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 220
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
9⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 468 -s 240
7⤵
- Program crash
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60491.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19473.exe
7⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60412.exe
8⤵
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2076.exe
9⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1227.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29415.exe
11⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20544.exe
12⤵
PID:11276

C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
13⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
10⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 236
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48708.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17006.exe
9⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57837.exe
10⤵
PID:8880

C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
11⤵
PID:12172

C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
12⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8880 -s 216
11⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 220
10⤵
PID:10196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
9⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 240
8⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56198.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43130.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45454.exe
9⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56179.exe
10⤵
PID:9004

C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38588.exe
11⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9004 -s 216
11⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 220
10⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
9⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
8⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
7⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 220
6⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53184.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
7⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30428.exe
8⤵
PID:972

C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3903.exe
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-39204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39204.exe
10⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44125.exe
11⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-669.exe
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
12⤵
PID:6712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 220
11⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 972 -s 216
9⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10754.exe
7⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57603.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42696.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-10307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10307.exe
10⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28844.exe
11⤵
PID:11976

C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38042.exe
12⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
11⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 236
9⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 216
8⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 220
7⤵
- Program crash
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65336.exe
6⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10526.exe
7⤵
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52265.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
10⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25573.exe
11⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 204
11⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 220
10⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
9⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 216
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24224.exe
7⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47706.exe
8⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28403.exe
9⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48774.exe
10⤵
PID:12232

C:\Users\Admin\AppData\Local\Temp\Unicorn-13314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13314.exe
11⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 216
10⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
9⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
8⤵
PID:6912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 240
7⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
6⤵
- Program crash
PID:1192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
5⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26184.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22718.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1963.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63650.exe
9⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
10⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35668.exe
11⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 220
12⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 216
11⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
10⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29750.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9907.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41327.exe
11⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55498.exe
12⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13174.exe
13⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
13⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
12⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
11⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
10⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 240
9⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24433.exe
8⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44334.exe
10⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45167.exe
11⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64839.exe
12⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52762.exe
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
13⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
12⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47899.exe
9⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63044.exe
10⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11862.exe
11⤵
PID:9528

C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
12⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9528 -s 216
12⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
10⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 240
9⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
8⤵
- Program crash
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47827.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44491.exe
8⤵
PID:2520

C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38433.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32894.exe
11⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
12⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47483.exe
13⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 220
13⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 220
12⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
11⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
10⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38749.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12712.exe
10⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14761.exe
11⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
12⤵
PID:13380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
12⤵
PID:13812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
11⤵
PID:1692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:8364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2520 -s 220
9⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33416.exe
9⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62188.exe
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 220
11⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4560 -s 216
10⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 236
9⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
8⤵
- Program crash
PID:3656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
7⤵
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16365.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24029.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65352.exe
8⤵
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 220
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24530.exe
8⤵
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15968.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19306.exe
10⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56742.exe
11⤵
PID:12060

C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57034.exe
12⤵
PID:14152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 216
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 216
9⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 220
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
7⤵
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46726.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52675.exe
9⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
10⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63979.exe
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 220
11⤵
PID:13180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 220
10⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 236
8⤵
PID:4944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
7⤵
- Program crash
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46750.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41626.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64584.exe
8⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24754.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58546.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20930.exe
11⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34500.exe
12⤵
PID:11612

C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30436.exe
13⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 236
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9377.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10362.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
10⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49793.exe
11⤵
PID:11640

C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13222.exe
12⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
9⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33727.exe
7⤵
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28143.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48204.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50198.exe
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8840 -s 196
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
7⤵
- Program crash
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48595.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32104.exe
7⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
8⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22792.exe
8⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20429.exe
9⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54633.exe
10⤵
PID:9256

C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25485.exe
11⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9256 -s 216
11⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
10⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
9⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 236
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
6⤵
- Program crash
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
5⤵
- Program crash
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26760.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43268.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
8⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14437.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30415.exe
10⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
11⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31402.exe
12⤵
PID:11552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6429.exe
13⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 236
12⤵
PID:11660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 216
11⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
10⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
9⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25324.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29699.exe
9⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
10⤵
PID:8444

C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41800.exe
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8444 -s 220
11⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5848 -s 216
10⤵
PID:10332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
9⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
8⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-10702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10702.exe
7⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27183.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
9⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
10⤵
PID:8968

C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
11⤵
PID:11852

C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
12⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8968 -s 216
11⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
10⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
8⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 240
7⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34915.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52057.exe
7⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62927.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8188.exe
9⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4344.exe
10⤵
PID:8900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10068.exe
11⤵
PID:11884

C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
12⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8900 -s 216
11⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
10⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 236
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
8⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47748.exe
7⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23674.exe
8⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59775.exe
9⤵
PID:8484

C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40840.exe
10⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8484 -s 204
10⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
9⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 236
8⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 220
7⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 240
6⤵
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23594.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22493.exe
6⤵
- Executes dropped EXE
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22694.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49050.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55600.exe
10⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
11⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11824 -s 208
12⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
11⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
10⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 236
8⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7317.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62947.exe
8⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
9⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
10⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
10⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
9⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
7⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
6⤵
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30447.exe
7⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49216.exe
8⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52362.exe
9⤵
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57702.exe
10⤵
PID:12152

C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31991.exe
11⤵
PID:13784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 216
10⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
9⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
8⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
7⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
6⤵
- Program crash
PID:3748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
5⤵
- Program crash
PID:780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52483.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51560.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15554.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24554.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21989.exe
10⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23040.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
12⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
13⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
13⤵
PID:13728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 236
12⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 236
11⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 236
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4688.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65460.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44487.exe
10⤵
PID:7076

C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12630.exe
11⤵
PID:9572

C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9572 -s 216
12⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7076 -s 216
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 220
10⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
9⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
8⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13478.exe
7⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62745.exe
8⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10886.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10410.exe
10⤵
PID:8648

C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
11⤵
PID:11580

C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
12⤵
PID:14244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8648 -s 236
11⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
8⤵
PID:4688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
7⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13250.exe
7⤵
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22565.exe
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43402.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58447.exe
11⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
12⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 216
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 236
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48568.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51852.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63903.exe
10⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12320.exe
11⤵
PID:11740

C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13199.exe
12⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
11⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:10100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
8⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
7⤵
- Program crash
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53376.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30279.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-32384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32384.exe
7⤵
PID:2820

C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61398.exe
8⤵
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20634.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30659.exe
10⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35341.exe
11⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6856.exe
12⤵
PID:12132

C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
13⤵
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
12⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 220
11⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 236
9⤵
PID:4640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2820 -s 236
8⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41724.exe
7⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20332.exe
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52310.exe
10⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
11⤵
PID:11792

C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59769.exe
12⤵
PID:7132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
11⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
10⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 240
7⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12710.exe
6⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59146.exe
7⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9549.exe
8⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48851.exe
9⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2277.exe
10⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37628.exe
11⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
11⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
10⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
9⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
8⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
7⤵
- Program crash
PID:1624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
6⤵
- Program crash
PID:1348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
5⤵
- Program crash
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52161.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57590.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48611.exe
7⤵
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9260.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2367.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22489.exe
10⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20181.exe
11⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
12⤵
PID:11784

C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
13⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
11⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 236
9⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 216
8⤵
- Program crash
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22451.exe
7⤵
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59383.exe
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
9⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14103.exe
10⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32515.exe
10⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50747.exe
11⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 220
11⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 212
10⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
9⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 236
8⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
7⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35159.exe
6⤵
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17709.exe
7⤵
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25585.exe
8⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41736.exe
9⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25357.exe
10⤵
PID:8920

C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31177.exe
11⤵
PID:12180

C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62406.exe
12⤵
PID:13828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8920 -s 216
11⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 220
10⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 216
9⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 216
8⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 236
7⤵
- Program crash
PID:4080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
6⤵
- Program crash
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10413.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55025.exe
6⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
7⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25559.exe
8⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6531.exe
9⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18557.exe
10⤵
PID:9384

C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20545.exe
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9384 -s 220
11⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 220
10⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
9⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
8⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 216
7⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53204.exe
6⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4904.exe
7⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15531.exe
8⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62943.exe
9⤵
PID:8828

C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10016.exe
10⤵
PID:11704

C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49157.exe
11⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8828 -s 216
10⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
9⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
8⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 236
7⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
6⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
5⤵
- Program crash
PID:1392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59240.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27975.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21533.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51289.exe
8⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43436.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61987.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3000.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
12⤵
PID:11776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61305.exe
13⤵
PID:14312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
12⤵
PID:11684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:10124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 236
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-61619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61619.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61219.exe
9⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
10⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6228.exe
11⤵
PID:11816

C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64497.exe
12⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 216
11⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64480.exe
7⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16306.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61618.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19394.exe
10⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17505.exe
11⤵
PID:11668

C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39245.exe
12⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8744 -s 236
11⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
8⤵
PID:4852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
7⤵
- Program crash
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51937.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29608.exe
7⤵
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58319.exe
8⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17312.exe
9⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15465.exe
10⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33315.exe
11⤵
PID:12196

C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41067.exe
11⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 220
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
10⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 220
9⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 236
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
7⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52812.exe
8⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54614.exe
9⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29918.exe
10⤵
PID:11768

C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49183.exe
11⤵
PID:13404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
10⤵
PID:11600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
9⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
8⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 220
7⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
6⤵
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41165.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47563.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60451.exe
9⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60857.exe
10⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58610.exe
11⤵
PID:11940

C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65047.exe
12⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
11⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
10⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
9⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6549.exe
7⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57498.exe
8⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59897.exe
9⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
10⤵
PID:11840

C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39697.exe
11⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 216
10⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5748 -s 216
9⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
8⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
7⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9742.exe
6⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15013.exe
7⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61411.exe
8⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22136.exe
9⤵
PID:9124

C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54649.exe
10⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9124 -s 216
10⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
9⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
8⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
7⤵
PID:4856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
6⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
5⤵
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54834.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43460.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
6⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63816.exe
7⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37241.exe
9⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37970.exe
10⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26149.exe
11⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
11⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
10⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 236
8⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26834.exe
7⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
8⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5681.exe
9⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47726.exe
10⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
10⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
9⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
8⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 220
7⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
6⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44666.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62999.exe
8⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17770.exe
9⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6664.exe
10⤵
PID:12080

C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40491.exe
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 216
10⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 220
9⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
8⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
7⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
6⤵
- Program crash
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55009.exe
5⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11437.exe
6⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-7349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7349.exe
7⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19130.exe
8⤵
PID:6608

C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52670.exe
9⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53338.exe
10⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
10⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 236
9⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
8⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
7⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 216
6⤵
- Program crash
PID:3256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
5⤵
- Program crash
PID:484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
4⤵
- Program crash
PID:1976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2768

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-19517.exe
Filesize
184KB

MD5
651bfadb627be29243f313707a1de2ac

SHA1
44c71b85ea411eab1e9e4013eaa4edd485b2ba0a

SHA256
9c1ef24177a74d23bf9996fcb7ef657fd7a5869466e1e24994d5c79304023b29

SHA512
5f485269cac9cbb9efe8daaa4ca5c839b2220d94fc660b2dfb910c74344aef78db68c37b44ef066c282eb345f6d82af135cf02ef463010e508b068ccd8f1026c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24599.exe
Filesize
184KB

MD5
71f7dea2f83e46dd9f9fae0ce197e16e

SHA1
f0916d0a08d07fe4ceb44d856f4a266707ca227f

SHA256
8d22e49c6259a98caa740417963425b30dfb1a0b3028a02553555037ef0a062a

SHA512
a40cdfaaafb2cecc03ac61ad48f8b6a6ceea1efffe3e038fab2e0234431c07cd54aa8f053bbfe7f079bc58a1694cc40ae2ed1dbbcf4154d9ecf4756e60387ff9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40240.exe
Filesize
184KB

MD5
60365f9bf75f171d7549d76260309612

SHA1
2327877682130af041d9e32a1bca7a42dbf82f98

SHA256
f27addeb92c88dda5a64545a339ab402d5d6c79c20a665242ff5ef0be17c134d

SHA512
fdb53a9aec7c21bb240cb46eb4da3ec717e0856f5c0bf12d3fd2a559ac2744158b9b84819f33022a38c6606c783955efe82547ab288e56391095555a89bfbcd0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4685.exe
Filesize
184KB

MD5
de8ec07d1b3476128c892d38c2e1d70e

SHA1
3d090857a22c89de1872dcd68528dbd351ac0af0

SHA256
e58df21596969cb101321063e71f020bd0830dae3ba4ed50603cd293743918cb

SHA512
ff947a467a9025a7c5c64b1cb587af027ee4aa5897fe4a0f1dcfad6d7f00aff7c6c285fa627071787e26fcf8128e6b51c8ada8985302a2b52f6672351354ef98

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-51058.exe
Filesize
184KB

MD5
1522b2530871f36afd7c01ee10778cdf

SHA1
de3e56a54d44829d963611a69d15cf965e5a0f88

SHA256
ba534814f7dc02590a2e0ef4035e980c8eb025993993b319ab12767dc277b0d3

SHA512
ae78884e5b4926d82b33f84c70fbb5414b9f9bb03b604d45ad6feb71061376b675bfb4d34f9abe1d1265baf6f7881ec1f746790adf560d543f1be31f75c8be62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5633.exe
Filesize
184KB

MD5
f8d8a1f4503d0a224899949d7e7876f6

SHA1
33822c45a9a76add157ec90a90a508c735bdd0b7

SHA256
02da903c8345ddf30c8a789cff3a9d94729f5bc61e66479a4cae81778d30fc69

SHA512
dd8e0fdd9e907bb883e23830e839ab0bb197e2eff09ffd8f32c666df2a4a6dc2b23c29192f063fad4e7b81561f6cf2dc2069f3d1048bfe2705547f5e38736d86

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56842.exe
Filesize
184KB

MD5
901745069560233d9f49d991d313b8f3

SHA1
4e26e6ad6f152196727d6b4a91fabb9e1b028982

SHA256
e951e53bf8acbb74d0aa4ab5e122db13406db8ed559aebaa0cdd6f062b9cf85c

SHA512
75e65fd8eaf7555f64349627b7378db355de37ca49d3cee4ef2b7843beae416619503dc2c26dc1cc093cf041d330e69b6d603e075ac196f7f9e570f072adfc6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6265.exe
Filesize
184KB

MD5
c7fdfdf9911141701559543de80238c6

SHA1
bca3e50116240bb5924a7d03d4977069ca736281

SHA256
537ff7504562e3bb8cef2ecac0b577d27ed6d551fc2a2d239e3078ee6cc529d1

SHA512
b153766cfd55ad8145116034060582c40dd335d3e9f9f9600d4c54dbe4e63ec04a71b4ae148c6b3242db94d540e2d614b259382a8082aad46fb80aa9beca5bed

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6489.exe
Filesize
184KB

MD5
6035f52bb47580aad7b2f99630a06399

SHA1
fa96a1fea14756638f3d40dd2c484502cbf71d2d

SHA256
ef9f9c68cb8f4064e6daa3b54b048f55bf411bdb2fe3f185be7ca8f8a2d3bee8

SHA512
ec0fc5211d4f7b815b925ca89467ae311f6b21051177a8b2471e46b8fb68eee4f8bd4d6099d212166054087f3f4170ad3e239b23258704d128ff0fccaecf7e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6744.exe
Filesize
184KB

MD5
315ab77f2c73ee90f81c0c9f0bf1dc98

SHA1
26da9a39d073964d800712834c2bf4131bc6d1cc

SHA256
c7826235af4cacfc316cb98d9d642192d04c761f96490fcd37f7dd8614312126

SHA512
8a6f0c6a259be159d97a138a6dd30461872b7ef081e4e5ae6bab017cb20c2144154b2e5e09bc4c8b277ed316fd326d0157494d9ce727402016b35ea8cea53fb7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18133.exe
Filesize
184KB

MD5
ded5e2d5473cf3cbda2d09eafc8aa245

SHA1
2ffb10f7668aa9724735a75ed02f1acc0d348a97

SHA256
925d0a06fe39bbd502236a44f005a3a13fd764b00ed6e8122f1ae0032c50c1c2

SHA512
9223bc5a8dea29e12db6d253563569454da2e2744300e4c43c53e762c44e4cff37a48b702c2b9fd5b28c23bc56f8e05e921dadbc7af61431b1a4e9a903e98365

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18467.exe
Filesize
184KB

MD5
59fed9facf819518c7aa08ec139ce83a

SHA1
955969c34aef460e6e1279c76f0949783c55d14a

SHA256
de4702f1afc0efea8de5f9df1b317d67f7f9c46139eece4cfed834633f1d057a

SHA512
208c5951eac3e9bd386e4c5d5acf578685dd4d5fae8abf9f1a97676b362d2cd625543eeea095699f74b0487d1de07adf8d8ef7e4e6f330fdb6f19d3658134cf6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20640.exe
Filesize
184KB

MD5
721278ca42fae89a61155d40812f5962

SHA1
256605ecbb64f53b598157169ce273800e2487d0

SHA256
211ddf089d45c7ccdf0d0e6c7a1e8edaab20e3138eaa6987071d8a72f2831f70

SHA512
079b09a7bdae21299ffe8fe954a36f537072816097eec5615c354894166882e4ee78e9b585961c59baf3493532d994ffaea5881e786acd8cbf0819d8f644c414

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
Filesize
184KB

MD5
3507979d84dcf9c3fb741708ee641cef

SHA1
d69f2c6226449a0ff83cd79a813e6aac71c3fe30

SHA256
c4edefdd9d243257a5a777fb8387eb44d23a920aae7e737b1824f62c6180d33d

SHA512
654d5b4aca510d4d2d20008bd7316711299300ca4ff412799f0f7d8360021b5a5fe3a2db3584b0ddabf24a0a36df8a7a1a3f6c690cdc457931427aa3fcf63de6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23520.exe
Filesize
184KB

MD5
9147db8dbc990ab1760bac83c8f4a088

SHA1
cada3fc8744801792c93097196c372dcc6821466

SHA256
643a9d43b89290cdb365814482c5efa558beb2e9afa17415725b2beedc8800b6

SHA512
bc6a967bfdd4baad82b9c57dd71d52f32f050c1facaa5274199d99043c8be2df73ef3d5f5d954d19b65fcbe00015550eab332ad857ffc2bf3881233e7bba53fa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26855.exe
Filesize
184KB

MD5
d9c99e1bffaaf12b41d0d3b4d8e8d372

SHA1
7581bbc064e0a51d9cf5026d2ae888dfafcb3c52

SHA256
08352861eda2151e056918db946a3fa66423822a64ae3071345ed67913883f16

SHA512
86778f63a763270f0532d9874ee4abee1639fa45b7b05b44feba6fea73bdc2daec0dc54fa3bcdfe021ef744acf4a54f86a4755bcbf9312876fb73c287d5b2750

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31192.exe
Filesize
184KB

MD5
6aa26cd364da3358dc2515fa69a265b1

SHA1
a1fbe55a7ba67fa1869fc14d411bf2ec04e6e215

SHA256
e657ab758761cb0a82a14c60d52996cddee08a25e58f5ed7afcd86fadbb4bfc5

SHA512
3f15ee90d98f38e48e938aadb7a6e692599c104c3558b5e9db3219127cdbaa50139dadba76e4b6c18cf7b2aaee1c5d9825df1edb4ea1f87aee3f0e0ac4364976

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3548.exe
Filesize
184KB

MD5
c79872145f475ec28d3f9b45b06b6d0f

SHA1
9e9a2f096fc2ea415f11468ab03f086066498e19

SHA256
e932ebf5ef3428843cb26f7507d56f5f4c6254ff18c0b96b806bcda4002f7efc

SHA512
f6a26676a402581ab872bd151d195265311ae6c890bdf76c238a1d66ac87521b4ceaf0b7598b79a74b9d9e902e75ad41992cc1bb63cf974a1d7ba082c52a2f09

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40506.exe
Filesize
184KB

MD5
631d6341c5b02d80fe1f4036e4efc50b

SHA1
00bde21ef667c993758f949e7b266e09ffe66c63

SHA256
97c030cdedc14da849178ce6a389e31dc3a9794bdcaaf2b5095cb755c782ccfc

SHA512
33f8e792796ca3315f6dcb16bd32b58dce4585e05f8a23998c6280cd28fcdeb3259426d9675ca966636c6b88ede24f06fab1539c31eca701587d68ae35c12f5a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44836.exe
Filesize
184KB

MD5
dc55ea3d2ad57f356206aaea5917053f

SHA1
421e644f011d26c98b799a6236e836f22421b2b7

SHA256
1d0e8c9b56150039181ac2183c7b06d24d9f7b6ce49ab6c4f1bc2731f32e30fa

SHA512
ab0e8bf94d60d1ab8edd30989023e7e6497262ff0913cd970ebc1005f11f0fa57edfe0a497933a28c1a9d71ea87ce9e3cdba994852159dcc7d0962c0d61c8edf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53924.exe
Filesize
184KB

MD5
9efa19f1d20f851281f14a887828af62

SHA1
acf8527ef97c78a57b37fb38b7bed2d270ffe6bb

SHA256
72b568cf5cb2ef4c3171b4c68278aac8c0754d5407149ba2527be4abc333ef58

SHA512
96603288396cd009127d12cc58525e29e6fc826c886dd73508d831fbfbe9bad0f232cc7cc052c06ddbed61d93997e8d1908d24d86ee2f565fcee6596852b028f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56086.exe
Filesize
184KB

MD5
2e106921fdf7b05882abc47d13c32251

SHA1
5a18f604f0daf0999b41cfd55e3e706976f6c091

SHA256
f5ebc3581b43930779b37b76b0e684ceeff9b9eaac4ed1561f8b70e0d0d68bae

SHA512
bc5f7119cafec1063bdafa998c2d1b7f65ecfe5702f54324a2cc4cc4f43c4c2f46d919b54f8db06765fdadc5485248b119b34def49f0b8f219555884dd6de1b8

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads