b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
Size

184KB
MD5

979f0e54fa30d7d08e7f12d1eff7f483
SHA1

e564afe3535f4a2349a6806b2ac22c5b023d55fa
SHA256

b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0
SHA512

dd75a50b1ed45acd1573fefab611fa5ed6469f7f9ba8bc74faead6d76aafbf328ebdfb2272c89e9fd51536b01c09f25e49493ee1b97b9536731090a0de3cc900
SSDEEP

3072:+RduagoUXpatdpjYeIeLh4BEImYalslilHY9d5qlUVghlnVOahnT:+RmoB7pjfLOBEIkJjfhlnVOah

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-32055.exeUnicorn-46370.exeUnicorn-25435.exeUnicorn-24596.exeUnicorn-40932.exeUnicorn-54808.exeUnicorn-2914.exeUnicorn-16790.exeUnicorn-2722.exeUnicorn-32934.exeUnicorn-52800.exeUnicorn-14881.exeUnicorn-14497.exeUnicorn-10968.exeUnicorn-47170.exeUnicorn-14497.exeUnicorn-43640.exeUnicorn-63506.exeUnicorn-55665.exeUnicorn-35799.exeUnicorn-22033.exeUnicorn-20964.exeUnicorn-1098.exeUnicorn-54705.exeUnicorn-34839.exeUnicorn-61825.exeUnicorn-58296.exeUnicorn-12624.exeUnicorn-9095.exeUnicorn-28961.exeUnicorn-2191.exeUnicorn-16067.exeUnicorn-35933.exeUnicorn-4303.exeUnicorn-4303.exeUnicorn-774.exeUnicorn-52928.exeUnicorn-2466.exeUnicorn-52544.exeUnicorn-51475.exeUnicorn-47946.exeUnicorn-2274.exeUnicorn-18611.exeUnicorn-34947.exeUnicorn-15081.exeUnicorn-48823.exeUnicorn-3151.exeUnicorn-47754.exeUnicorn-59996.exeUnicorn-39061.exeUnicorn-9726.exeUnicorn-9726.exeUnicorn-6197.exeUnicorn-48943.exeUnicorn-61750.exeUnicorn-16079.exeUnicorn-32415.exeUnicorn-11480.exeUnicorn-44153.exeUnicorn-64018.exeUnicorn-14625.exeUnicorn-14241.exeUnicorn-13400.exeUnicorn-64869.exe

pid	process
2020	Unicorn-32055.exe
2540	Unicorn-46370.exe
2596	Unicorn-25435.exe
2732	Unicorn-24596.exe
2728	Unicorn-40932.exe
2460	Unicorn-54808.exe
2436	Unicorn-2914.exe
2760	Unicorn-16790.exe
1996	Unicorn-2722.exe
1972	Unicorn-32934.exe
2340	Unicorn-52800.exe
2628	Unicorn-14881.exe
632	Unicorn-14497.exe
1768	Unicorn-10968.exe
2428	Unicorn-47170.exe
1516	Unicorn-14497.exe
1252	Unicorn-43640.exe
2632	Unicorn-63506.exe
2420	Unicorn-55665.exe
896	Unicorn-35799.exe
1808	Unicorn-22033.exe
1528	Unicorn-20964.exe
1272	Unicorn-1098.exe
1836	Unicorn-54705.exe
1724	Unicorn-34839.exe
2824	Unicorn-61825.exe
1800	Unicorn-58296.exe
2036	Unicorn-12624.exe
2240	Unicorn-9095.exe
2124	Unicorn-28961.exe
2388	Unicorn-2191.exe
2724	Unicorn-16067.exe
320	Unicorn-35933.exe
2608	Unicorn-4303.exe
2712	Unicorn-4303.exe
2792	Unicorn-774.exe
2512	Unicorn-52928.exe
2696	Unicorn-2466.exe
2364	Unicorn-52544.exe
1960	Unicorn-51475.exe
2772	Unicorn-47946.exe
2536	Unicorn-2274.exe
384	Unicorn-18611.exe
1968	Unicorn-34947.exe
1296	Unicorn-15081.exe
2032	Unicorn-48823.exe
1576	Unicorn-3151.exe
1532	Unicorn-47754.exe
2816	Unicorn-59996.exe
700	Unicorn-39061.exe
1496	Unicorn-9726.exe
2068	Unicorn-9726.exe
708	Unicorn-6197.exe
780	Unicorn-48943.exe
3036	Unicorn-61750.exe
2988	Unicorn-16079.exe
2192	Unicorn-32415.exe
2292	Unicorn-11480.exe
1740	Unicorn-44153.exe
292	Unicorn-64018.exe
2976	Unicorn-14625.exe
1868	Unicorn-14241.exe
2764	Unicorn-13400.exe
2616	Unicorn-64869.exe

Loads dropped DLL 64 IoCs

Processes:

b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exeUnicorn-32055.exeUnicorn-25435.exeUnicorn-46370.exeWerFault.exeUnicorn-40932.exeUnicorn-54808.exeUnicorn-24596.exeWerFault.exeUnicorn-16790.exeUnicorn-2914.exeUnicorn-32934.exeUnicorn-52800.exeUnicorn-2722.exeWerFault.exeWerFault.exeWerFault.exeUnicorn-14881.exe

pid	process
2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
2020	Unicorn-32055.exe
2020	Unicorn-32055.exe
2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
2596	Unicorn-25435.exe
2596	Unicorn-25435.exe
2540	Unicorn-46370.exe
2540	Unicorn-46370.exe
2020	Unicorn-32055.exe
2020	Unicorn-32055.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2728	Unicorn-40932.exe
2728	Unicorn-40932.exe
2540	Unicorn-46370.exe
2540	Unicorn-46370.exe
2460	Unicorn-54808.exe
2460	Unicorn-54808.exe
2596	Unicorn-25435.exe
2596	Unicorn-25435.exe
2732	Unicorn-24596.exe
2732	Unicorn-24596.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
1300	WerFault.exe
2760	Unicorn-16790.exe
2760	Unicorn-16790.exe
2436	Unicorn-2914.exe
1972	Unicorn-32934.exe
2436	Unicorn-2914.exe
2728	Unicorn-40932.exe
2728	Unicorn-40932.exe
2340	Unicorn-52800.exe
2340	Unicorn-52800.exe
1972	Unicorn-32934.exe
1996	Unicorn-2722.exe
2732	Unicorn-24596.exe
1996	Unicorn-2722.exe
2732	Unicorn-24596.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1028	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
1484	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
3020	WerFault.exe
2760	Unicorn-16790.exe
2628	Unicorn-14881.exe
2628	Unicorn-14881.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2604	2112	WerFault.exe	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
2500	2020	WerFault.exe	Unicorn-32055.exe
1300	2596	WerFault.exe	Unicorn-25435.exe
1028	2728	WerFault.exe	Unicorn-40932.exe
1484	2460	WerFault.exe	Unicorn-54808.exe
3020	2732	WerFault.exe	Unicorn-24596.exe
2848	2760	WerFault.exe	Unicorn-16790.exe
1572	2436	WerFault.exe	Unicorn-2914.exe
2024	1972	WerFault.exe	Unicorn-32934.exe
1708	2340	WerFault.exe	Unicorn-52800.exe
2672	1996	WerFault.exe	Unicorn-2722.exe
1672	1724	WerFault.exe	Unicorn-34839.exe
1916	2628	WerFault.exe	Unicorn-14881.exe
268	2428	WerFault.exe	Unicorn-47170.exe
1248	632	WerFault.exe	Unicorn-14497.exe
1132	1768	WerFault.exe	Unicorn-10968.exe
1160	2632	WerFault.exe	Unicorn-63506.exe
2204	1252	WerFault.exe	Unicorn-43640.exe
1148	1516	WerFault.exe	Unicorn-14497.exe
3016	2696	WerFault.exe	Unicorn-2466.exe
2360	2420	WerFault.exe	Unicorn-55665.exe
1728	896	WerFault.exe	Unicorn-35799.exe
868	1528	WerFault.exe	Unicorn-20964.exe
2168	1808	WerFault.exe	Unicorn-22033.exe
2656	1272	WerFault.exe	Unicorn-1098.exe
2560	1836	WerFault.exe	Unicorn-54705.exe
2496	2824	WerFault.exe	Unicorn-61825.exe
2520	1800	WerFault.exe	Unicorn-58296.exe
2600	2240	WerFault.exe	Unicorn-9095.exe
1796	2124	WerFault.exe	Unicorn-28961.exe
2640	2036	WerFault.exe	Unicorn-12624.exe
2684	2976	WerFault.exe	Unicorn-14625.exe
2412	2388	WerFault.exe	Unicorn-2191.exe
564	320	WerFault.exe	Unicorn-35933.exe
2220	2724	WerFault.exe	Unicorn-16067.exe
3124	2712	WerFault.exe	Unicorn-4303.exe
3172	2792	WerFault.exe	Unicorn-774.exe
3224	2512	WerFault.exe	Unicorn-52928.exe
3276	2364	WerFault.exe	Unicorn-52544.exe
3292	2608	WerFault.exe	Unicorn-4303.exe
3380	1960	WerFault.exe	Unicorn-51475.exe
3444	2536	WerFault.exe	Unicorn-2274.exe
3496	1576	WerFault.exe	Unicorn-3151.exe
3524	1968	WerFault.exe	Unicorn-34947.exe
3532	2772	WerFault.exe	Unicorn-47946.exe
3560	2032	WerFault.exe	Unicorn-48823.exe
3600	1296	WerFault.exe	Unicorn-15081.exe
3592	384	WerFault.exe	Unicorn-18611.exe
3584	1532	WerFault.exe	Unicorn-47754.exe
3556	2816	WerFault.exe	Unicorn-59996.exe
4068	1496	WerFault.exe	Unicorn-9726.exe
4012	2292	WerFault.exe	Unicorn-11480.exe
3352	1868	WerFault.exe	Unicorn-14241.exe
3868	2540	WerFault.exe	Unicorn-61833.exe
3800	700	WerFault.exe	Unicorn-39061.exe
3792	292	WerFault.exe	Unicorn-64018.exe
3804	2764	WerFault.exe	Unicorn-13400.exe
4500	2192	WerFault.exe	Unicorn-32415.exe
4516	708	WerFault.exe	Unicorn-6197.exe
4524	2228	WerFault.exe	Unicorn-58097.exe
4548	1936	WerFault.exe	Unicorn-57905.exe
4620	1524	WerFault.exe	Unicorn-8704.exe
4640	1944	WerFault.exe	Unicorn-41102.exe
4680	1264	WerFault.exe	Unicorn-8320.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exeUnicorn-32055.exeUnicorn-46370.exeUnicorn-25435.exeUnicorn-40932.exeUnicorn-24596.exeUnicorn-54808.exeUnicorn-2914.exeUnicorn-16790.exeUnicorn-2722.exeUnicorn-32934.exeUnicorn-52800.exeUnicorn-14881.exeUnicorn-14497.exeUnicorn-10968.exeUnicorn-47170.exeUnicorn-43640.exeUnicorn-14497.exeUnicorn-63506.exeUnicorn-55665.exeUnicorn-35799.exeUnicorn-22033.exeUnicorn-20964.exeUnicorn-1098.exeUnicorn-34839.exeUnicorn-61825.exeUnicorn-58296.exeUnicorn-54705.exeUnicorn-12624.exeUnicorn-28961.exeUnicorn-9095.exeUnicorn-2191.exeUnicorn-35933.exeUnicorn-16067.exeUnicorn-4303.exeUnicorn-4303.exeUnicorn-774.exeUnicorn-52928.exeUnicorn-2466.exeUnicorn-52544.exeUnicorn-51475.exeUnicorn-47946.exeUnicorn-2274.exeUnicorn-48823.exeUnicorn-18611.exeUnicorn-34947.exeUnicorn-15081.exeUnicorn-3151.exeUnicorn-47754.exeUnicorn-59996.exeUnicorn-39061.exeUnicorn-9726.exeUnicorn-9726.exeUnicorn-6197.exeUnicorn-48943.exeUnicorn-16079.exeUnicorn-61750.exeUnicorn-32415.exeUnicorn-11480.exeUnicorn-64018.exeUnicorn-44153.exeUnicorn-14625.exeUnicorn-14241.exeUnicorn-13400.exe

pid	process
2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
2020	Unicorn-32055.exe
2540	Unicorn-46370.exe
2596	Unicorn-25435.exe
2728	Unicorn-40932.exe
2732	Unicorn-24596.exe
2460	Unicorn-54808.exe
2436	Unicorn-2914.exe
2760	Unicorn-16790.exe
1996	Unicorn-2722.exe
1972	Unicorn-32934.exe
2340	Unicorn-52800.exe
2628	Unicorn-14881.exe
632	Unicorn-14497.exe
1768	Unicorn-10968.exe
2428	Unicorn-47170.exe
1252	Unicorn-43640.exe
1516	Unicorn-14497.exe
2632	Unicorn-63506.exe
2420	Unicorn-55665.exe
896	Unicorn-35799.exe
1808	Unicorn-22033.exe
1528	Unicorn-20964.exe
1272	Unicorn-1098.exe
1724	Unicorn-34839.exe
2824	Unicorn-61825.exe
1800	Unicorn-58296.exe
1836	Unicorn-54705.exe
2036	Unicorn-12624.exe
2124	Unicorn-28961.exe
2240	Unicorn-9095.exe
2388	Unicorn-2191.exe
320	Unicorn-35933.exe
2724	Unicorn-16067.exe
2712	Unicorn-4303.exe
2608	Unicorn-4303.exe
2792	Unicorn-774.exe
2512	Unicorn-52928.exe
2696	Unicorn-2466.exe
2364	Unicorn-52544.exe
1960	Unicorn-51475.exe
2772	Unicorn-47946.exe
2536	Unicorn-2274.exe
2032	Unicorn-48823.exe
384	Unicorn-18611.exe
1968	Unicorn-34947.exe
1296	Unicorn-15081.exe
1576	Unicorn-3151.exe
1532	Unicorn-47754.exe
2816	Unicorn-59996.exe
700	Unicorn-39061.exe
1496	Unicorn-9726.exe
2068	Unicorn-9726.exe
708	Unicorn-6197.exe
780	Unicorn-48943.exe
2988	Unicorn-16079.exe
3036	Unicorn-61750.exe
2192	Unicorn-32415.exe
2292	Unicorn-11480.exe
292	Unicorn-64018.exe
1740	Unicorn-44153.exe
2976	Unicorn-14625.exe
1868	Unicorn-14241.exe
2764	Unicorn-13400.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exeUnicorn-32055.exeUnicorn-25435.exeUnicorn-46370.exeUnicorn-40932.exeUnicorn-54808.exeUnicorn-24596.exeUnicorn-16790.exeUnicorn-2914.exe

description	pid	process	target process
PID 2112 wrote to memory of 2020	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-32055.exe
PID 2112 wrote to memory of 2020	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-32055.exe
PID 2112 wrote to memory of 2020	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-32055.exe
PID 2112 wrote to memory of 2020	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-32055.exe
PID 2020 wrote to memory of 2540	2020	Unicorn-32055.exe	Unicorn-46370.exe
PID 2020 wrote to memory of 2540	2020	Unicorn-32055.exe	Unicorn-46370.exe
PID 2020 wrote to memory of 2540	2020	Unicorn-32055.exe	Unicorn-46370.exe
PID 2020 wrote to memory of 2540	2020	Unicorn-32055.exe	Unicorn-46370.exe
PID 2112 wrote to memory of 2596	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-25435.exe
PID 2112 wrote to memory of 2596	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-25435.exe
PID 2112 wrote to memory of 2596	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-25435.exe
PID 2112 wrote to memory of 2596	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	Unicorn-25435.exe
PID 2112 wrote to memory of 2604	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	WerFault.exe
PID 2112 wrote to memory of 2604	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	WerFault.exe
PID 2112 wrote to memory of 2604	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	WerFault.exe
PID 2112 wrote to memory of 2604	2112	b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe	WerFault.exe
PID 2596 wrote to memory of 2732	2596	Unicorn-25435.exe	Unicorn-24596.exe
PID 2596 wrote to memory of 2732	2596	Unicorn-25435.exe	Unicorn-24596.exe
PID 2596 wrote to memory of 2732	2596	Unicorn-25435.exe	Unicorn-24596.exe
PID 2596 wrote to memory of 2732	2596	Unicorn-25435.exe	Unicorn-24596.exe
PID 2540 wrote to memory of 2728	2540	Unicorn-46370.exe	Unicorn-40932.exe
PID 2540 wrote to memory of 2728	2540	Unicorn-46370.exe	Unicorn-40932.exe
PID 2540 wrote to memory of 2728	2540	Unicorn-46370.exe	Unicorn-40932.exe
PID 2540 wrote to memory of 2728	2540	Unicorn-46370.exe	Unicorn-40932.exe
PID 2020 wrote to memory of 2460	2020	Unicorn-32055.exe	Unicorn-54808.exe
PID 2020 wrote to memory of 2460	2020	Unicorn-32055.exe	Unicorn-54808.exe
PID 2020 wrote to memory of 2460	2020	Unicorn-32055.exe	Unicorn-54808.exe
PID 2020 wrote to memory of 2460	2020	Unicorn-32055.exe	Unicorn-54808.exe
PID 2020 wrote to memory of 2500	2020	Unicorn-32055.exe	WerFault.exe
PID 2020 wrote to memory of 2500	2020	Unicorn-32055.exe	WerFault.exe
PID 2020 wrote to memory of 2500	2020	Unicorn-32055.exe	WerFault.exe
PID 2020 wrote to memory of 2500	2020	Unicorn-32055.exe	WerFault.exe
PID 2728 wrote to memory of 2436	2728	Unicorn-40932.exe	Unicorn-2914.exe
PID 2728 wrote to memory of 2436	2728	Unicorn-40932.exe	Unicorn-2914.exe
PID 2728 wrote to memory of 2436	2728	Unicorn-40932.exe	Unicorn-2914.exe
PID 2728 wrote to memory of 2436	2728	Unicorn-40932.exe	Unicorn-2914.exe
PID 2540 wrote to memory of 2760	2540	Unicorn-46370.exe	Unicorn-16790.exe
PID 2540 wrote to memory of 2760	2540	Unicorn-46370.exe	Unicorn-16790.exe
PID 2540 wrote to memory of 2760	2540	Unicorn-46370.exe	Unicorn-16790.exe
PID 2540 wrote to memory of 2760	2540	Unicorn-46370.exe	Unicorn-16790.exe
PID 2460 wrote to memory of 1996	2460	Unicorn-54808.exe	Unicorn-2722.exe
PID 2460 wrote to memory of 1996	2460	Unicorn-54808.exe	Unicorn-2722.exe
PID 2460 wrote to memory of 1996	2460	Unicorn-54808.exe	Unicorn-2722.exe
PID 2460 wrote to memory of 1996	2460	Unicorn-54808.exe	Unicorn-2722.exe
PID 2596 wrote to memory of 1972	2596	Unicorn-25435.exe	Unicorn-32934.exe
PID 2596 wrote to memory of 1972	2596	Unicorn-25435.exe	Unicorn-32934.exe
PID 2596 wrote to memory of 1972	2596	Unicorn-25435.exe	Unicorn-32934.exe
PID 2596 wrote to memory of 1972	2596	Unicorn-25435.exe	Unicorn-32934.exe
PID 2732 wrote to memory of 2340	2732	Unicorn-24596.exe	Unicorn-52800.exe
PID 2732 wrote to memory of 2340	2732	Unicorn-24596.exe	Unicorn-52800.exe
PID 2732 wrote to memory of 2340	2732	Unicorn-24596.exe	Unicorn-52800.exe
PID 2732 wrote to memory of 2340	2732	Unicorn-24596.exe	Unicorn-52800.exe
PID 2596 wrote to memory of 1300	2596	Unicorn-25435.exe	WerFault.exe
PID 2596 wrote to memory of 1300	2596	Unicorn-25435.exe	WerFault.exe
PID 2596 wrote to memory of 1300	2596	Unicorn-25435.exe	WerFault.exe
PID 2596 wrote to memory of 1300	2596	Unicorn-25435.exe	WerFault.exe
PID 2760 wrote to memory of 2628	2760	Unicorn-16790.exe	Unicorn-14881.exe
PID 2760 wrote to memory of 2628	2760	Unicorn-16790.exe	Unicorn-14881.exe
PID 2760 wrote to memory of 2628	2760	Unicorn-16790.exe	Unicorn-14881.exe
PID 2760 wrote to memory of 2628	2760	Unicorn-16790.exe	Unicorn-14881.exe
PID 2436 wrote to memory of 632	2436	Unicorn-2914.exe	Unicorn-14497.exe
PID 2436 wrote to memory of 632	2436	Unicorn-2914.exe	Unicorn-14497.exe
PID 2436 wrote to memory of 632	2436	Unicorn-2914.exe	Unicorn-14497.exe
PID 2436 wrote to memory of 632	2436	Unicorn-2914.exe	Unicorn-14497.exe

C:\Users\Admin\AppData\Local\Temp\b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe
"C:\Users\Admin\AppData\Local\Temp\b7e25124092374ad79f9c1a7b41c560c7cf31c95e1eb70dbec71fed2dcfed7b0.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20964.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48943.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8512.exe
10⤵
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21139.exe
11⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
12⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20520.exe
13⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23024.exe
14⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
15⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
15⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 220
14⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 236
13⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
12⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49614.exe
13⤵
PID:9620

C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-862.exe
14⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9620 -s 216
14⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
13⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 240
12⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 236
11⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33945.exe
10⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21127.exe
9⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22592.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33197.exe
11⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38540.exe
12⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
13⤵
PID:10516

C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54814.exe
14⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4816 -s 220
12⤵
PID:8940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 236
11⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 236
10⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
9⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61750.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29940.exe
9⤵
PID:1184

C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58601.exe
10⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4458.exe
11⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
12⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32167.exe
13⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 216
13⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 220
12⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
11⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 236
10⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5679.exe
9⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55112.exe
11⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30071.exe
12⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57586.exe
13⤵
PID:12512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 220
13⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
12⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:6380

C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17265.exe
10⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9832.exe
11⤵
PID:9604

C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59762.exe
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9604 -s 236
12⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 220
11⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 240
10⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 220
9⤵
PID:4928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 220
8⤵
- Program crash
PID:868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 236
7⤵
- Program crash
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34839.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2466.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14625.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14288.exe
9⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58793.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10675.exe
11⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17887.exe
12⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7655.exe
12⤵
PID:10152

C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
13⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10152 -s 216
13⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 240
12⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
11⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 236
10⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 216
9⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 236
8⤵
- Program crash
PID:3016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 236
7⤵
- Program crash
PID:1672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
6⤵
- Program crash
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54705.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1836

C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52544.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14241.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62036.exe
9⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
10⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11168.exe
11⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34596.exe
12⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27026.exe
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
13⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
12⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
11⤵
PID:7792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 216
10⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
9⤵
- Program crash
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25642.exe
8⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27849.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58852.exe
10⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51834.exe
11⤵
PID:11388

C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45105.exe
12⤵
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
11⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
9⤵
PID:5196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 240
8⤵
- Program crash
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13400.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45124.exe
8⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43993.exe
9⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
10⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
11⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
12⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
11⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 216
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39394.exe
8⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41396.exe
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
10⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7314.exe
11⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
11⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
9⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
8⤵
- Program crash
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1836 -s 240
7⤵
- Program crash
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47946.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
7⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
8⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7925.exe
10⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26312.exe
11⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3978.exe
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 216
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
8⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36180.exe
9⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56925.exe
10⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
10⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
9⤵
PID:8856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
8⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
7⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
9⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
10⤵
PID:11812

C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1340.exe
11⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
10⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 236
8⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
7⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
6⤵
- Program crash
PID:1132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1028

C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55665.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2191.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59996.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41102.exe
9⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20397.exe
10⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3204.exe
11⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16010.exe
12⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23918.exe
13⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17863.exe
14⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
14⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
13⤵
PID:9680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
12⤵
PID:6704

C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28432.exe
11⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9032.exe
12⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3467.exe
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 216
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
12⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 240
11⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
10⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-140.exe
11⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63268.exe
12⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56464.exe
13⤵
PID:10184

C:\Users\Admin\AppData\Local\Temp\Unicorn-41544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41544.exe
14⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10184 -s 216
14⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
13⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
12⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
11⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
10⤵
- Program crash
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33203.exe
9⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17896.exe
10⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
11⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28166.exe
12⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34007.exe
13⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 216
13⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
12⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
11⤵
PID:6816

C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61956.exe
10⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19861.exe
11⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14637.exe
12⤵
PID:9544

C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51919.exe
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9544 -s 216
13⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
12⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
11⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 240
10⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
9⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21044.exe
8⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2799.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18773.exe
10⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32346.exe
11⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59219.exe
12⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
13⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 236
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
12⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 236
11⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44577.exe
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
11⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14144.exe
12⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33471.exe
13⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
13⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
12⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 236
11⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 240
10⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30318.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14831.exe
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3140.exe
11⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
12⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33919.exe
13⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
13⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 216
12⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 236
11⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-270.exe
10⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13926.exe
11⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4555.exe
12⤵
PID:1544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5556 -s 220
11⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 240
10⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
9⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
8⤵
- Program crash
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39061.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:700

C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58097.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4719.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52021.exe
10⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-22829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22829.exe
11⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36389.exe
12⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24778.exe
13⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28163.exe
14⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
14⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
13⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
12⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48428.exe
11⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 220
12⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 240
11⤵
PID:6644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3430.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36363.exe
11⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32868.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52756.exe
13⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 236
13⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
12⤵
PID:10488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 236
11⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 240
10⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48300.exe
9⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15626.exe
10⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45872.exe
11⤵
PID:9204

C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35647.exe
12⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9204 -s 216
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
11⤵
PID:9780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 236
10⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 240
9⤵
- Program crash
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1190.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39393.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46046.exe
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
11⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 236
10⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
9⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 700 -s 240
8⤵
- Program crash
PID:3800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
7⤵
- Program crash
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
8⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43500.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13133.exe
10⤵
PID:7176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44273.exe
11⤵
PID:10828

C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12385.exe
12⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7176 -s 216
11⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
10⤵
PID:8572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-56275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56275.exe
9⤵
PID:6940

C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
10⤵
PID:10324

C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52630.exe
11⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6940 -s 216
10⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 216
9⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
8⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
7⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9208.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36709.exe
9⤵
PID:7160

C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31590.exe
10⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8514.exe
11⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7160 -s 216
10⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
9⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
8⤵
PID:4476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 240
7⤵
- Program crash
PID:2220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
6⤵
- Program crash
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35799.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35933.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9726.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57905.exe
8⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53536.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41972.exe
10⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
11⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10640.exe
12⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
11⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
9⤵
- Program crash
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
8⤵
- Program crash
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54376.exe
7⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54387.exe
8⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
9⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3607.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
11⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33236.exe
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
12⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 220
11⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 236
10⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47826.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
10⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53965.exe
11⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 236
11⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 220
10⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 240
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
8⤵
PID:5028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 240
7⤵
- Program crash
PID:564

C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6197.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8320.exe
7⤵
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5378.exe
8⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57.exe
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20771.exe
10⤵
PID:9104

C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2102.exe
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9104 -s 216
11⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
10⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
9⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 236
8⤵
- Program crash
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34521.exe
7⤵
PID:3816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 240
8⤵
PID:4100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 220
7⤵
- Program crash
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 240
6⤵
- Program crash
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
5⤵
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1996

C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63506.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61825.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2274.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15476.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
9⤵
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43609.exe
10⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
11⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17812.exe
12⤵
PID:10352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43444.exe
13⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 216
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
11⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 216
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41698.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23494.exe
10⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40427.exe
11⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23273.exe
12⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 216
11⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 220
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27946.exe
8⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44844.exe
9⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56825.exe
10⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10032.exe
11⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49474.exe
12⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
10⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 236
9⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
8⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45689.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47812.exe
8⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42732.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
10⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
11⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55945.exe
12⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41890.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59108.exe
9⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62982.exe
10⤵
PID:9884

C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
11⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9884 -s 216
11⤵
PID:6892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
10⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 220
8⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
7⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15081.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48834.exe
7⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13686.exe
8⤵
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42540.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12422.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58736.exe
11⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 216
9⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58035.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56934.exe
9⤵
PID:7068

C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31159.exe
10⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-595.exe
11⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7068 -s 216
10⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 240
8⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27562.exe
7⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58876.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
9⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60033.exe
10⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
10⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 216
8⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 220
7⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
6⤵
- Program crash
PID:1160

C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51475.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64869.exe
7⤵
- Executes dropped EXE
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29172.exe
8⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43116.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25118.exe
10⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
11⤵
PID:10008

C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25772.exe
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10008 -s 216
12⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57982.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47310.exe
10⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-286.exe
11⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 236
11⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
10⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
9⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
7⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
9⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
10⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
10⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 216
9⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 216
8⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 240
7⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29544.exe
6⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63956.exe
7⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
8⤵
PID:3924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 220
9⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 216
8⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
7⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2054.exe
8⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13245.exe
9⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 236
9⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 220
8⤵
PID:8904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
7⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
6⤵
- Program crash
PID:2520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1996 -s 240
5⤵
- Program crash
PID:2672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
4⤵
- Loads dropped DLL
- Program crash
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2020 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47170.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22033.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4303.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32415.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39924.exe
9⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53811.exe
10⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2903.exe
11⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28937.exe
12⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6346.exe
13⤵
PID:8304

C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17084.exe
14⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8304 -s 216
14⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
13⤵
PID:9472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 236
12⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 236
11⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4644.exe
10⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43969.exe
11⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60417.exe
12⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
12⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
11⤵
PID:8632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
10⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33753.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31085.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39678.exe
11⤵
PID:8416

C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65158.exe
12⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8416 -s 216
12⤵
PID:12424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
9⤵
- Program crash
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10074.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13899.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12038.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8056.exe
11⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 216
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
8⤵
- Program crash
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11480.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16073.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19240.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37131.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29952.exe
11⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
12⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 236
12⤵
PID:6932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 220
11⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
10⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
9⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 236
8⤵
- Program crash
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-774.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16079.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23780.exe
8⤵
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20755.exe
9⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31988.exe
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
11⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16150.exe
12⤵
PID:11912

C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30588.exe
13⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 220
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
11⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
10⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 236
9⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15964.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27977.exe
9⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4242.exe
10⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2917.exe
11⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 236
11⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
10⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36202.exe
7⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4885.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45055.exe
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53610.exe
10⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17208.exe
11⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 236
11⤵
PID:8532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
10⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
9⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
8⤵
PID:4952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:3172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
6⤵
- Program crash
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1098.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52928.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64018.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
8⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51699.exe
9⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15927.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20932.exe
11⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29601.exe
12⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 236
12⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
9⤵
- Program crash
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2041.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8832.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
10⤵
PID:7868

C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47177.exe
11⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7868 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 220
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:6488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
8⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21511.exe
7⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36344.exe
9⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5397.exe
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46636.exe
11⤵
PID:6576

C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10474.exe
12⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53480.exe
13⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6576 -s 236
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
11⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
10⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
9⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16286.exe
8⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3332.exe
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4082.exe
11⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30501.exe
12⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
12⤵
PID:8244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
11⤵
PID:10880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
10⤵
PID:6452

C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51116.exe
9⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
10⤵
PID:10100

C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40245.exe
11⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10100 -s 216
11⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 216
10⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 240
9⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
8⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 240
7⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44153.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34329.exe
7⤵
PID:3904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 220
8⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
7⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
6⤵
- Program crash
PID:2656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
5⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43640.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12624.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3151.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17.exe
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12451.exe
8⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40022.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39851.exe
11⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13465.exe
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 236
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 216
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25554.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41942.exe
9⤵
PID:6260

C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3779.exe
10⤵
PID:10404

C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
11⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
8⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25258.exe
7⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10936.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
9⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12752.exe
10⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
10⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
8⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
7⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
6⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30599.exe
7⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45036.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24454.exe
9⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9290.exe
10⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54440.exe
11⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
10⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
8⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41314.exe
7⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34919.exe
8⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27050.exe
9⤵
PID:11516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11856.exe
10⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 216
9⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
8⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
7⤵
PID:5644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 240
6⤵
- Program crash
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47754.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47765.exe
6⤵
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30215.exe
7⤵
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61564.exe
8⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13643.exe
9⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58145.exe
10⤵
PID:9424

C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25891.exe
11⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9424 -s 236
11⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 832 -s 216
8⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
7⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37603.exe
8⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36005.exe
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47502.exe
10⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50063.exe
11⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
11⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
10⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 236
9⤵
PID:6564

C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34587.exe
8⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36105.exe
9⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55045.exe
10⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 236
10⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
9⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 240
8⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2288 -s 220
7⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43021.exe
6⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61180.exe
7⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54965.exe
8⤵
PID:6188

C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
9⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15863.exe
10⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6188 -s 236
9⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
8⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
7⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 240
6⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
5⤵
- Program crash
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28961.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34947.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31621.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46743.exe
8⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26396.exe
9⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43099.exe
10⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45136.exe
11⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26059.exe
12⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 216
12⤵
PID:9072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
11⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
10⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 216
9⤵
PID:4584

C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9218.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14313.exe
9⤵
PID:6556

C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13231.exe
10⤵
PID:9556

C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31975.exe
11⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9556 -s 216
11⤵
PID:2944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6556 -s 220
10⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
9⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220
8⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10349.exe
7⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12363.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
9⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46110.exe
10⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-17082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17082.exe
11⤵
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 236
11⤵
PID:8644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
10⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 220
9⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 216
8⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
7⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61833.exe
6⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
7⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3479.exe
8⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23846.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64898.exe
10⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63560.exe
11⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 236
11⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
8⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
7⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
6⤵
- Program crash
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48823.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16162.exe
6⤵
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64340.exe
7⤵
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59535.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8200.exe
9⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9975.exe
10⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9490.exe
11⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 236
11⤵
PID:13012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
10⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 236
8⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7874.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16746.exe
8⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
9⤵
PID:11772

C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19405.exe
10⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 216
9⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 220
8⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2064 -s 220
7⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26877.exe
6⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45420.exe
7⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9715.exe
8⤵
PID:6324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
9⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47759.exe
10⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
10⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6324 -s 216
9⤵
PID:10604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
8⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 216
7⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
6⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
5⤵
- Program crash
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18611.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19674.exe
6⤵
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26505.exe
7⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41313.exe
8⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23419.exe
9⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
10⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
10⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
9⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
8⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38634.exe
7⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25651.exe
8⤵
PID:7388

C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22860.exe
9⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7388 -s 216
9⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
8⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
7⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
6⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
5⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
6⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29084.exe
7⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16734.exe
8⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21938.exe
9⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20175.exe
10⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
9⤵
PID:12160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
8⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 216
7⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41506.exe
6⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41449.exe
7⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8351.exe
8⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55987.exe
9⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
8⤵
PID:11968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
7⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
6⤵
PID:5652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
5⤵
- Program crash
PID:2600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
4⤵
- Program crash
PID:2024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
2⤵
- Program crash
PID:2604

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-38243.exe
Filesize
184KB

MD5
38e05a09a3f18f72eec58b6c39c5a890

SHA1
ce5c48869ebcd18c035b207841270a0e9feaf68c

SHA256
7778bbd16408f0196f48e9e91149d3ece31718d2d57d0ae8a6ddb7df2f09f832

SHA512
ad0cc27e2d00fb787b139960b95b9e88bc6b61ffe781370843deaafd7126e5d851b534ebd7d9baa67bebf1f2acc65c529c0fe5ecf132fffd3ded62b7c7227b62

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39285.exe
Filesize
184KB

MD5
168515213aedf3dbb2a0b58f59729f71

SHA1
70cd6068d8d11951e532d6927a190d58417ddd59

SHA256
26297626a81704f41e31011f2ca144f6ef4246f8d0d54356e18981b52fdc5bba

SHA512
c8754ace92530e785bff95297640f9e26903ae1950632855d3042e5f80513507d65ef6f717df56714bb2268910aca903072d79c50eec5d6480e6d38eccb2a414

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40463.exe
Filesize
184KB

MD5
54423e5e4ae7dff16da39fda17c00206

SHA1
050b532013e7871fb3896cc32ddf1868d28a05bb

SHA256
1b6cfa66b69e32db80a796a52120bd5c31963982b0ef6742e21c97220b16c72d

SHA512
bcf66a4ccefb4e804a47ffec11da85bee37bb39587b58cd9516df9fcde011e78db2ec7fcbda12c2ce85506020c71de39028c07a729c9d4716a142d117dc05ff7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40847.exe
Filesize
184KB

MD5
7cbf4621820755aff53cc19e65f4d9d6

SHA1
e3e9ee02961257dae78e22936fc127991e93a87c

SHA256
d78b8f8df5cb978ce7aedad97e524190f12cd10d1f35b4d75fedf335c202549b

SHA512
823ae4aa1e05e49cd0e9b399396c32c8212f00431110ae6d5a21af75a22c666b406eb71bb2eeaa5089f77d7ffdeb95d447a1d474739860d1956353886ae446d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40909.exe
Filesize
184KB

MD5
0c5b7c71efba66e6be66429a8df68091

SHA1
040ecccc53d047574717e571c12ba4ae759df706

SHA256
7eb28f66e56fff84490ee04f7204252d3306f1d460198fb0816fd30623cbc22c

SHA512
9334c308a98602ae373577f37ac4dfabab352cfe2a6b75859d114751dccc271bcef251d61ea909e2726f76691aae1912d76050cda6fafd35c26d2675e8062557

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40932.exe
Filesize
184KB

MD5
024c7c124ae2f7da71dce448561e5724

SHA1
c6009b14f701fa702374fa03db007a031b81687e

SHA256
1a1c5ac84b82b27d6053e8c16ff4f389ee98c81357198bbbe2d30832858186bc

SHA512
8168eb6721be2d6ef7f2015fb7c8cf4527a08b5ea457cdb2da9fb42620fd87693250fd45d1a0d30aa38c13f7b756c452aa44d89d8b97acf763d6086152653681

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5506.exe
Filesize
184KB

MD5
77fcc670b0fc1cbe859fdbeb2c6a5c9e

SHA1
8472ce8fc4cf9b2a2b39f2fcdeb057db3cafb312

SHA256
3dde02ade2bb4b1a4efbe9daa0a9fdb544cc2208f373a1923c37132b19a5b033

SHA512
fb03aae2673e6b966b49164bb4daab5185c2cdca1e068a9525e2e76926c2fc7fb62a1ca65281449ba5b59e4dedfff559fa3f1d629eef5dc72c6ae85fd74e5f04

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5724.exe
Filesize
184KB

MD5
93143c509f0b9405a36dd826baedef27

SHA1
66bccabfd7e9c8564648d3189eca6662b1c28205

SHA256
290124f9cf4e13f4cca8c0a8f7fee9813c6b5811895cb99915fc4350945d49cc

SHA512
3eb5ba511c86ed99d5d5e9d791348998722bdfe105b002cba39178c1d48b8b1b15224d7d8e10a4c3eba850646124386e436a85b0f94637f052423b0bb2588b64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7249.exe
Filesize
184KB

MD5
cd7dcb7040f19d8863020bb7e0f41cb9

SHA1
3a2c12e5be3d14679fd71a55724f44a53937644c

SHA256
b14bc7918e44f0c94f687808a868bd61bad3a53883c5a11d00cc91b257b4f123

SHA512
9335f3b418c500de52713f32b661308b585334d8f58cada1cd2c037cff41717ebb568b0b40e8a9b693e89362066685003e937b7aca46678ab0574f4b241ea231

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10968.exe
Filesize
184KB

MD5
62a6831ba300e0936c729300570d80ff

SHA1
d3182bba912375b8c06d944c8e6e15236463ce09

SHA256
15b2b9fb7bd84580374d7e9ae14c71dc9a6d6971e5b5b908010a91b5e79616b8

SHA512
2e68cb43bdab8fc2a5d6953d6b23fde879dcf890b09d97f1c3f6bb93d623a907b8f538ae6b7b9f6e46a64aead7c438654887f0b4b9786767a77d0e98be718061

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14497.exe
Filesize
184KB

MD5
a3d34331b9ba3c01fa431250458ea9b0

SHA1
63f3886d618b89a83354e97d9e0a606429d9f53b

SHA256
4d2376855e00265b5339c00e48daf0d7debd70ff7de231512bf359abfc25506b

SHA512
d3705b54f57f292d3519892cb19738fb9ba9aa6a170c21115d7d47aa7312eba5e30fdf91d2a95d1f90974e51386ced856eefb8e1e64f6013aae809f89dcfb964

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14881.exe
Filesize
184KB

MD5
e51f950732c88ccbfecba579dae6f347

SHA1
566ef90c5baec9e836f32c5fe6a20707b06e5912

SHA256
500a4b01cee1ea07ea1c017457a84695c954b07bd8c4441e98f135269be5180c

SHA512
ad9705a4629d5773b5ae421b7b6974c694fe1b457c323b5b9a26570fdae2afdb238ddb8ee64df86f5a648fedba2d5581754e562a8c66b56b62f6880b3e278d1c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16790.exe
Filesize
184KB

MD5
50c6ae48069aeea1edea9c77d20d4702

SHA1
693606ad4b411a7252b75eda5aaa6a0501c3bc8d

SHA256
566166c003f60b826ddeb217c2459ca41c0415b67d2019146a1c538a32232ef1

SHA512
cc58af47f8e62c41f3fae12a7eb143b2eb79b152cf54709ae99c2cd7dcc80b7867de741b9343abdb1437b9d322c017dfed71f76cbffe45396751adb391ada117

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24596.exe
Filesize
184KB

MD5
3927bc995e208b77fc3f9e9ef92ccd68

SHA1
0e7a674d7eb519f943174628c88655ab0b0a59a6

SHA256
813f12b8622db80118a82c91b13213139931b0828a5d616159a7197a38c0fddb

SHA512
3aa9eb9f1f98764c0a773685da2fc31e4ba9f1de9c12b7f5e399dac2dfad386c815d062c3fcdbb2a11521c829837e9a8ca6d6eeecd698e560d5f6b0945aa5a48

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25435.exe
Filesize
184KB

MD5
45dda372df1a9c9b708d49f4662cd057

SHA1
a0ff6e30e3de6a712eacbc3fd7af897a4b3d66a2

SHA256
ebe0d9c83ef78fea478c90db3de6e49e6b82c511d09bb2019a26de126937509e

SHA512
f4a3b8c6d21ff785509446941387532bbbb9ffa4ec6f2bd1ae789325012eb1b9450d3a30dc8173c6356675552eb3109649499218adb902c0954a5bd7648659c6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2722.exe
Filesize
184KB

MD5
a94e064367768748db22906e09af4f18

SHA1
4d0129fe5a0b3537379ad76ea28ec41ab6ce436a

SHA256
792a6442d1e11e56672bc0c465e24f8c271d13465aa4b3206a99bdda72e2f2a6

SHA512
564cd85696e1c9c1922c2fbcab98eb9ccbd4a36e2f50f8817e6df57c452b15d346c87c596763d66f4f373dd6a0170eabf38a0f92e31d3dbcd48babfba7b58967

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
Filesize
184KB

MD5
341de2a265e86d34d41543c88085c1c3

SHA1
8f4d5cddf6132f4421460adde642470b39975134

SHA256
133369a353213d66bb35ef32f769196aada8d22007a400cb51aa96b99ccf82c4

SHA512
fcbf6f7fcd86d5fca2e5aafc989b05fdbb9a01a61e682ca0562fc48f6c9562fc9ce364ea0d820020f3863e2903dab6fc1a2753fbb8639f466f23bf7efcb2dfbd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32055.exe
Filesize
184KB

MD5
182676f10e7901f3ba91f3f27c526ead

SHA1
e3489f7b25d5da404c75e7148182ca32713b8936

SHA256
63a5bdc448e25516d7303c6f9aca1eaac958d4a956ba3e96a4c7d5717e705e9c

SHA512
07e42e4d17552e44e85e6a1ac2dc239ee41e95c6be45eb96f773f4ac70859d2a9bffd64bdb3c3fbef92e38d245ece22758462915b4d000e63197075d3935d073

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32934.exe
Filesize
184KB

MD5
773d6411c909f413a8f7d494bab7b918

SHA1
6bbfeb09f25795a6591279e7e4ec2e74b6a5211a

SHA256
dc5ae3a1c29e7de5e856717a18b561231597e0dccd81ecaa10f6a13b8e6c3a28

SHA512
680189e517b28d9239d0e26cdfbc88869f471a7a064b4e5ef5a465e4e7a9d9b08583c21e8f685df2633b2328d9a27f39a2ae9809d4b3075bcd4490317d4f809a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46370.exe
Filesize
184KB

MD5
03809c250b3abe4d898eea78627297d6

SHA1
a95d071dce1c37928b97be852e5c6dccbf06b3c1

SHA256
029dfc64f5e55a6ec514a5ef5fbadb2636bd540f563d58efa35ae0f6361e9352

SHA512
3120c51cb45d8a098b12d8cebb0c247a43019f38e98e5a1b5a2307a6a1fd264881434b4a5140d8d2602def3a6de4ebefb69d2bdb0dbe83efdf8a49a4c64d487a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52800.exe
Filesize
184KB

MD5
c6449e5580b8be9d22f5fd3e88ad71e6

SHA1
3df7802dd0cdd56d0ef630a4fd23e38595395973

SHA256
4ebde7a51838f07c0bbf4c0547fbec87d22469f80190821f7f25617e6e8c06bf

SHA512
75e0daaa2f135cbe26fc8ecde28c8211dd0afaf2fcd5952b35d3da1bf0741cd4cece81ae25a696c0149903a1ba15825c4a3377114ffbfdcf59fb81c13c189fd4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54808.exe
Filesize
184KB

MD5
50adf6e91e30d3a052cb830b41a8612d

SHA1
6ed50ce661bd0556abda1db666cb8c2c1d43cb23

SHA256
9063572c97967757bee4ce0f090eea5c572ccd10d8058b9da9ca775c3392acc8

SHA512
bbf8e117dc36df2d27801212e7392b95f19b8d4f45d4bffe76286e183fe13875f981f4765ad7c884d0e79163930fee8b9f4c90bc9a19d1f2c98b6ed6d2e75d66

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads