b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
Size

184KB
MD5

16e71ec1b39156c59f70163b12a2f266
SHA1

7b09d460991635e5b76fde7498bf6ae48420ad79
SHA256

b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40
SHA512

fa893e8ebe54df58739f050fd84827ef8ff8321c459d65baa36c2c95a01f2f2e1ef12be0d2cf801c942e967040efc4118067896b5b3aa92ebfe7f9cca52babd4
SSDEEP

1536:IBSa6j2luRexowx1GCqAC/wS+29yvZc8Smd99APJ2VzetMhl5hj5nizpv2:s6tRexooACqvj+4WeOAPJKsMhlnViF+

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-26599.exeUnicorn-42707.exeUnicorn-25856.exeUnicorn-37113.exeUnicorn-50989.exeUnicorn-5317.exeUnicorn-28468.exeUnicorn-57611.exeUnicorn-28276.exeUnicorn-60948.exeUnicorn-40013.exeUnicorn-36483.exeUnicorn-32953.exeUnicorn-36291.exeUnicorn-43219.exeUnicorn-39689.exeUnicorn-6825.exeUnicorn-62570.exeUnicorn-43027.exeUnicorn-6405.exeUnicorn-6405.exeUnicorn-2876.exeUnicorn-6213.exeUnicorn-1615.exeUnicorn-5829.exeUnicorn-51501.exeUnicorn-54838.exeUnicorn-53769.exeUnicorn-21974.exeUnicorn-18444.exeUnicorn-38310.exeUnicorn-17375.exeUnicorn-2036.exeUnicorn-64044.exeUnicorn-29556.exeUnicorn-47516.exeUnicorn-18181.exeUnicorn-34517.exeUnicorn-30987.exeUnicorn-45700.exeUnicorn-34133.exeUnicorn-25450.exeUnicorn-28788.exeUnicorn-46748.exeUnicorn-33749.exeUnicorn-15139.exeUnicorn-11610.exeUnicorn-64148.exeUnicorn-36437.exeUnicorn-36437.exeUnicorn-11418.exeUnicorn-11418.exeUnicorn-38544.exeUnicorn-54880.exeUnicorn-50282.exeUnicorn-54496.exeUnicorn-50967.exeUnicorn-5295.exeUnicorn-21440.exeUnicorn-36899.exeUnicorn-23443.exeUnicorn-3577.exeUnicorn-36249.exeUnicorn-56115.exe

pid	process
1244	Unicorn-26599.exe
2996	Unicorn-42707.exe
3040	Unicorn-25856.exe
2456	Unicorn-37113.exe
2816	Unicorn-50989.exe
2344	Unicorn-5317.exe
1944	Unicorn-28468.exe
2656	Unicorn-57611.exe
2636	Unicorn-28276.exe
1780	Unicorn-60948.exe
1448	Unicorn-40013.exe
1688	Unicorn-36483.exe
1820	Unicorn-32953.exe
2264	Unicorn-36291.exe
632	Unicorn-43219.exe
2276	Unicorn-39689.exe
1104	Unicorn-6825.exe
2204	Unicorn-62570.exe
1484	Unicorn-43027.exe
2080	Unicorn-6405.exe
1876	Unicorn-6405.exe
1348	Unicorn-2876.exe
888	Unicorn-6213.exe
1800	Unicorn-1615.exe
968	Unicorn-5829.exe
1676	Unicorn-51501.exe
836	Unicorn-54838.exe
2400	Unicorn-53769.exe
2268	Unicorn-21974.exe
880	Unicorn-18444.exe
892	Unicorn-38310.exe
3036	Unicorn-17375.exe
2576	Unicorn-2036.exe
2564	Unicorn-64044.exe
2616	Unicorn-29556.exe
2464	Unicorn-47516.exe
2560	Unicorn-18181.exe
2316	Unicorn-34517.exe
2516	Unicorn-30987.exe
2752	Unicorn-45700.exe
2036	Unicorn-34133.exe
1672	Unicorn-25450.exe
1816	Unicorn-28788.exe
1364	Unicorn-46748.exe
400	Unicorn-33749.exe
2284	Unicorn-15139.exe
1168	Unicorn-11610.exe
1256	Unicorn-64148.exe
1284	Unicorn-36437.exe
2292	Unicorn-36437.exe
992	Unicorn-11418.exe
580	Unicorn-11418.exe
1756	Unicorn-38544.exe
2084	Unicorn-54880.exe
2116	Unicorn-50282.exe
1032	Unicorn-54496.exe
1736	Unicorn-50967.exe
1720	Unicorn-5295.exe
1716	Unicorn-21440.exe
2700	Unicorn-36899.exe
2748	Unicorn-23443.exe
2216	Unicorn-3577.exe
2496	Unicorn-36249.exe
2948	Unicorn-56115.exe

Loads dropped DLL 64 IoCs

Processes:

b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exeUnicorn-26599.exeUnicorn-42707.exeUnicorn-25856.exeWerFault.exeUnicorn-37113.exeUnicorn-50989.exeUnicorn-5317.exeWerFault.exeWerFault.exeUnicorn-28468.exeUnicorn-57611.exeUnicorn-28276.exeUnicorn-60948.exeUnicorn-40013.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
1244	Unicorn-26599.exe
2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
1244	Unicorn-26599.exe
2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
2996	Unicorn-42707.exe
2996	Unicorn-42707.exe
1244	Unicorn-26599.exe
1244	Unicorn-26599.exe
3040	Unicorn-25856.exe
3040	Unicorn-25856.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2932	WerFault.exe
2456	Unicorn-37113.exe
2456	Unicorn-37113.exe
2996	Unicorn-42707.exe
2996	Unicorn-42707.exe
2816	Unicorn-50989.exe
2816	Unicorn-50989.exe
2344	Unicorn-5317.exe
2344	Unicorn-5317.exe
3040	Unicorn-25856.exe
3040	Unicorn-25856.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
2016	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
1952	WerFault.exe
2016	WerFault.exe
1952	WerFault.exe
1944	Unicorn-28468.exe
1944	Unicorn-28468.exe
2456	Unicorn-37113.exe
2456	Unicorn-37113.exe
2656	Unicorn-57611.exe
2656	Unicorn-57611.exe
2636	Unicorn-28276.exe
2636	Unicorn-28276.exe
2816	Unicorn-50989.exe
1780	Unicorn-60948.exe
2816	Unicorn-50989.exe
1780	Unicorn-60948.exe
2344	Unicorn-5317.exe
2344	Unicorn-5317.exe
1448	Unicorn-40013.exe
1448	Unicorn-40013.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
920	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
1144	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2696	2368	WerFault.exe	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
2932	1244	WerFault.exe	Unicorn-26599.exe
1952	3040	WerFault.exe	Unicorn-25856.exe
2016	2996	WerFault.exe	Unicorn-42707.exe
920	2456	WerFault.exe	Unicorn-37113.exe
704	2816	WerFault.exe	Unicorn-50989.exe
1144	2344	WerFault.exe	Unicorn-5317.exe
1408	1944	WerFault.exe	Unicorn-28468.exe
2076	2656	WerFault.exe	Unicorn-57611.exe
3064	2636	WerFault.exe	Unicorn-28276.exe
2604	1780	WerFault.exe	Unicorn-60948.exe
2716	1448	WerFault.exe	Unicorn-40013.exe
2888	2268	WerFault.exe	Unicorn-21974.exe
1632	1688	WerFault.exe	Unicorn-36483.exe
908	1820	WerFault.exe	Unicorn-32953.exe
296	2264	WerFault.exe	Unicorn-36291.exe
1804	2204	WerFault.exe	Unicorn-62570.exe
2916	1484	WerFault.exe	Unicorn-43027.exe
2856	1348	WerFault.exe	Unicorn-2876.exe
928	1104	WerFault.exe	Unicorn-6825.exe
1328	2276	WerFault.exe	Unicorn-39689.exe
1372	632	WerFault.exe	Unicorn-43219.exe
2836	1876	WerFault.exe	Unicorn-6405.exe
1216	2080	WerFault.exe	Unicorn-6405.exe
2820	1800	WerFault.exe	Unicorn-1615.exe
1540	968	WerFault.exe	Unicorn-5829.exe
476	836	WerFault.exe	Unicorn-54838.exe
1036	1676	WerFault.exe	Unicorn-51501.exe
556	892	WerFault.exe	Unicorn-38310.exe
708	3036	WerFault.exe	Unicorn-17375.exe
2224	2400	WerFault.exe	Unicorn-53769.exe
1864	880	WerFault.exe	Unicorn-18444.exe
2492	2036	WerFault.exe	Unicorn-34133.exe
3232	1284	WerFault.exe	Unicorn-36437.exe
3224	2516	WerFault.exe	Unicorn-30987.exe
3112	1620	WerFault.exe	Unicorn-22099.exe
3616	2564	WerFault.exe	Unicorn-64044.exe
3608	2576	WerFault.exe	Unicorn-2036.exe
2568	2464	WerFault.exe	Unicorn-47516.exe
2172	1720	WerFault.exe	Unicorn-5295.exe
1048	1736	WerFault.exe	Unicorn-50967.exe
2280	2948	WerFault.exe	Unicorn-56115.exe
3884	1364	WerFault.exe	Unicorn-46748.exe
3876	2616	WerFault.exe	Unicorn-29556.exe
4004	580	WerFault.exe	Unicorn-11418.exe
4028	1672	WerFault.exe	Unicorn-25450.exe
3996	2560	WerFault.exe	Unicorn-18181.exe
3356	2292	WerFault.exe	Unicorn-36437.exe
3380	992	WerFault.exe	Unicorn-11418.exe
3404	1816	WerFault.exe	Unicorn-28788.exe
3452	400	WerFault.exe	Unicorn-33749.exe
3444	1256	WerFault.exe	Unicorn-64148.exe
3528	2752	WerFault.exe	Unicorn-45700.exe
3564	1168	WerFault.exe	Unicorn-11610.exe
3580	2284	WerFault.exe	Unicorn-15139.exe
3596	2316	WerFault.exe	Unicorn-34517.exe
3708	1756	WerFault.exe	Unicorn-38544.exe
3744	2084	WerFault.exe	Unicorn-54880.exe
3864	2116	WerFault.exe	Unicorn-50282.exe
3300	2828	WerFault.exe	Unicorn-38302.exe
1440	1208	WerFault.exe	Unicorn-6338.exe
3808	2496	WerFault.exe	Unicorn-36249.exe
3588	1032	WerFault.exe	Unicorn-54496.exe
4088	1568	WerFault.exe	Unicorn-18761.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exeUnicorn-26599.exeUnicorn-25856.exeUnicorn-42707.exeUnicorn-37113.exeUnicorn-50989.exeUnicorn-5317.exeUnicorn-28468.exeUnicorn-57611.exeUnicorn-28276.exeUnicorn-60948.exeUnicorn-40013.exeUnicorn-36483.exeUnicorn-32953.exeUnicorn-36291.exeUnicorn-43219.exeUnicorn-6825.exeUnicorn-39689.exeUnicorn-62570.exeUnicorn-43027.exeUnicorn-6405.exeUnicorn-6405.exeUnicorn-2876.exeUnicorn-6213.exeUnicorn-1615.exeUnicorn-51501.exeUnicorn-5829.exeUnicorn-54838.exeUnicorn-38310.exeUnicorn-53769.exeUnicorn-21974.exeUnicorn-17375.exeUnicorn-18444.exeUnicorn-2036.exeUnicorn-64044.exeUnicorn-29556.exeUnicorn-47516.exeUnicorn-18181.exeUnicorn-34517.exeUnicorn-30987.exeUnicorn-45700.exeUnicorn-34133.exeUnicorn-25450.exeUnicorn-28788.exeUnicorn-46748.exeUnicorn-33749.exeUnicorn-15139.exeUnicorn-64148.exeUnicorn-11610.exeUnicorn-36437.exeUnicorn-36437.exeUnicorn-11418.exeUnicorn-11418.exeUnicorn-38544.exeUnicorn-54880.exeUnicorn-50282.exeUnicorn-54496.exeUnicorn-5295.exeUnicorn-36899.exeUnicorn-23443.exeUnicorn-21440.exeUnicorn-3577.exeUnicorn-36249.exeUnicorn-56115.exe

pid	process
2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
1244	Unicorn-26599.exe
3040	Unicorn-25856.exe
2996	Unicorn-42707.exe
2456	Unicorn-37113.exe
2816	Unicorn-50989.exe
2344	Unicorn-5317.exe
1944	Unicorn-28468.exe
2656	Unicorn-57611.exe
2636	Unicorn-28276.exe
1780	Unicorn-60948.exe
1448	Unicorn-40013.exe
1688	Unicorn-36483.exe
1820	Unicorn-32953.exe
2264	Unicorn-36291.exe
632	Unicorn-43219.exe
1104	Unicorn-6825.exe
2276	Unicorn-39689.exe
2204	Unicorn-62570.exe
1484	Unicorn-43027.exe
1876	Unicorn-6405.exe
2080	Unicorn-6405.exe
1348	Unicorn-2876.exe
888	Unicorn-6213.exe
1800	Unicorn-1615.exe
1676	Unicorn-51501.exe
968	Unicorn-5829.exe
836	Unicorn-54838.exe
892	Unicorn-38310.exe
2400	Unicorn-53769.exe
2268	Unicorn-21974.exe
3036	Unicorn-17375.exe
880	Unicorn-18444.exe
2576	Unicorn-2036.exe
2564	Unicorn-64044.exe
2616	Unicorn-29556.exe
2464	Unicorn-47516.exe
2560	Unicorn-18181.exe
2316	Unicorn-34517.exe
2516	Unicorn-30987.exe
2752	Unicorn-45700.exe
2036	Unicorn-34133.exe
1672	Unicorn-25450.exe
1816	Unicorn-28788.exe
1364	Unicorn-46748.exe
400	Unicorn-33749.exe
2284	Unicorn-15139.exe
1256	Unicorn-64148.exe
1168	Unicorn-11610.exe
1284	Unicorn-36437.exe
2292	Unicorn-36437.exe
992	Unicorn-11418.exe
580	Unicorn-11418.exe
1756	Unicorn-38544.exe
2084	Unicorn-54880.exe
2116	Unicorn-50282.exe
1032	Unicorn-54496.exe
1720	Unicorn-5295.exe
2700	Unicorn-36899.exe
2748	Unicorn-23443.exe
1716	Unicorn-21440.exe
2216	Unicorn-3577.exe
2496	Unicorn-36249.exe
2948	Unicorn-56115.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exeUnicorn-26599.exeUnicorn-42707.exeUnicorn-25856.exeUnicorn-37113.exeUnicorn-50989.exeUnicorn-5317.exeUnicorn-28468.exe

description	pid	process	target process
PID 2368 wrote to memory of 1244	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-26599.exe
PID 2368 wrote to memory of 1244	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-26599.exe
PID 2368 wrote to memory of 1244	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-26599.exe
PID 2368 wrote to memory of 1244	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-26599.exe
PID 1244 wrote to memory of 2996	1244	Unicorn-26599.exe	Unicorn-42707.exe
PID 1244 wrote to memory of 2996	1244	Unicorn-26599.exe	Unicorn-42707.exe
PID 1244 wrote to memory of 2996	1244	Unicorn-26599.exe	Unicorn-42707.exe
PID 1244 wrote to memory of 2996	1244	Unicorn-26599.exe	Unicorn-42707.exe
PID 2368 wrote to memory of 3040	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-25856.exe
PID 2368 wrote to memory of 3040	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-25856.exe
PID 2368 wrote to memory of 3040	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-25856.exe
PID 2368 wrote to memory of 3040	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	Unicorn-25856.exe
PID 2368 wrote to memory of 2696	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	WerFault.exe
PID 2368 wrote to memory of 2696	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	WerFault.exe
PID 2368 wrote to memory of 2696	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	WerFault.exe
PID 2368 wrote to memory of 2696	2368	b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe	WerFault.exe
PID 2996 wrote to memory of 2456	2996	Unicorn-42707.exe	Unicorn-37113.exe
PID 2996 wrote to memory of 2456	2996	Unicorn-42707.exe	Unicorn-37113.exe
PID 2996 wrote to memory of 2456	2996	Unicorn-42707.exe	Unicorn-37113.exe
PID 2996 wrote to memory of 2456	2996	Unicorn-42707.exe	Unicorn-37113.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-26599.exe	Unicorn-50989.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-26599.exe	Unicorn-50989.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-26599.exe	Unicorn-50989.exe
PID 1244 wrote to memory of 2816	1244	Unicorn-26599.exe	Unicorn-50989.exe
PID 3040 wrote to memory of 2344	3040	Unicorn-25856.exe	Unicorn-5317.exe
PID 3040 wrote to memory of 2344	3040	Unicorn-25856.exe	Unicorn-5317.exe
PID 3040 wrote to memory of 2344	3040	Unicorn-25856.exe	Unicorn-5317.exe
PID 3040 wrote to memory of 2344	3040	Unicorn-25856.exe	Unicorn-5317.exe
PID 1244 wrote to memory of 2932	1244	Unicorn-26599.exe	WerFault.exe
PID 1244 wrote to memory of 2932	1244	Unicorn-26599.exe	WerFault.exe
PID 1244 wrote to memory of 2932	1244	Unicorn-26599.exe	WerFault.exe
PID 1244 wrote to memory of 2932	1244	Unicorn-26599.exe	WerFault.exe
PID 2456 wrote to memory of 1944	2456	Unicorn-37113.exe	Unicorn-28468.exe
PID 2456 wrote to memory of 1944	2456	Unicorn-37113.exe	Unicorn-28468.exe
PID 2456 wrote to memory of 1944	2456	Unicorn-37113.exe	Unicorn-28468.exe
PID 2456 wrote to memory of 1944	2456	Unicorn-37113.exe	Unicorn-28468.exe
PID 2996 wrote to memory of 2656	2996	Unicorn-42707.exe	Unicorn-57611.exe
PID 2996 wrote to memory of 2656	2996	Unicorn-42707.exe	Unicorn-57611.exe
PID 2996 wrote to memory of 2656	2996	Unicorn-42707.exe	Unicorn-57611.exe
PID 2996 wrote to memory of 2656	2996	Unicorn-42707.exe	Unicorn-57611.exe
PID 2816 wrote to memory of 2636	2816	Unicorn-50989.exe	Unicorn-28276.exe
PID 2816 wrote to memory of 2636	2816	Unicorn-50989.exe	Unicorn-28276.exe
PID 2816 wrote to memory of 2636	2816	Unicorn-50989.exe	Unicorn-28276.exe
PID 2816 wrote to memory of 2636	2816	Unicorn-50989.exe	Unicorn-28276.exe
PID 2344 wrote to memory of 1780	2344	Unicorn-5317.exe	Unicorn-60948.exe
PID 2344 wrote to memory of 1780	2344	Unicorn-5317.exe	Unicorn-60948.exe
PID 2344 wrote to memory of 1780	2344	Unicorn-5317.exe	Unicorn-60948.exe
PID 2344 wrote to memory of 1780	2344	Unicorn-5317.exe	Unicorn-60948.exe
PID 3040 wrote to memory of 1448	3040	Unicorn-25856.exe	Unicorn-40013.exe
PID 3040 wrote to memory of 1448	3040	Unicorn-25856.exe	Unicorn-40013.exe
PID 3040 wrote to memory of 1448	3040	Unicorn-25856.exe	Unicorn-40013.exe
PID 3040 wrote to memory of 1448	3040	Unicorn-25856.exe	Unicorn-40013.exe
PID 2996 wrote to memory of 2016	2996	Unicorn-42707.exe	WerFault.exe
PID 2996 wrote to memory of 2016	2996	Unicorn-42707.exe	WerFault.exe
PID 2996 wrote to memory of 2016	2996	Unicorn-42707.exe	WerFault.exe
PID 2996 wrote to memory of 2016	2996	Unicorn-42707.exe	WerFault.exe
PID 3040 wrote to memory of 1952	3040	Unicorn-25856.exe	WerFault.exe
PID 3040 wrote to memory of 1952	3040	Unicorn-25856.exe	WerFault.exe
PID 3040 wrote to memory of 1952	3040	Unicorn-25856.exe	WerFault.exe
PID 3040 wrote to memory of 1952	3040	Unicorn-25856.exe	WerFault.exe
PID 1944 wrote to memory of 1688	1944	Unicorn-28468.exe	Unicorn-36483.exe
PID 1944 wrote to memory of 1688	1944	Unicorn-28468.exe	Unicorn-36483.exe
PID 1944 wrote to memory of 1688	1944	Unicorn-28468.exe	Unicorn-36483.exe
PID 1944 wrote to memory of 1688	1944	Unicorn-28468.exe	Unicorn-36483.exe

C:\Users\Admin\AppData\Local\Temp\b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe
"C:\Users\Admin\AppData\Local\Temp\b8d460cb5bfe2f9be495be91077e8a0fdccf56f2dc3ae7e148c053463e498f40.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29556.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54496.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
10⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50519.exe
11⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
12⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-21126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21126.exe
13⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
14⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2726.exe
15⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 236
14⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
13⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
12⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
11⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57430.exe
12⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5356 -s 220
13⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
12⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63326.exe
10⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58262.exe
11⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
12⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29054.exe
13⤵
PID:8608

C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28753.exe
14⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8608 -s 216
14⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6928 -s 216
13⤵
PID:10148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
12⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
11⤵
PID:5628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
10⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
9⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55475.exe
10⤵
PID:3804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 240
11⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 236
10⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
9⤵
- Program crash
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50967.exe
8⤵
- Executes dropped EXE
PID:1736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 220
9⤵
- Program crash
PID:1048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 240
8⤵
- Program crash
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47516.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5295.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
9⤵
PID:1600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 216
9⤵
- Program crash
PID:2172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 236
8⤵
- Program crash
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
7⤵
- Program crash
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2876.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21440.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42024.exe
9⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34898.exe
11⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17845.exe
12⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35957.exe
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
13⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
12⤵
PID:9904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4988 -s 216
11⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 216
10⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
9⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38302.exe
8⤵
PID:2828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 220
9⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
8⤵
- Program crash
PID:3996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
7⤵
- Program crash
PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 240
6⤵
- Program crash
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6405.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38544.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
9⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28677.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
11⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9080.exe
12⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12613.exe
13⤵
PID:8672

C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27041.exe
14⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8672 -s 216
14⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
13⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 216
12⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
11⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12336.exe
11⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63661.exe
12⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50301.exe
13⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
13⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
12⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 236
11⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42552.exe
9⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
10⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31836.exe
11⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56090.exe
12⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21578.exe
13⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
13⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
12⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
11⤵
PID:5532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
10⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
9⤵
- Program crash
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
8⤵
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64229.exe
9⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
11⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30304.exe
12⤵
PID:7468

C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
13⤵
PID:10892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7468 -s 216
13⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
12⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26258.exe
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17685.exe
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4497.exe
11⤵
PID:8964

C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10170.exe
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8964 -s 216
12⤵
PID:4936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6512 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 216
10⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
9⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 220
8⤵
- Program crash
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50282.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22473.exe
8⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13289.exe
11⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25489.exe
12⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22811.exe
13⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 216
13⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
12⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
11⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35708.exe
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12333.exe
11⤵
PID:8728

C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49412.exe
12⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8728 -s 216
12⤵
PID:8336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
11⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
10⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
9⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29994.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36415.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40088.exe
10⤵
PID:6860

C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15087.exe
11⤵
PID:9296

C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17989.exe
12⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6860 -s 216
11⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 236
10⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:5124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 240
8⤵
- Program crash
PID:3864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
7⤵
- Program crash
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64044.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54880.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
8⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14068.exe
9⤵
PID:3768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 220
10⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29818.exe
10⤵
PID:6748

C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34093.exe
11⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48076.exe
12⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6748 -s 216
11⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
9⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10539.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47276.exe
9⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24608.exe
10⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
11⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32552.exe
12⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 236
11⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36815.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4276.exe
8⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63503.exe
9⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
10⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18540.exe
11⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
12⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
11⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4428 -s 216
10⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 236
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43445.exe
8⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29252.exe
9⤵
PID:6700

C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33485.exe
10⤵
PID:8112

C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43552.exe
11⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8112 -s 216
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6700 -s 236
10⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 216
9⤵
PID:7552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
8⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
7⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 240
6⤵
- Program crash
PID:908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56115.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
9⤵
- Program crash
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4561.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17837.exe
9⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7373.exe
10⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
11⤵
PID:8768

C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13822.exe
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8768 -s 216
12⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
11⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 220
10⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 216
9⤵
PID:5696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
8⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36249.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51912.exe
8⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
9⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56425.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7565.exe
11⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
12⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56092.exe
13⤵
PID:11316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
13⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
12⤵
PID:10028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 236
10⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37436.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40248.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59624.exe
11⤵
PID:8816

C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7129.exe
12⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 236
12⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 236
11⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
9⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46222.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58070.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40622.exe
10⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9043.exe
11⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31062.exe
12⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
12⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
11⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 236
9⤵
PID:5896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 220
8⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30987.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-36899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36899.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15948.exe
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27670.exe
10⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38450.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
11⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6488 -s 220
11⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
10⤵
PID:8800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:5172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 216
8⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
7⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
6⤵
- Program crash
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1615.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45700.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-23443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23443.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25304.exe
8⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31215.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-214.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11553.exe
12⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 236
11⤵
PID:10684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
10⤵
PID:8776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 216
9⤵
PID:5212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 216
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4177.exe
7⤵
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58771.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59520.exe
10⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15950.exe
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 236
9⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 236
8⤵
PID:4472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
7⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3577.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7706.exe
7⤵
PID:688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 220
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
7⤵
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
6⤵
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
5⤵
- Program crash
PID:2076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43219.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:632

C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34133.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55923.exe
8⤵
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
9⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63228.exe
10⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15307.exe
11⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-942.exe
12⤵
PID:8408

C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30182.exe
13⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8408 -s 216
13⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
12⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
11⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 216
10⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 216
9⤵
PID:3212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2036 -s 236
8⤵
- Program crash
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35865.exe
7⤵
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58744.exe
8⤵
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58163.exe
9⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8013.exe
10⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45296.exe
11⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65342.exe
12⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
12⤵
PID:10340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4516 -s 216
11⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 236
10⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 236
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37913.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33172.exe
9⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 220
10⤵
PID:7748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 240
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
7⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25450.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22867.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24536.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46508.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34524.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37097.exe
11⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57987.exe
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 236
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
11⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 220
10⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
7⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22321.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64730.exe
10⤵
PID:7640

C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60272.exe
11⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7640 -s 216
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 236
8⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 240
7⤵
- Program crash
PID:4028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 632 -s 240
6⤵
- Program crash
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51501.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33749.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38819.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
8⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
9⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43715.exe
10⤵
PID:6428

C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45027.exe
11⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27762.exe
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6428 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
10⤵
PID:7676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
8⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
7⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15725.exe
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
9⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14566.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22229.exe
11⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
9⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
8⤵
PID:5260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 400 -s 240
7⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
6⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41640.exe
7⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-57395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57395.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6615.exe
9⤵
PID:6304

C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15109.exe
10⤵
PID:8736

C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61187.exe
11⤵
PID:11676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8736 -s 236
11⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6304 -s 216
10⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 236
8⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56689.exe
7⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-772.exe
8⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30711.exe
9⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34455.exe
10⤵
PID:10440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
10⤵
PID:10764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 236
9⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
8⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
7⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
6⤵
- Program crash
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
5⤵
- Program crash
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54838.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28788.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22675.exe
7⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39995.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33597.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23025.exe
10⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11456.exe
11⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64476.exe
12⤵
PID:11920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8680 -s 216
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
11⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:7944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
9⤵
PID:5856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 236
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23009.exe
7⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
8⤵
PID:552

C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8418.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47133.exe
10⤵
PID:7912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 220
11⤵
PID:10828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
10⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 552 -s 216
9⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
8⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
7⤵
- Program crash
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19145.exe
6⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24920.exe
7⤵
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46892.exe
8⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56392.exe
9⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56474.exe
10⤵
PID:7804

C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33311.exe
11⤵
PID:11156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7804 -s 216
11⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
10⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 236
9⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 216
8⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
7⤵
PID:4012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
6⤵
- Program crash
PID:476

C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46748.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
6⤵
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2711.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33799.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57878.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24945.exe
10⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
11⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28177.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8548 -s 216
12⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7144 -s 216
11⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:6164

C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
8⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10061.exe
9⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58545.exe
10⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15576.exe
11⤵
PID:2236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
11⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
10⤵
PID:10088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
9⤵
PID:8072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220
8⤵
PID:5348

C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
7⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24630.exe
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
9⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
10⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53375.exe
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
11⤵
PID:10260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 236
10⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
8⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
7⤵
- Program crash
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64527.exe
6⤵
PID:964

C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
7⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55185.exe
8⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
9⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
10⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
10⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4784 -s 216
9⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
8⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 964 -s 236
7⤵
PID:4808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
6⤵
- Program crash
PID:3884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
5⤵
- Program crash
PID:1328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62570.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21974.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
- Program crash
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38435.exe
7⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17178.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51063.exe
10⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53829.exe
12⤵
PID:12064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
12⤵
PID:960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
11⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44676.exe
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
9⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31695.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
11⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
10⤵
PID:9232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
9⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
8⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
7⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24531.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61118.exe
10⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64382.exe
11⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7808 -s 216
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
10⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
9⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
8⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
7⤵
- Program crash
PID:4004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
6⤵
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18444.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64148.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
7⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10010.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21982.exe
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 220
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
8⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22817.exe
7⤵
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 240
8⤵
PID:3792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 240
7⤵
- Program crash
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2233.exe
6⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24043.exe
7⤵
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-924.exe
8⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-12474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12474.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6697.exe
10⤵
PID:8004

C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52413.exe
11⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8004 -s 216
11⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
10⤵
PID:8988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4624 -s 236
9⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 216
8⤵
PID:5836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
7⤵
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 880 -s 240
6⤵
- Program crash
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 240
5⤵
- Program crash
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6825.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53769.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22291.exe
7⤵
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42875.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8386.exe
9⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40048.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41793.exe
11⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38321.exe
12⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
12⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 236
11⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
9⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7680.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11568.exe
9⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
10⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61009.exe
11⤵
PID:10596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
11⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
10⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
9⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 220
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55682.exe
7⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33898.exe
8⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57622.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13573.exe
10⤵
PID:8612

C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3703.exe
10⤵
PID:8292

C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14917.exe
11⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8292 -s 216
11⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 240
10⤵
PID:10096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 216
9⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
8⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 220
7⤵
- Program crash
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
6⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9351.exe
7⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15563.exe
8⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25329.exe
9⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61430.exe
10⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54386.exe
11⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 216
11⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
9⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
8⤵
PID:5352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
7⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
6⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11418.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22099.exe
6⤵
PID:1620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
7⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3601.exe
6⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
7⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14067.exe
8⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17964.exe
9⤵
PID:8436

C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63742.exe
10⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8436 -s 216
10⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 236
9⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
8⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
7⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
6⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1104 -s 240
5⤵
- Program crash
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43027.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38310.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15139.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38627.exe
7⤵
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57099.exe
8⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48812.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16684.exe
10⤵
PID:7112

C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55737.exe
11⤵
PID:8540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
12⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8540 -s 236
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7112 -s 236
11⤵
PID:9456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 216
9⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 236
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53378.exe
7⤵
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34365.exe
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
9⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60734.exe
10⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14605.exe
11⤵
PID:10660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
11⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 236
10⤵
PID:9168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
9⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 236
8⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 240
7⤵
- Program crash
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35097.exe
6⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
7⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51085.exe
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35796.exe
9⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63895.exe
10⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62179.exe
11⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
10⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4288 -s 216
9⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 216
8⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
7⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
6⤵
- Program crash
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11610.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54963.exe
6⤵
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40571.exe
7⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63311.exe
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62500.exe
9⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48135.exe
10⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57332.exe
11⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 236
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 216
10⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
8⤵
PID:5520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 236
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36849.exe
6⤵
PID:2548

C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
7⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3123.exe
8⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33335.exe
9⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18895.exe
10⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
9⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
8⤵
PID:7568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2548 -s 216
7⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
6⤵
- Program crash
PID:3564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
5⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17375.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36437.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41450.exe
6⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23659.exe
7⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47167.exe
8⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19263.exe
9⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18463.exe
10⤵
PID:8844

C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63805.exe
11⤵
PID:7660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
10⤵
PID:10264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
9⤵
PID:8652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
8⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
7⤵
PID:4148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
6⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21584.exe
5⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56715.exe
6⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11915.exe
7⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6415.exe
8⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1881.exe
9⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20125.exe
10⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
10⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 216
9⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
8⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
7⤵
PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
6⤵
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
5⤵
- Program crash
PID:708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
4⤵
- Program crash
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
2⤵
- Program crash
PID:2696

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-2036.exe
Filesize
184KB

MD5
7293d5fa56a42d37e67666ab1d2a0535

SHA1
8e83fe04f49cb0fc3c5b6a38b26adcedd9482d0a

SHA256
e449ebb471c0a09840b54f76af562a61028f445f3aa8f042187bdaf94952617e

SHA512
020d70a63a147fc8dce847c1a6bdf7232e3d55c553479350ff3914829318011bdd788a6713e260482722a5d89723df0996ccd69b79824e77b99b1292f1a210cb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28276.exe
Filesize
184KB

MD5
2211ec5812fbef06d7a9444959002454

SHA1
6161febfba50e4d28e39ac2177f43f64593a9774

SHA256
7ac973e0f194a74eeb7e4699df6343522857c96433d476e786b533a2bc829336

SHA512
6f8cc12330e60a0fb7ca21a906bd705ec45c81e026fb3861ca2febae76d542106d63902eae319a5f5d962281c75db1acb7eec1cf03606c98b8079314e10544dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28468.exe
Filesize
184KB

MD5
5ea29df74103d3cba244ec4ebfe1dfdb

SHA1
4a534128aaf408e33cb2ddaf33ffc969534d2ed2

SHA256
e1a6c6c28f6c253ad74002780794e415e4e3381d5de376b100d726b7beaa1fff

SHA512
02099a785c910d08ce15599d89b0d460e9a272a2f133a72a20303925dd7b1ac7fb13e379de7c6019604b7570d0ac70930c984d2b62a27ce885ddac3bfe84e92a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32953.exe
Filesize
184KB

MD5
b64245508eb08177c844e495486c7d54

SHA1
dcc5dd332f2b9c19927bb723935aa7b5e2634965

SHA256
be7db67e71dd0f7eedc4edc38650b1a82242f93442fc0df1757758463aa8de52

SHA512
7fd7293d0a9a3837cecf27ac34842a82b952fa06111d858365e741954937a6b44e93a98583cebe2934ef6a7be9cb56e76f4433121ba167e078e3d7cb9d653bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36483.exe
Filesize
184KB

MD5
75b2b7360935a82c08582b43046c4c3f

SHA1
027ed5a570341e78d78e9c67b0ac229b49fd7184

SHA256
fc770af378a207a5dcab7c224799fa7e4e3d87ec0d76ec0c40442b78bcf1ec15

SHA512
6d94dcf0f75fc88fd43b92c560821650d02fb45bf2fcca4dbf17d1c8f71a5d326032993b8af7ff3311df914fe8190824b1472d599fe7cb828503efda3130bc00

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39280.exe
Filesize
184KB

MD5
399de0162e930647b1886e1babd072a3

SHA1
b633054b20675e231d47a33e83500a4fded60375

SHA256
6ae4239c20c73e9d2c930f0add61658b45f04b88e8d12f96618629524eb056c8

SHA512
d4111f688c10f428528f13ff6c01382826752153010a1e2575f9de3275b51062799e6e513415968a4b38c372033c0f16581b1f1a2b1041a27f461fe5b88ed059

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39689.exe
Filesize
184KB

MD5
ddb8717902a043e0aa99ccbb6c977860

SHA1
f465e19a0f839204ac14f8d9140bb0f6be0d5284

SHA256
f832e6b468222b34a1d070988ce8b48cf45a1d0b13ea236f5685ea49d05daca5

SHA512
0a0acb73a55c8611049e269f492a0c181f54bd59277a2f8f5ec16acd05e0a067118f5835f98f03a6c65937c2ee3eaff70d23b6dde811d458310aaaa051679778

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40013.exe
Filesize
184KB

MD5
e0f48b6bb7b325bd7ec6cf9f5af1a3bd

SHA1
e6af1dcec0a7759d05c9cc774bdf07851a1b4ba5

SHA256
7f1d96641a736b1dfb65059723fa09cf25a8b7f4f73b15e263024021836d95ea

SHA512
a3983a22905c3abc08aefbf732d00ad0ddd093b4a0cddd8b5efdfdc898190c7e22e3ac8b73e9e84fb351af73f4639c9e35005c9c660d4bb2aa8c39453bfc2d10

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-47559.exe
Filesize
184KB

MD5
94648556122b4ffee640e2129aeab795

SHA1
0891990d31724feeb992d7f20e2bbbe73d1c552d

SHA256
da0de873dc34bd7e21d9595125c91222638f9a3d8653d3219546b22b14230e50

SHA512
013328ddee9eade0e6ce688b038fb4e23184f1a2248a4951f71f3f89aa07b1309ba44e0d27930c9908f359f26af0b938e167980dbdbd28648d188adaf432079f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52714.exe
Filesize
184KB

MD5
798ed221b365dbc6a411ec21263c8574

SHA1
d5bff24ede6c5189d59e7bd8903e5ea78ca15b1f

SHA256
61be95e675c84c400414fa8bd9cdbd81a40603876e863cb5347f82f1ecdcac5b

SHA512
6c383f7b201ed5310a3f840ab9c6463e257461d3513db99d89eec1aa6b869d75ca9c1a23e2bae81e1f5615ace7ee2bec31f836f31e69ceccdc12688a37eb92a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5317.exe
Filesize
184KB

MD5
a97794ae4d123ea58f97130202d9fad8

SHA1
b18b6be6977824fc3bf58d332db8f4cb9079ae77

SHA256
73c989b92e804ac34bdfdc00089beaaaeb469c0f47bd2c0a1eca8bcd4b219fb4

SHA512
225ec14b7270e07fc5967620ce37bc690f11cdc5c432e273d2a9c98b89d8bf10301dd6aff3350c38a1d46f5cd46afd80dcde66ebc48a3d98a399d535dcdb8bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56766.exe
Filesize
184KB

MD5
15f9f5aab879ddabeebc811f7eb1a3d6

SHA1
67de5b1e5d5f28702c3cccaeb2c7230f6dacadbb

SHA256
0a0f30ad2b6b0129d7633714917f83b0ae9c0f3b73022eb485cfeba14a700bc8

SHA512
d0188f1f70dd1d6211c592a9b17a4b6bb538aa4ac9b67093265f14e19f461ae89dcf6d8f442b3947883e0ed9434e0a0512e8a9da26b353cd74dadaf2d5f6004f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57611.exe
Filesize
184KB

MD5
2467a73dcf9426a2654c62a456d038bd

SHA1
915ba3f7a5ce32cd6393eed7bbed97a02b5e14ea

SHA256
47855f991f59e634a1f9f35656654309f44053021211cfc681eccdb2ec11ce2b

SHA512
8922aa80eb10ae3b0a2cd7c5c5fefbd71bf812013406d13a7b36a5d434032557a0c6f7a22f9c683a33dab5d9138be0b4554a4d4d93aebdf169ade1966697d080

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5829.exe
Filesize
184KB

MD5
2171af5be406758a48548264a0964267

SHA1
d40ff0a9b3602b3c9d8736ac8dbcd6c70d3833f6

SHA256
dc37dd81ba7b0b962c5c9a2f205ecc6c02f836be68b51c865049295bf550bdf1

SHA512
443d6246311f14173915e6fd6364587cd1918bd815e829085a82df9dab5cdcf6974933a40de3204cc0b7c8cc0220de62d16305240190f10d942899f79c499e07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6053.exe
Filesize
184KB

MD5
d198c3cb5707b5348a8ce71febd7b665

SHA1
13639c5546eb0e33812c0b57f31b84d8fed1c2c2

SHA256
f6473e24b43550c0435d9500feeefde51a65095476f69b51569a6d3f8ef94639

SHA512
99888e2cd5dddcea0c4a8d0ca6ff50c145f6fee3e337dfd9a45d6b3c08087aba981bcef558e938cd75ce627c02c1c19253666e76765201b4e17ebf4861934923

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60948.exe
Filesize
184KB

MD5
fc6994114694401e67b10eee09dae879

SHA1
8c365d68cd02e584b07f5f993a57a80c61801ce7

SHA256
ac075934f8ae92e5d06786dd33eab535299c2c863993bffaa206430ad0b443ed

SHA512
2d44e4298a3dc343b67dbb752480a99f983e9d5159dee1d4063a8ab2eda8b0774d2ee2832d3f0bdfa8bb1cc80664659a8ef25eb31c9252946b0fe88c62471d27

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6181.exe
Filesize
184KB

MD5
5293302d5a554a71acf3479307bb1e27

SHA1
c5527fad71996454f9ef139e1ea9aa11e3e0a7c3

SHA256
85e7666ccf17f932c3e22d01536d31175b9fe01b3aed9c8a7174f1ffe5934345

SHA512
5b7a74af5b5266c4ae5237692bab2f039b015ec3fa748af5ade22c325072785f141b68e75fd71ff608e7e2c756468136317f620cc695c90745e1b1772ea42b73

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
Filesize
184KB

MD5
d73350020b160be5296e76cc1edcf496

SHA1
5b38fe15dcf63a986ecf9738500ac7995598c913

SHA256
4c122ab0befc0787b217df505a4d6d1b264e1d5fa1905248f265c759577ea7ee

SHA512
5aaf19c177c370a3576e5b72bd822197cf3c942d1f53cfeb14de0799d77d3dc6d5ee518e50d4cb0bc3efce4923f8e087e1758e1bf8f6f79e9ebe3bfee7322495

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6274.exe
Filesize
184KB

MD5
04d9d393bbb8d334b161818500603ed9

SHA1
0524874978a74780812679c3448082bdce83479d

SHA256
fe55cece9d792330b45386ed06547e8c795692239fb4fea4c79423706b0b909c

SHA512
9bcf0ca33ee1e891b44821aeb5870d1888cc3f198508d67f142b37bba2f6a310f1532227180a85ac235fdee98547dce8c6048330acb0e8cdc2c48006b8e6357e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6338.exe
Filesize
184KB

MD5
2bfc04f62f7f47184d5292c468ca27d9

SHA1
5670f84e0a577bfaa0bf30ada1d37a177a93c47c

SHA256
a93f55cc4f54c8f8a7e305383489396ef9a24e525c56dd99e6150dd86b18928a

SHA512
b8cb7b5b0b94503a5c453736e0b5df0788bf5f05599d0874df366e9d7a8c272e80ba759408d96779fe5bb6530a7a6c857e06193e39ad1852d3459a6a02368e4a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6737.exe
Filesize
184KB

MD5
f6ef5a3d1395b73c4e3a3f14f8dd4c0c

SHA1
558b96ca24835ffb2f2ecac1373f4a2243fc7e63

SHA256
0dbf3b6555c67cb3bb4c87d660166af9dc1cdf93f3f64a3a2ecc816ec7b78b27

SHA512
1e60351c49eb488050657ba4171e1cd884f23a576a0dc78ddba4e2afd51e8ecd45c21b935c8204de8e451193d15e419ca6cb5be66d96bb776865bcc470617cee

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25856.exe
Filesize
184KB

MD5
c8573e8246bf2206c4f90a6779c8d42d

SHA1
8cd6f6325bb68c55daa4633d357cd22e528a8118

SHA256
56de1c7397c321f7eefebfcadd0b0575998cc69ea93969445c07aa56b4a592d6

SHA512
5bc83e64d89521bde2a3a3e4cf8d432fc5c30dfb853ef2a8c90e6900420c724376d52049caacc4acd6f295c57f859d73d079dd2794bf7aedd6949c5cd7a65f8c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26599.exe
Filesize
184KB

MD5
eadd4a6286a9ae837cb060a6dcdeeef6

SHA1
23435a8df70d45cc1260a09fbeaab382a74361c1

SHA256
9e6b7d3767f870a5b7c0f1953cf4ba2865a853b846e7b32303e16d2e17c0420c

SHA512
30d3fb233fdaf3337ea7f3c5f66a304d3a092a57791fc9bf28b26bd75aafecfd75f9bb8822ccbf620228030facd5a07faba6897727ce8358edaf4abef2a46f65

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36291.exe
Filesize
184KB

MD5
8638b98790437c8237c503c8dc3d1bd4

SHA1
ab8c2cb2a56ef66cdb39c5669a1d853e9ed8d907

SHA256
3353cf59a29301650aacac6acd2613a0ae96df9a35224c968a513ee38d12c61f

SHA512
c42f54e2ba01f31293382be836a59ba57504e84391bfe646322e5235a8bd30343bfa0f78c7a8cedf3a6ac9b66494c4aa269b444b7a04a4a8e9f711deb301f446

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-37113.exe
Filesize
184KB

MD5
031b6ff600b677908d1950ce7c520de7

SHA1
1104359673cb2d8e6437c76922d38481a48c319c

SHA256
557c2a748e32b88b7df9133a75c956fddf7b8d8aa8b47a21f996445ea0fc2860

SHA512
5d971155fb4d1d74e3a89b0ebc99092bfed1d060cbe36818dfffb9eb23eb0e6958fbd2c4be5058483550446592c6248e7f1edc5b3fc769072c9361451cf52973

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
Filesize
184KB

MD5
7c36f8b95ec4ee4c825e747b64ffb19a

SHA1
c3c0d800516f1c8d488f6c16184fdb480b952487

SHA256
b69585c4374ed26bf140cb47ef4879610e6fe1300066d38425bbe139a7ec8960

SHA512
1af9ece3120109ec2568e422efc30fc45a01f27753d1702ef953570c8d3778a0ecdc9b5b9a666e586e2d46c49e51cc3968c5236555c11c096de705a72f4b1755

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-50989.exe
Filesize
184KB

MD5
a26b84bb561aaea4dfd2954d7d25d3cb

SHA1
632b2e558746788ff484f7f530afef339ab0c26d

SHA256
2f5b9be6f00fe1c53ef3288e171a8dc85a362131573a8a881edd7877ffc36f85

SHA512
809b65d286241883276da3bb4673f013ce8cc90bf891a0837ca23a4bac6070ba11baf667ad0bfccaced3882f72e037c9a58c06560889ffe851983ea161b7dc33

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads