b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
Size

184KB
MD5

7878cf95c8d1e2c203d058a1d5b62d18
SHA1

bd86b2ba31ca739ae4cf5f56a2c84493b783e21d
SHA256

b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a
SHA512

b8656373708e8b27b680fd9c83c6bdf3b644f25d1fc356a508ecc360887d082a4cf1283aff89cc26d7e344c9c877f5af849c712a89866b2cd8b39409f4edc37f
SSDEEP

1536:jBSj6jZlu3Kxotx1tJOAlawSGz9yvZc8ymddjwL+2Vzytrql5hj5nizpvq:1Ja3KxoT7JOTjGxWeUwL+KQrqlnViFC

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-25803.exeUnicorn-2995.exeUnicorn-2538.exeUnicorn-48857.exeUnicorn-45328.exeUnicorn-15993.exeUnicorn-58530.exeUnicorn-22651.exeUnicorn-5800.exeUnicorn-42002.exeUnicorn-2785.exeUnicorn-49371.exeUnicorn-35495.exeUnicorn-16506.exeUnicorn-36372.exeUnicorn-36372.exeUnicorn-32842.exeUnicorn-52708.exeUnicorn-42022.exeUnicorn-52288.exeUnicorn-52288.exeUnicorn-29215.exeUnicorn-2895.exeUnicorn-48889.exeUnicorn-32361.exeUnicorn-48697.exeUnicorn-65033.exeUnicorn-28831.exeUnicorn-61504.exeUnicorn-45168.exeUnicorn-10513.exeUnicorn-10129.exeUnicorn-55801.exeUnicorn-59138.exeUnicorn-38203.exeUnicorn-58946.exeUnicorn-26082.exeUnicorn-22552.exeUnicorn-9169.exeUnicorn-38369.exeUnicorn-12049.exeUnicorn-24856.exeUnicorn-8842.exeUnicorn-57529.exeUnicorn-11857.exeUnicorn-28194.exeUnicorn-57851.exeUnicorn-41000.exeUnicorn-60866.exeUnicorn-53303.exeUnicorn-36452.exeUnicorn-20055.exeUnicorn-39406.exeUnicorn-35684.exeUnicorn-55358.exeUnicorn-50760.exeUnicorn-5088.exeUnicorn-38830.exeUnicorn-18964.exeUnicorn-58046.exeUnicorn-21652.exeUnicorn-7392.exeUnicorn-7885.exeUnicorn-52488.exe

pid	process
2944	Unicorn-25803.exe
2972	Unicorn-2995.exe
2660	Unicorn-2538.exe
2560	Unicorn-48857.exe
2480	Unicorn-45328.exe
548	Unicorn-15993.exe
2680	Unicorn-58530.exe
2876	Unicorn-22651.exe
2288	Unicorn-5800.exe
888	Unicorn-42002.exe
1600	Unicorn-2785.exe
1252	Unicorn-49371.exe
2300	Unicorn-35495.exe
2668	Unicorn-16506.exe
2848	Unicorn-36372.exe
2640	Unicorn-36372.exe
384	Unicorn-32842.exe
688	Unicorn-52708.exe
1320	Unicorn-42022.exe
2012	Unicorn-52288.exe
2992	Unicorn-52288.exe
1764	Unicorn-29215.exe
1968	Unicorn-2895.exe
948	Unicorn-48889.exe
1832	Unicorn-32361.exe
964	Unicorn-48697.exe
1648	Unicorn-65033.exe
2224	Unicorn-28831.exe
1448	Unicorn-61504.exe
2372	Unicorn-45168.exe
2216	Unicorn-10513.exe
2052	Unicorn-10129.exe
2652	Unicorn-55801.exe
2204	Unicorn-59138.exe
2468	Unicorn-38203.exe
2616	Unicorn-58946.exe
2544	Unicorn-26082.exe
2368	Unicorn-22552.exe
1956	Unicorn-9169.exe
2628	Unicorn-38369.exe
1640	Unicorn-12049.exe
2784	Unicorn-24856.exe
2764	Unicorn-8842.exe
2916	Unicorn-57529.exe
1692	Unicorn-11857.exe
2244	Unicorn-28194.exe
1528	Unicorn-57851.exe
1272	Unicorn-41000.exe
2088	Unicorn-60866.exe
1064	Unicorn-53303.exe
2796	Unicorn-36452.exe
980	Unicorn-20055.exe
1052	Unicorn-39406.exe
2752	Unicorn-35684.exe
2248	Unicorn-55358.exe
356	Unicorn-50760.exe
2212	Unicorn-5088.exe
1040	Unicorn-38830.exe
1676	Unicorn-18964.exe
2536	Unicorn-58046.exe
2448	Unicorn-21652.exe
2516	Unicorn-7392.exe
2444	Unicorn-7885.exe
2904	Unicorn-52488.exe

Loads dropped DLL 64 IoCs

Processes:

b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exeUnicorn-25803.exeUnicorn-2995.exeUnicorn-2538.exeWerFault.exeUnicorn-48857.exeUnicorn-15993.exeUnicorn-45328.exeWerFault.exeWerFault.exeUnicorn-22651.exeUnicorn-42002.exeUnicorn-2785.exeUnicorn-5800.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
2944	Unicorn-25803.exe
2944	Unicorn-25803.exe
2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
2972	Unicorn-2995.exe
2944	Unicorn-25803.exe
2972	Unicorn-2995.exe
2944	Unicorn-25803.exe
2660	Unicorn-2538.exe
2660	Unicorn-2538.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2560	Unicorn-48857.exe
2560	Unicorn-48857.exe
548	Unicorn-15993.exe
548	Unicorn-15993.exe
2660	Unicorn-2538.exe
2972	Unicorn-2995.exe
2660	Unicorn-2538.exe
2480	Unicorn-45328.exe
2972	Unicorn-2995.exe
2480	Unicorn-45328.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
1644	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
2512	WerFault.exe
1644	WerFault.exe
2876	Unicorn-22651.exe
2876	Unicorn-22651.exe
548	Unicorn-15993.exe
548	Unicorn-15993.exe
2480	Unicorn-45328.exe
2480	Unicorn-45328.exe
888	Unicorn-42002.exe
1600	Unicorn-2785.exe
888	Unicorn-42002.exe
1600	Unicorn-2785.exe
2560	Unicorn-48857.exe
2560	Unicorn-48857.exe
2288	Unicorn-5800.exe
2288	Unicorn-5800.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
1664	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
3068	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe
1788	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2568	2868	WerFault.exe	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
2104	2944	WerFault.exe	Unicorn-25803.exe
1644	2972	WerFault.exe	Unicorn-2995.exe
2512	2660	WerFault.exe	Unicorn-2538.exe
1664	2560	WerFault.exe	Unicorn-48857.exe
3068	548	WerFault.exe	Unicorn-15993.exe
1788	2480	WerFault.exe	Unicorn-45328.exe
1660	2876	WerFault.exe	Unicorn-22651.exe
2884	888	WerFault.exe	Unicorn-42002.exe
2200	1600	WerFault.exe	Unicorn-2785.exe
2892	2680	WerFault.exe	Unicorn-58530.exe
788	1252	WerFault.exe	Unicorn-49371.exe
2076	2848	WerFault.exe	Unicorn-36372.exe
1820	2668	WerFault.exe	Unicorn-16506.exe
2140	384	WerFault.exe	Unicorn-32842.exe
1056	2640	WerFault.exe	Unicorn-36372.exe
1688	2300	WerFault.exe	Unicorn-35495.exe
2960	688	WerFault.exe	Unicorn-52708.exe
1068	1320	WerFault.exe	Unicorn-42022.exe
2424	2012	WerFault.exe	Unicorn-52288.exe
2524	2992	WerFault.exe	Unicorn-52288.exe
1760	1764	WerFault.exe	Unicorn-29215.exe
2932	1968	WerFault.exe	Unicorn-2895.exe
2648	948	WerFault.exe	Unicorn-48889.exe
2744	1832	WerFault.exe	Unicorn-32361.exe
2508	1448	WerFault.exe	Unicorn-61504.exe
2488	964	WerFault.exe	Unicorn-48697.exe
2496	1648	WerFault.exe	Unicorn-65033.exe
1992	2224	WerFault.exe	Unicorn-28831.exe
2924	2372	WerFault.exe	Unicorn-45168.exe
2252	2216	WerFault.exe	Unicorn-10513.exe
772	2652	WerFault.exe	Unicorn-55801.exe
3016	2052	WerFault.exe	Unicorn-10129.exe
3124	2204	WerFault.exe	Unicorn-59138.exe
3140	2544	WerFault.exe	Unicorn-26082.exe
3160	2468	WerFault.exe	Unicorn-38203.exe
3216	2616	WerFault.exe	Unicorn-58946.exe
3328	2368	WerFault.exe	Unicorn-22552.exe
3408	1956	WerFault.exe	Unicorn-9169.exe
3452	2628	WerFault.exe	Unicorn-38369.exe
3472	2916	WerFault.exe	Unicorn-57529.exe
3484	2784	WerFault.exe	Unicorn-24856.exe
3508	1272	WerFault.exe	Unicorn-41000.exe
3524	1640	WerFault.exe	Unicorn-12049.exe
3540	1692	WerFault.exe	Unicorn-11857.exe
3532	1528	WerFault.exe	Unicorn-57851.exe
3548	2244	WerFault.exe	Unicorn-28194.exe
3696	2764	WerFault.exe	Unicorn-8842.exe
3764	2088	WerFault.exe	Unicorn-60866.exe
4048	996	WerFault.exe	Unicorn-91.exe
3460	2796	WerFault.exe	Unicorn-36452.exe
3816	1432	WerFault.exe	Unicorn-44.exe
3996	2308	WerFault.exe	Unicorn-25649.exe
3108	1064	WerFault.exe	Unicorn-53303.exe
3252	2164	WerFault.exe	Unicorn-38455.exe
3380	2320	WerFault.exe	Unicorn-38455.exe
3352	980	WerFault.exe	Unicorn-20055.exe
3864	2836	WerFault.exe	Unicorn-38455.exe
4116	2212	WerFault.exe	Unicorn-5088.exe
4148	2768	WerFault.exe	Unicorn-39489.exe
4172	2444	WerFault.exe	Unicorn-7885.exe
4196	2540	WerFault.exe	Unicorn-9120.exe
4364	1936	WerFault.exe	Unicorn-25841.exe
4388	2016	WerFault.exe	Unicorn-44180.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exeUnicorn-25803.exeUnicorn-2995.exeUnicorn-2538.exeUnicorn-48857.exeUnicorn-45328.exeUnicorn-15993.exeUnicorn-22651.exeUnicorn-42002.exeUnicorn-5800.exeUnicorn-58530.exeUnicorn-2785.exeUnicorn-49371.exeUnicorn-35495.exeUnicorn-36372.exeUnicorn-16506.exeUnicorn-36372.exeUnicorn-32842.exeUnicorn-52708.exeUnicorn-42022.exeUnicorn-52288.exeUnicorn-52288.exeUnicorn-29215.exeUnicorn-2895.exeUnicorn-48889.exeUnicorn-32361.exeUnicorn-28831.exeUnicorn-48697.exeUnicorn-45168.exeUnicorn-65033.exeUnicorn-61504.exeUnicorn-10513.exeUnicorn-10129.exeUnicorn-55801.exeUnicorn-59138.exeUnicorn-38203.exeUnicorn-58946.exeUnicorn-26082.exeUnicorn-22552.exeUnicorn-9169.exeUnicorn-38369.exeUnicorn-12049.exeUnicorn-11857.exeUnicorn-8842.exeUnicorn-24856.exeUnicorn-57529.exeUnicorn-28194.exeUnicorn-57851.exeUnicorn-60866.exeUnicorn-41000.exeUnicorn-53303.exeUnicorn-36452.exeUnicorn-20055.exeUnicorn-39406.exeUnicorn-35684.exeUnicorn-55358.exeUnicorn-50760.exeUnicorn-5088.exeUnicorn-38830.exeUnicorn-18964.exeUnicorn-58046.exeUnicorn-21652.exeUnicorn-7392.exeUnicorn-7885.exe

pid	process
2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
2944	Unicorn-25803.exe
2972	Unicorn-2995.exe
2660	Unicorn-2538.exe
2560	Unicorn-48857.exe
2480	Unicorn-45328.exe
548	Unicorn-15993.exe
2876	Unicorn-22651.exe
888	Unicorn-42002.exe
2288	Unicorn-5800.exe
2680	Unicorn-58530.exe
1600	Unicorn-2785.exe
1252	Unicorn-49371.exe
2300	Unicorn-35495.exe
2848	Unicorn-36372.exe
2668	Unicorn-16506.exe
2640	Unicorn-36372.exe
384	Unicorn-32842.exe
688	Unicorn-52708.exe
1320	Unicorn-42022.exe
2012	Unicorn-52288.exe
2992	Unicorn-52288.exe
1764	Unicorn-29215.exe
1968	Unicorn-2895.exe
948	Unicorn-48889.exe
1832	Unicorn-32361.exe
2224	Unicorn-28831.exe
964	Unicorn-48697.exe
2372	Unicorn-45168.exe
1648	Unicorn-65033.exe
1448	Unicorn-61504.exe
2216	Unicorn-10513.exe
2052	Unicorn-10129.exe
2652	Unicorn-55801.exe
2204	Unicorn-59138.exe
2468	Unicorn-38203.exe
2616	Unicorn-58946.exe
2544	Unicorn-26082.exe
2368	Unicorn-22552.exe
1956	Unicorn-9169.exe
2628	Unicorn-38369.exe
1640	Unicorn-12049.exe
1692	Unicorn-11857.exe
2764	Unicorn-8842.exe
2784	Unicorn-24856.exe
2916	Unicorn-57529.exe
2244	Unicorn-28194.exe
1528	Unicorn-57851.exe
2088	Unicorn-60866.exe
1272	Unicorn-41000.exe
1064	Unicorn-53303.exe
2796	Unicorn-36452.exe
980	Unicorn-20055.exe
1052	Unicorn-39406.exe
2752	Unicorn-35684.exe
2248	Unicorn-55358.exe
356	Unicorn-50760.exe
2212	Unicorn-5088.exe
1040	Unicorn-38830.exe
1676	Unicorn-18964.exe
2536	Unicorn-58046.exe
2448	Unicorn-21652.exe
2516	Unicorn-7392.exe
2444	Unicorn-7885.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exeUnicorn-25803.exeUnicorn-2995.exeUnicorn-2538.exeUnicorn-48857.exeUnicorn-15993.exeUnicorn-45328.exeUnicorn-22651.exe

description	pid	process	target process
PID 2868 wrote to memory of 2944	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-25803.exe
PID 2868 wrote to memory of 2944	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-25803.exe
PID 2868 wrote to memory of 2944	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-25803.exe
PID 2868 wrote to memory of 2944	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-25803.exe
PID 2944 wrote to memory of 2972	2944	Unicorn-25803.exe	Unicorn-2995.exe
PID 2944 wrote to memory of 2972	2944	Unicorn-25803.exe	Unicorn-2995.exe
PID 2944 wrote to memory of 2972	2944	Unicorn-25803.exe	Unicorn-2995.exe
PID 2944 wrote to memory of 2972	2944	Unicorn-25803.exe	Unicorn-2995.exe
PID 2868 wrote to memory of 2660	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-2538.exe
PID 2868 wrote to memory of 2660	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-2538.exe
PID 2868 wrote to memory of 2660	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-2538.exe
PID 2868 wrote to memory of 2660	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	Unicorn-2538.exe
PID 2868 wrote to memory of 2568	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	WerFault.exe
PID 2868 wrote to memory of 2568	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	WerFault.exe
PID 2868 wrote to memory of 2568	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	WerFault.exe
PID 2868 wrote to memory of 2568	2868	b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe	WerFault.exe
PID 2972 wrote to memory of 2560	2972	Unicorn-2995.exe	Unicorn-48857.exe
PID 2972 wrote to memory of 2560	2972	Unicorn-2995.exe	Unicorn-48857.exe
PID 2972 wrote to memory of 2560	2972	Unicorn-2995.exe	Unicorn-48857.exe
PID 2972 wrote to memory of 2560	2972	Unicorn-2995.exe	Unicorn-48857.exe
PID 2944 wrote to memory of 2480	2944	Unicorn-25803.exe	Unicorn-45328.exe
PID 2944 wrote to memory of 2480	2944	Unicorn-25803.exe	Unicorn-45328.exe
PID 2944 wrote to memory of 2480	2944	Unicorn-25803.exe	Unicorn-45328.exe
PID 2944 wrote to memory of 2480	2944	Unicorn-25803.exe	Unicorn-45328.exe
PID 2660 wrote to memory of 548	2660	Unicorn-2538.exe	Unicorn-15993.exe
PID 2660 wrote to memory of 548	2660	Unicorn-2538.exe	Unicorn-15993.exe
PID 2660 wrote to memory of 548	2660	Unicorn-2538.exe	Unicorn-15993.exe
PID 2660 wrote to memory of 548	2660	Unicorn-2538.exe	Unicorn-15993.exe
PID 2944 wrote to memory of 2104	2944	Unicorn-25803.exe	WerFault.exe
PID 2944 wrote to memory of 2104	2944	Unicorn-25803.exe	WerFault.exe
PID 2944 wrote to memory of 2104	2944	Unicorn-25803.exe	WerFault.exe
PID 2944 wrote to memory of 2104	2944	Unicorn-25803.exe	WerFault.exe
PID 2560 wrote to memory of 2680	2560	Unicorn-48857.exe	Unicorn-58530.exe
PID 2560 wrote to memory of 2680	2560	Unicorn-48857.exe	Unicorn-58530.exe
PID 2560 wrote to memory of 2680	2560	Unicorn-48857.exe	Unicorn-58530.exe
PID 2560 wrote to memory of 2680	2560	Unicorn-48857.exe	Unicorn-58530.exe
PID 548 wrote to memory of 2876	548	Unicorn-15993.exe	Unicorn-22651.exe
PID 548 wrote to memory of 2876	548	Unicorn-15993.exe	Unicorn-22651.exe
PID 548 wrote to memory of 2876	548	Unicorn-15993.exe	Unicorn-22651.exe
PID 548 wrote to memory of 2876	548	Unicorn-15993.exe	Unicorn-22651.exe
PID 2660 wrote to memory of 2288	2660	Unicorn-2538.exe	Unicorn-5800.exe
PID 2660 wrote to memory of 2288	2660	Unicorn-2538.exe	Unicorn-5800.exe
PID 2660 wrote to memory of 2288	2660	Unicorn-2538.exe	Unicorn-5800.exe
PID 2660 wrote to memory of 2288	2660	Unicorn-2538.exe	Unicorn-5800.exe
PID 2972 wrote to memory of 1600	2972	Unicorn-2995.exe	Unicorn-2785.exe
PID 2972 wrote to memory of 1600	2972	Unicorn-2995.exe	Unicorn-2785.exe
PID 2972 wrote to memory of 1600	2972	Unicorn-2995.exe	Unicorn-2785.exe
PID 2972 wrote to memory of 1600	2972	Unicorn-2995.exe	Unicorn-2785.exe
PID 2480 wrote to memory of 888	2480	Unicorn-45328.exe	Unicorn-42002.exe
PID 2480 wrote to memory of 888	2480	Unicorn-45328.exe	Unicorn-42002.exe
PID 2480 wrote to memory of 888	2480	Unicorn-45328.exe	Unicorn-42002.exe
PID 2480 wrote to memory of 888	2480	Unicorn-45328.exe	Unicorn-42002.exe
PID 2972 wrote to memory of 1644	2972	Unicorn-2995.exe	WerFault.exe
PID 2972 wrote to memory of 1644	2972	Unicorn-2995.exe	WerFault.exe
PID 2972 wrote to memory of 1644	2972	Unicorn-2995.exe	WerFault.exe
PID 2972 wrote to memory of 1644	2972	Unicorn-2995.exe	WerFault.exe
PID 2660 wrote to memory of 2512	2660	Unicorn-2538.exe	WerFault.exe
PID 2660 wrote to memory of 2512	2660	Unicorn-2538.exe	WerFault.exe
PID 2660 wrote to memory of 2512	2660	Unicorn-2538.exe	WerFault.exe
PID 2660 wrote to memory of 2512	2660	Unicorn-2538.exe	WerFault.exe
PID 2876 wrote to memory of 2300	2876	Unicorn-22651.exe	Unicorn-35495.exe
PID 2876 wrote to memory of 2300	2876	Unicorn-22651.exe	Unicorn-35495.exe
PID 2876 wrote to memory of 2300	2876	Unicorn-22651.exe	Unicorn-35495.exe
PID 2876 wrote to memory of 2300	2876	Unicorn-22651.exe	Unicorn-35495.exe

C:\Users\Admin\AppData\Local\Temp\b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe
"C:\Users\Admin\AppData\Local\Temp\b8594116fbf4721e7d17a72170a25c3044e6acab056443bded307f06ff66429a.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42022.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10513.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53303.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1064

C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47709.exe
9⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40683.exe
10⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62764.exe
11⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16178.exe
12⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37975.exe
13⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
14⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 236
14⤵
PID:13364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 236
13⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
12⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
11⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
10⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54559.exe
9⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1420.exe
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61019.exe
11⤵
PID:6636

C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19493.exe
12⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5414.exe
13⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 236
13⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6636 -s 216
12⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 236
11⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
10⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1064 -s 240
9⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44180.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9079.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2318.exe
10⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
11⤵
PID:7368

C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2718.exe
12⤵
PID:8636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21668.exe
13⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8636 -s 236
13⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7368 -s 216
12⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 216
11⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
10⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
9⤵
- Program crash
PID:4388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 240
8⤵
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36452.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64237.exe
8⤵
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55592.exe
9⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22448.exe
10⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19743.exe
11⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44905.exe
12⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
13⤵
PID:12708

C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24162.exe
14⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 236
13⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
12⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
11⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
10⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2198.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59078.exe
10⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28870.exe
11⤵
PID:8424

C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2212.exe
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8424 -s 236
12⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
11⤵
PID:10360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 240
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19198.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55312.exe
9⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
10⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
11⤵
PID:8036

C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16004.exe
12⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27657.exe
13⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 216
13⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8036 -s 220
12⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 220
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
10⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22865.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49455.exe
10⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20773.exe
11⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29523.exe
12⤵
PID:13488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 236
12⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 220
11⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:9184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 240
9⤵
PID:6832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
8⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 240
7⤵
- Program crash
PID:1068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
6⤵
- Program crash
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32842.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48889.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9169.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7885.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1435.exe
9⤵
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1892.exe
10⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57222.exe
11⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13819.exe
12⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42376.exe
13⤵
PID:10284

C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13712.exe
14⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10284 -s 216
14⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 220
13⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
12⤵
PID:9036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3824 -s 236
11⤵
PID:6468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 236
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63900.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36527.exe
10⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47343.exe
11⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-92.exe
12⤵
PID:9632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8481.exe
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9632 -s 236
13⤵
PID:12464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
12⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4904 -s 216
11⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
10⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
9⤵
- Program crash
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47107.exe
8⤵
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53013.exe
9⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48658.exe
11⤵
PID:6844

C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3382.exe
12⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19940.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
13⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6844 -s 236
12⤵
PID:11244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 236
10⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 236
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 240
8⤵
- Program crash
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
7⤵
- Executes dropped EXE
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34108.exe
8⤵
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15462.exe
9⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53774.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36503.exe
11⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
12⤵
PID:11308

C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29577.exe
13⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11308 -s 216
13⤵
PID:13352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
12⤵
PID:12308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 236
11⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
10⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 236
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60750.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47988.exe
9⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-628.exe
10⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39650.exe
11⤵
PID:11300

C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38781.exe
12⤵
PID:13764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11300 -s 216
12⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 216
11⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
10⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
PID:5104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
7⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38369.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39489.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50444.exe
8⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49863.exe
9⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30033.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32362.exe
11⤵
PID:8712

C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25404.exe
12⤵
PID:12604

C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41045.exe
13⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12604 -s 236
13⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
12⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8712 -s 220
12⤵
PID:13296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
10⤵
PID:7544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
9⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16100.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4940.exe
10⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
11⤵
PID:10608

C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
12⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10608 -s 216
12⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 216
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
10⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
8⤵
- Program crash
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30578.exe
7⤵
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2769.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-52287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52287.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35501.exe
10⤵
PID:7772

C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35583.exe
11⤵
PID:10196

C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
12⤵
PID:12720

C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
13⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10196 -s 216
12⤵
PID:13812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7772 -s 216
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 236
9⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 236
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
7⤵
- Program crash
PID:3452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 240
6⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59138.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55358.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60428.exe
9⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49204.exe
10⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32804.exe
11⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17629.exe
12⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26896.exe
13⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26707.exe
14⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
14⤵
PID:13820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
13⤵
PID:10628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
11⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 216
10⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45483.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14225.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
11⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
12⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
13⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
13⤵
PID:13628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
12⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
11⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 240
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12851.exe
8⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23289.exe
10⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5324.exe
11⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23414.exe
12⤵
PID:9732

C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22244.exe
13⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9732 -s 236
13⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
12⤵
PID:1156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 216
11⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 236
10⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
9⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
8⤵
- Program crash
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50760.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44.exe
8⤵
PID:1432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 220
9⤵
- Program crash
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43645.exe
8⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36200.exe
9⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51634.exe
11⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53858.exe
12⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
12⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
10⤵
PID:8612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 236
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 240
8⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
7⤵
- Program crash
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38203.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38830.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11035.exe
8⤵
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24969.exe
9⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24776.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
11⤵
PID:8072

C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16237.exe
12⤵
PID:9752

C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51714.exe
13⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9752 -s 236
13⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8072 -s 216
12⤵
PID:11228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 236
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 236
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27885.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49223.exe
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
10⤵
PID:7620

C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24297.exe
11⤵
PID:10648

C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24100.exe
12⤵
PID:12688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10648 -s 216
12⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7620 -s 216
11⤵
PID:11372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
10⤵
PID:9376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
8⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7506.exe
7⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30756.exe
8⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37001.exe
9⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
10⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38775.exe
11⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16688.exe
11⤵
PID:10600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2605.exe
12⤵
PID:13376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10600 -s 216
12⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 220
11⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
10⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
9⤵
PID:7708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 236
8⤵
PID:5404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
- Program crash
PID:3160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
6⤵
- Program crash
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29215.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58946.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58046.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27372.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64004.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14692.exe
10⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40488.exe
11⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29123.exe
12⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45840.exe
13⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
11⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 236
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16427.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29602.exe
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60763.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52890.exe
11⤵
PID:10680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56772.exe
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 216
12⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 220
11⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
10⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 216
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23842.exe
7⤵
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
8⤵
PID:3988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 240
9⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 236
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
7⤵
- Program crash
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21652.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43708.exe
7⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-387.exe
8⤵
PID:4000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 220
9⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
8⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62395.exe
7⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34039.exe
8⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41523.exe
9⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10896.exe
10⤵
PID:9936

C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52119.exe
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9936 -s 216
11⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
10⤵
PID:10484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
9⤵
PID:8768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
8⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
7⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
6⤵
- Program crash
PID:1760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 220
5⤵
- Program crash
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36372.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32361.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12049.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53360.exe
8⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
9⤵
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
10⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41112.exe
11⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57286.exe
12⤵
PID:7624

C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10736.exe
13⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2062.exe
14⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11188 -s 216
14⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7624 -s 216
13⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
12⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
11⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 236
10⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
9⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27729.exe
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41376.exe
11⤵
PID:8488

C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47326.exe
12⤵
PID:12384

C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54088.exe
13⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8488 -s 216
12⤵
PID:2852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
11⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31237.exe
8⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14995.exe
9⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13924.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54795.exe
11⤵
PID:7520

C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42662.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3238.exe
13⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 216
13⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7520 -s 216
12⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:9280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
10⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
9⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
8⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7688.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31130.exe
9⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59259.exe
10⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27961.exe
11⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3497.exe
12⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65454.exe
13⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
13⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 220
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4212 -s 216
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4300 -s 236
10⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23358.exe
9⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60057.exe
10⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38261.exe
11⤵
PID:10696

C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21762.exe
12⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10696 -s 216
12⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
11⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 240
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 216
8⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
7⤵
- Program crash
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24856.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-667.exe
8⤵
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34181.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57640.exe
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16207.exe
11⤵
PID:7272

C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
12⤵
PID:10072

C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57713.exe
13⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10072 -s 236
13⤵
PID:13356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7272 -s 216
12⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 216
11⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 236
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 236
9⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46988.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39433.exe
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17732.exe
11⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14589.exe
12⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 236
12⤵
PID:13620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 220
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
10⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
9⤵
PID:6500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
8⤵
- Program crash
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45270.exe
7⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31031.exe
8⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26011.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62.exe
10⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43144.exe
11⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
12⤵
PID:13696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
11⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
10⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 236
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 216
8⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
- Program crash
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
6⤵
- Program crash
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28831.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57851.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
7⤵
PID:1100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 220
8⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 216
7⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
6⤵
PID:1200

C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-91.exe
7⤵
PID:996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
8⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62203.exe
7⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9856.exe
8⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26192.exe
9⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8706.exe
10⤵
PID:12432

C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45515.exe
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12432 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
10⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
9⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
8⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1200 -s 240
7⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
6⤵
- Program crash
PID:1992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
5⤵
- Program crash
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2895.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26082.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5088.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
8⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19857.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1934.exe
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
10⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26808.exe
11⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57843.exe
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 236
12⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
10⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
8⤵
- Program crash
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56707.exe
7⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46708.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63618.exe
9⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
10⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35682.exe
11⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35685.exe
12⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
12⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
11⤵
PID:11388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
10⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
8⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 240
7⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18964.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16189.exe
7⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3677.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11584.exe
9⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-25294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25294.exe
10⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38805.exe
11⤵
PID:11640

C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62035.exe
12⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11640 -s 216
12⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 216
11⤵
PID:13004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 216
9⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
8⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45758.exe
7⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35816.exe
8⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10773.exe
9⤵
PID:7652

C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62521.exe
10⤵
PID:10212

C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23002.exe
11⤵
PID:12968

C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40197.exe
12⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10212 -s 216
11⤵
PID:14064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7652 -s 216
10⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
9⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
8⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
6⤵
- Program crash
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22552.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7392.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27180.exe
7⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64964.exe
8⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60318.exe
9⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26809.exe
10⤵
PID:8100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61016.exe
11⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29395.exe
12⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 216
12⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 220
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
10⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
9⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
8⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27309.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28497.exe
8⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25232.exe
9⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49557.exe
10⤵
PID:11496

C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59684.exe
11⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11496 -s 216
11⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 216
10⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
9⤵
PID:10144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 240
7⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23650.exe
6⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
7⤵
PID:3368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 220
8⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
7⤵
PID:4376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
5⤵
- Program crash
PID:1820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48697.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8842.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9120.exe
8⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7880.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22630.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50031.exe
11⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65396.exe
12⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36960.exe
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 216
13⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 236
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 236
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 216
9⤵
- Program crash
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44694.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57886.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19039.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61201.exe
11⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48634.exe
12⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7490.exe
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
13⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 236
12⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
11⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
10⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21404.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32927.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59672.exe
11⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
12⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 240
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2764 -s 240
8⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54792.exe
7⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15358.exe
8⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14227.exe
9⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57414.exe
10⤵
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 224
11⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
10⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17703.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
10⤵
PID:8268

C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
11⤵
PID:10976

C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37821.exe
12⤵
PID:13840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10976 -s 216
12⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8268 -s 216
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
8⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 240
7⤵
- Program crash
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57529.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46915.exe
7⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18617.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19096.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54416.exe
10⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
11⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40843.exe
12⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
12⤵
PID:13500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 236
8⤵
PID:5072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 236
7⤵
- Program crash
PID:3472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 240
6⤵
- Program crash
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45168.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60866.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25841.exe
7⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51103.exe
8⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
9⤵
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 200
10⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 236
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5924.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24249.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50524.exe
10⤵
PID:8088

C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
11⤵
PID:10092

C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40801.exe
12⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10092 -s 236
12⤵
PID:13444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8088 -s 216
11⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
10⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63910.exe
7⤵
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42593.exe
8⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3364.exe
9⤵
PID:5996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35221.exe
10⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2283.exe
11⤵
PID:10800

C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16318.exe
12⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10800 -s 216
12⤵
PID:13652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5996 -s 216
10⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 216
9⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 216
8⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 220
7⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33494.exe
6⤵
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15743.exe
7⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63428.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49908.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3020.exe
10⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-186.exe
11⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40895.exe
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
12⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
8⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43370.exe
7⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14355.exe
8⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29108.exe
9⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5012.exe
10⤵
PID:10744

C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19575.exe
11⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10744 -s 216
11⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 216
10⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 236
9⤵
PID:9836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
8⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
7⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
6⤵
- Program crash
PID:2924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
5⤵
- Program crash
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1252

C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52288.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10129.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39406.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49437.exe
8⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31140.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14308.exe
10⤵
PID:5760

C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49170.exe
11⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56704.exe
12⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44162.exe
13⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
13⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
12⤵
PID:11880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5760 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
10⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 236
9⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65436.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46322.exe
9⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12330.exe
10⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13896.exe
11⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47387.exe
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
12⤵
PID:13516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
11⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
10⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 220
8⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62244.exe
7⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52437.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48434.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-16882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16882.exe
10⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43931.exe
11⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26513.exe
12⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
12⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 216
11⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
8⤵
PID:4484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
- Program crash
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35684.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11419.exe
7⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45172.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42731.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43529.exe
10⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19580.exe
11⤵
PID:10852

C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-109.exe
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10852 -s 216
12⤵
PID:8108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 216
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 236
9⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 236
8⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44523.exe
7⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60219.exe
8⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
9⤵
PID:6864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30051.exe
10⤵
PID:10156

C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49182.exe
11⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10156 -s 216
11⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6864 -s 216
10⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 236
9⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 216
8⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
7⤵
PID:4320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
6⤵
- Program crash
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55801.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20055.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
7⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61996.exe
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39006.exe
9⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58286.exe
10⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57298.exe
11⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 236
11⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
10⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
9⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
8⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
7⤵
- Program crash
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
6⤵
- Program crash
PID:772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1252 -s 240
5⤵
- Program crash
PID:788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2288

C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52708.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65033.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28194.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45654.exe
7⤵
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2084.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1166.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18013.exe
10⤵
PID:7628

C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13330.exe
11⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65518.exe
12⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
12⤵
PID:13644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7628 -s 216
11⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
10⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 236
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 236
8⤵
PID:4712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
7⤵
- Program crash
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
6⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31887.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65239.exe
8⤵
PID:3116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 200
9⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
8⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55125.exe
7⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35183.exe
8⤵
PID:4652

C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26339.exe
9⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-476.exe
10⤵
PID:9484

C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13167.exe
11⤵
PID:12872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9484 -s 216
11⤵
PID:13896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
10⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4652 -s 216
9⤵
PID:8868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
8⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
7⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
6⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42177.exe
6⤵
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49484.exe
7⤵
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47367.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45331.exe
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53021.exe
10⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45881.exe
11⤵
PID:12668

C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56533.exe
12⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 236
11⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
10⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 236
8⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46526.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29794.exe
8⤵
PID:5488

C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49035.exe
9⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25940.exe
10⤵
PID:11508

C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55290.exe
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11508 -s 236
11⤵
PID:14080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
10⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5488 -s 216
9⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
8⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
7⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28549.exe
6⤵
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50325.exe
7⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46514.exe
8⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27385.exe
9⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37026.exe
10⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62249.exe
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
11⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
10⤵
PID:11456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
8⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 236
7⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
6⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
5⤵
- Program crash
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61504.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11857.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25649.exe
6⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16812.exe
7⤵
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58353.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30884.exe
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63586.exe
10⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10653.exe
11⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46961.exe
12⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11116 -s 216
12⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
10⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 216
8⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 236
7⤵
- Program crash
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29618.exe
6⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32567.exe
7⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39872.exe
8⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29539.exe
9⤵
PID:8676

C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
10⤵
PID:12564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44618.exe
11⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8676 -s 236
10⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
9⤵
PID:10004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
8⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
7⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 220
6⤵
- Program crash
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38455.exe
5⤵
PID:2164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 220
6⤵
- Program crash
PID:3252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
5⤵
- Program crash
PID:2508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
2⤵
- Program crash
PID:2568

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
Filesize
184KB

MD5
b525295d99fe1665ca8219a070e466dc

SHA1
9807a68ba3f43ecfeb43d61cbe9d32062670123f

SHA256
7642d4187a10d89f7af20319f0ce6f4aacce6d2dae879fcbc0847bdd4f21bc04

SHA512
5de0cf3cdad5fa7d71ede2de2f9b1b5a57d1132ff23f7acb99f5c4a978fb69f6edf1c78e6440d04234d7c46d3fb17dc78f8cce1089ee90adc60cf37ebf375114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23508.exe
Filesize
184KB

MD5
d7876b996a8d66d03438dcf2f3e80db0

SHA1
f6a23645c5216304c77415b6becb45fb8f3a2042

SHA256
edcb373815aa3e3941f7091047402da4138adc8d4971d6ed9d7aad7b1c2995a9

SHA512
4041b703fc15953e564d7dc8a09c59859807f2cd4632043a5747c9faa2fde11945728f6abf12ce7a6b6c8ccdd07f7792e94dbbd19041e2ec9e02cdf1f4f2e3b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-2995.exe
Filesize
184KB

MD5
a30e7c47aec9ac45b88f19b1717fcec6

SHA1
7eb3b6709987e2066beb59239e5a8c0b7c50f756

SHA256
d9495073166932715cf2b08a829490827338aa1db130e284301cb4da133341a4

SHA512
5ab05a9b687aa1b979fb6e0713e787a3d56033031804f63191ff907c7730e171b500468671201a2704710cdb7d6a92ea7f7d6ee3e9be13ff68147a8b3245f189

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41000.exe
Filesize
184KB

MD5
c3cae71d9f454f1f644eabcf639f78a1

SHA1
510211b4299e71e9374c6e32a215b26de9fd4132

SHA256
18221829e3e0d63dffaf9b52dbe8be93db17fe417510a030ed849efa3f70fd70

SHA512
ed8400fd510c4db8db3b7ab41274479da4db0ea7a96d7930dc83278639f9b3341c85b7ce2999ab33a48274da148b4ce829774ec7ae49ed453fb8073f48f2880d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-42002.exe
Filesize
184KB

MD5
f7a9f0c5953e57abfb589e823bad6d5f

SHA1
6cb82b7e6c6a527f9754805712710cb3681825ac

SHA256
aa7b954d8e6b2eee71bf45e535bb5776231f7a899264c10d4fef6a218029e360

SHA512
1486f7e9aa6c95724258071a267bfe3e22f756cac7f228e4c420e2eabb0d5a3f1a04660102ff6dcf622774e23215abdd6d616c456db787a41dba6ab5a3d7ea0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5800.exe
Filesize
184KB

MD5
f1327b7f7f3fb3581745cc2750b3a810

SHA1
68bc9a2d105d2a0259d84a3d790684723fe5601b

SHA256
a139efbdbd46d0f8c58f4423b679bd8cacd603f19f56316b2ad9bd6148894ecf

SHA512
ff23836a596e1eebe465d9fc1b72fd4662da7ace6f5c3e9c628ecc6abb8daf32af81092c5b71da2c55a039908709f191ea67f09f0ebc3d77fd46d2c3054b198c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6462.exe
Filesize
184KB

MD5
0546ac11245701eb0e5e218699131404

SHA1
8856f63a09c4832eae71d3d866f71c843003d86d

SHA256
8cef79a93bfed395a86a3bfad6573c43c615349ffe046b4f1460c4611c04f9de

SHA512
c3274c4cf5dcc37757c50302d454ac9460fa4e66b8160dc2f38aec2e28d939bcb7af469cc7e118f0638a50eb024819572cd33d9aa7359fd29bbd4cdf67dc3e94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6717.exe
Filesize
184KB

MD5
49a9e33dd8f6b7061f8df3ffc07d0848

SHA1
8911bee1cafcaf8f4ddf923e18c4b90b93839c75

SHA256
00089ce44dfc4de63948ff0f5f6b55a8762a5ec03fcd1e79efc9813d8ea430b4

SHA512
82e9719b3754d91288abf1e5b770594f4f371dd09788c64f85e4869f288cbf5dbef43e130631bfc559a340b70c57b61a236a3ed726b9dee75692a93ca576a722

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7253.exe
Filesize
184KB

MD5
bdaccfe8367555066f15ac31001560a2

SHA1
32fdd468edff67c907e3cc22c7f35f7456a96333

SHA256
f43ddb4557f44ffb5fcd1f40aac414660f330fe17a8e5f2702eff04e558bb619

SHA512
4c7f8fa7c71d009275b77758454f00fd3065d9a36749d16ca4b7270d4bff8252d0337de499885f2eb291737090e225ccba3daa6be5d75db6eac662eb21733ef0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-16506.exe
Filesize
184KB

MD5
c1a6811a4b9764411925cfd3d196fde0

SHA1
a2e9e492fdba382b9947bc1d22d512c79896de88

SHA256
812bfd87514ab1f9bbd0915f7a717cef725fea2b42d3df78ac0e04e36d5af5ed

SHA512
a83368f71dc9b79ecb1b4cbc7bf9d1aa9c576421763adb701fe0d02fa1ea63ac6bb4c93ec83bce734b1ff921647c28513564dfeca40a0ad1a61390255e29a629

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22651.exe
Filesize
184KB

MD5
1aea1b9afa885fcdf76af05f56d2ff35

SHA1
15114816f49dc13955a67adeabbd3a2dc378ed29

SHA256
86819aeea5f42f2f67ead5804e02d0e73ea37485bfc26c3e1e3a9b2fea5a601f

SHA512
658d3bc0f09655ecc8ca1db6c4d9241ebc46a384e0efca7d6093f5fddf970e7c2746b16e6de6a76686e5c99ed75a6f73de5a9ca396f59b56b71cf155b4c0a836

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2538.exe
Filesize
184KB

MD5
be59655e60333b1b17b35a3665ab9917

SHA1
17f66ae8e18bc6608501c1bd1cb0b13a51c68d65

SHA256
8888733484d906039118a12bfbf3bc7d310903ea10d537bb80d916cb05667cf1

SHA512
7bfabbeeb1258ccc3e2b1dd180452d3a17619b9937fd0e3f18f9f072b33e7584f3c53b015c8e2ca4c4d84a733341cf036831f237d42782f1aba4afe64f24d7f7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25803.exe
Filesize
184KB

MD5
03dc7f30d58c040add59669225c5a6cf

SHA1
199d6672c9ad134afae6a5018e905ef67a5962fc

SHA256
9c2742b4a3229920320bf63876b2d020dd2419337516b3f61ae71f0403b0273b

SHA512
2a187af22a5834f27b10bd6543b87f686932a8e3e691bae2cfd875fba48015c6ca71941d13a182923dd53b939ed6d27faa4c2c1ea2dad1e7616e26d395b5040c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2785.exe
Filesize
184KB

MD5
264879424a03e42a2b1671082615a931

SHA1
791270aa82adbb2ed1df16a5df37a2a62fa6a053

SHA256
7dbd015a0f2d681282fa96c50bcb442c31661714a8ae8988ac8f793d2db04c50

SHA512
dd1a40752f7423bfdec482074d356ec4ba8d4df06711363e84eb04b352baf69b50eb9e60b00e2e0ff90a3e5645b436b716fcc57b8ec235ae1bf36eee79f1e38f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-35495.exe
Filesize
184KB

MD5
e67fbd00630f07db66158f9dcb5be0bc

SHA1
c92666df576c73504ca74a94c4abb1ea60d962cb

SHA256
688f6e0286666b62320cea9d75a3d7e72ee98ee250f2273f785a65bcaaea7d23

SHA512
27d20ff0a514de15417d5581ba323b0163fb7bcfa343ca13dafa1567d12d043304b1bb3019524255514e0274f72abd7321ecd07244ffe09e01b300ad474d43eb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45328.exe
Filesize
184KB

MD5
0970dc5c00bdc9335ce9b10b8f008f01

SHA1
bf37c93669219ffe1f1d1e0c537ced19a8129d98

SHA256
8c4ab7b1ab121d38432f390e8c82e78e68ec9240ee78f2a85e70cfdbc8a04228

SHA512
2606022bbbbf5cf48fab54d7c50dec4268ab1e0b3852e2192dc124fad7486ed6462a197601764943102874cce7111249c4d73b3a620ee752db88fdaf610d37c0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
Filesize
184KB

MD5
014361dddbe8f00e206afe4328f08966

SHA1
6c3c5ec3c0b6f2b5ec1355ac072b0b52e97ee77a

SHA256
0514890126749dd0fa1744d59a10425b410719ec0f85feb1bc65c7508d97773d

SHA512
73db28e4549c108af1fd5f7ba26f8464981d6c6c9c6b6a669bf92b96425697097ce38367be018497bb0ced699d9e13b5993dbf5d6cfb4ef3423d669f5517294a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49371.exe
Filesize
184KB

MD5
d2b423f989ec1000c1455adf6556042d

SHA1
394cb62c3a51c1ec83167b86cf57664101327ad0

SHA256
ddcfc29b9f18e270bcfa3dc82ec1f6624885ceaadb7e84e1bacaebb54fddd18f

SHA512
3faa4a9c33997bc4b8629aa3bcae89948ef2dbf6baff062daeed7769561561400cbb839ee4e02c847fd19cc3a1a23538d0ba30db7a1a3c7297bacd7fe04754a0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58530.exe
Filesize
184KB

MD5
8bed0a8975860e3cbe92e7c687b66f92

SHA1
e0d762374a549d25a3a1cd794045b5584f60fa03

SHA256
b422d6bc2cb6f06080c4eacd3f2de65499e18ed6cd962f1bd7e52da159de10fb

SHA512
b3f44a023a8490964b1766ff8470089d1546747bbadafbc115b53e05ebffdf877128122405c3e680e4eb19ec55480cfcb0aa5ef1342471f8d0153042735fd927

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads