b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df

Analysis

max time kernel
138s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
Size

184KB
MD5

a51cfdae347c623b1549d95c79b88664
SHA1

1201264fc8f35d6843ebd9eb2f88c1acde212f78
SHA256

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df
SHA512

e7758e2f54ec6a5eeab5dc9d36b3b3d58a8182da6e06bb5e082e40f0884f22bceefa301c645ba54c333e643839f5a60bce7ded0c82566b326452543315150605
SSDEEP

3072:80uncIolMGHmdsAJejscQxPufFNPzHcsl+0MO5wmU6WhlnVOF3n:80GoHysAjcEPufDYJZhlnVOF3

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeUnicorn-20742.exeUnicorn-56944.exeUnicorn-40608.exeUnicorn-3374.exeUnicorn-52383.exeUnicorn-35532.exeUnicorn-55398.exeUnicorn-15989.exeUnicorn-31810.exeUnicorn-27211.exeUnicorn-31618.exeUnicorn-44425.exeUnicorn-47570.exeUnicorn-13828.exeUnicorn-44041.exeUnicorn-63906.exeUnicorn-59921.exeUnicorn-34902.exeUnicorn-13600.exeUnicorn-9879.exeUnicorn-24592.exeUnicorn-45889.exeUnicorn-24208.exeUnicorn-24208.exeUnicorn-56880.exeUnicorn-37014.exeUnicorn-53351.exeUnicorn-7679.exeUnicorn-4150.exeUnicorn-5339.exeUnicorn-1810.exeUnicorn-21676.exeUnicorn-33413.exeUnicorn-53279.exeUnicorn-3886.exeUnicorn-20223.exeUnicorn-33029.exeUnicorn-20031.exeUnicorn-165.exeUnicorn-52511.exeUnicorn-52511.exeUnicorn-48982.exeUnicorn-38348.exeUnicorn-8821.exeUnicorn-54815.exeUnicorn-57830.exeUnicorn-2085.exeUnicorn-21951.exeUnicorn-29403.exeUnicorn-28888.exeUnicorn-15890.exeUnicorn-9153.exeUnicorn-31650.exeUnicorn-47529.exeUnicorn-34338.exeUnicorn-47145.exeUnicorn-62412.exeUnicorn-50098.exeUnicorn-12443.exeUnicorn-16850.exeUnicorn-52044.exe

pid	process
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
2528	Unicorn-13835.exe
2504	Unicorn-20742.exe
2524	Unicorn-56944.exe
2652	Unicorn-40608.exe
2868	Unicorn-3374.exe
2680	Unicorn-52383.exe
2708	Unicorn-35532.exe
2648	Unicorn-55398.exe
764	Unicorn-15989.exe
1624	Unicorn-31810.exe
1192	Unicorn-27211.exe
2220	Unicorn-31618.exe
2108	Unicorn-44425.exe
2224	Unicorn-47570.exe
2364	Unicorn-13828.exe
788	Unicorn-44041.exe
1376	Unicorn-63906.exe
1132	Unicorn-59921.exe
3064	Unicorn-34902.exe
276	Unicorn-13600.exe
756	Unicorn-9879.exe
992	Unicorn-24592.exe
2740	Unicorn-45889.exe
696	Unicorn-24208.exe
1152	Unicorn-24208.exe
1684	Unicorn-56880.exe
2872	Unicorn-37014.exe
1040	Unicorn-53351.exe
1560	Unicorn-7679.exe
1304	Unicorn-4150.exe
2576	Unicorn-5339.exe
2536	Unicorn-1810.exe
2572	Unicorn-21676.exe
2632	Unicorn-33413.exe
2396	Unicorn-53279.exe
2500	Unicorn-3886.exe
1852	Unicorn-20223.exe
1656	Unicorn-33029.exe
2692	Unicorn-20031.exe
2864	Unicorn-165.exe
1720	Unicorn-52511.exe
1020	Unicorn-52511.exe
1552	Unicorn-48982.exe
2276	Unicorn-38348.exe
1620	Unicorn-8821.exe
1432	Unicorn-54815.exe
1328	Unicorn-57830.exe
2240	Unicorn-2085.exe
2840	Unicorn-21951.exe
2752	Unicorn-29403.exe
2976	Unicorn-28888.exe
1368	Unicorn-15890.exe
1032	Unicorn-9153.exe
872	Unicorn-31650.exe
2832	Unicorn-47529.exe
404	Unicorn-34338.exe
2824	Unicorn-47145.exe
1596	Unicorn-62412.exe
2476	Unicorn-50098.exe
2540	Unicorn-12443.exe
2624	Unicorn-16850.exe
2228	Unicorn-52044.exe

Loads dropped DLL 64 IoCs

Processes:

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exeUnicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeWerFault.exeUnicorn-20742.exeUnicorn-56944.exeUnicorn-40608.exeWerFault.exeWerFault.exeUnicorn-3374.exeUnicorn-52383.exeUnicorn-15989.exeUnicorn-55398.exeUnicorn-35532.exeWerFault.exeWerFault.exeUnicorn-31810.exeUnicorn-31618.exeUnicorn-27211.exeUnicorn-44425.exe

pid	process
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
836	Unicorn-54406.exe
836	Unicorn-54406.exe
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
2528	Unicorn-13835.exe
2528	Unicorn-13835.exe
2120	WerFault.exe
2120	WerFault.exe
2120	WerFault.exe
2504	Unicorn-20742.exe
2504	Unicorn-20742.exe
2524	Unicorn-56944.exe
2524	Unicorn-56944.exe
2528	Unicorn-13835.exe
2528	Unicorn-13835.exe
2652	Unicorn-40608.exe
2652	Unicorn-40608.exe
2660	Unicorn-34770.exe
2660	Unicorn-34770.exe
2308	WerFault.exe
2308	WerFault.exe
352	WerFault.exe
352	WerFault.exe
352	WerFault.exe
2308	WerFault.exe
2868	Unicorn-3374.exe
2868	Unicorn-3374.exe
2504	Unicorn-20742.exe
2504	Unicorn-20742.exe
2680	Unicorn-52383.exe
2680	Unicorn-52383.exe
2524	Unicorn-56944.exe
2524	Unicorn-56944.exe
764	Unicorn-15989.exe
764	Unicorn-15989.exe
2648	Unicorn-55398.exe
2648	Unicorn-55398.exe
2652	Unicorn-40608.exe
2708	Unicorn-35532.exe
2652	Unicorn-40608.exe
2708	Unicorn-35532.exe
896	WerFault.exe
896	WerFault.exe
896	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
3036	WerFault.exe
1624	Unicorn-31810.exe
1624	Unicorn-31810.exe
2868	Unicorn-3374.exe
2868	Unicorn-3374.exe
2220	Unicorn-31618.exe
2220	Unicorn-31618.exe
2680	Unicorn-52383.exe
2680	Unicorn-52383.exe
1192	Unicorn-27211.exe
1192	Unicorn-27211.exe
2108	Unicorn-44425.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2776	2468	WerFault.exe	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
2120	836	WerFault.exe	Unicorn-54406.exe
2308	2660	WerFault.exe	Unicorn-34770.exe
352	2528	WerFault.exe	Unicorn-13835.exe
896	2504	WerFault.exe	Unicorn-20742.exe
3036	2652	WerFault.exe	Unicorn-40608.exe
1700	2868	WerFault.exe	Unicorn-3374.exe
2080	2680	WerFault.exe	Unicorn-52383.exe
3028	764	WerFault.exe	Unicorn-15989.exe
2304	2648	WerFault.exe	Unicorn-55398.exe
2920	2708	WerFault.exe	Unicorn-35532.exe
1252	2632	WerFault.exe	Unicorn-33413.exe
784	1624	WerFault.exe	Unicorn-31810.exe
584	1192	WerFault.exe	Unicorn-27211.exe
1548	2108	WerFault.exe	Unicorn-44425.exe
824	788	WerFault.exe	Unicorn-44041.exe
2352	2364	WerFault.exe	Unicorn-13828.exe
1760	2224	WerFault.exe	Unicorn-47570.exe
3020	1132	WerFault.exe	Unicorn-59921.exe
884	3064	WerFault.exe	Unicorn-34902.exe
2988	276	WerFault.exe	Unicorn-13600.exe
1504	756	WerFault.exe	Unicorn-9879.exe
348	992	WerFault.exe	Unicorn-24592.exe
2008	2740	WerFault.exe	Unicorn-45889.exe
2052	696	WerFault.exe	Unicorn-24208.exe
2732	1152	WerFault.exe	Unicorn-24208.exe
1028	1040	WerFault.exe	Unicorn-53351.exe
2472	2872	WerFault.exe	Unicorn-37014.exe
1652	1560	WerFault.exe	Unicorn-7679.exe
1900	1304	WerFault.exe	Unicorn-4150.exe
804	2572	WerFault.exe	Unicorn-21676.exe
2812	2536	WerFault.exe	Unicorn-1810.exe
2552	2576	WerFault.exe	Unicorn-5339.exe
3084	2396	WerFault.exe	Unicorn-53279.exe
3108	1852	WerFault.exe	Unicorn-20223.exe
3224	1720	WerFault.exe	Unicorn-52511.exe
3268	2692	WerFault.exe	Unicorn-20031.exe
3284	1552	WerFault.exe	Unicorn-48982.exe
3316	1432	WerFault.exe	Unicorn-54815.exe
3340	1620	WerFault.exe	Unicorn-8821.exe
3332	2840	WerFault.exe	Unicorn-21951.exe
3372	1020	WerFault.exe	Unicorn-52511.exe
3392	2500	WerFault.exe	Unicorn-3886.exe
3436	1328	WerFault.exe	Unicorn-57830.exe
3484	2220	WerFault.exe	Unicorn-31618.exe
3664	2276	WerFault.exe	Unicorn-38348.exe
3984	1032	WerFault.exe	Unicorn-9153.exe
3188	2476	WerFault.exe	Unicorn-50098.exe
3748	1376	WerFault.exe	Unicorn-63906.exe
3192	2720	WerFault.exe	Unicorn-22517.exe
3556	1896	WerFault.exe	Unicorn-5796.exe
3652	2228	WerFault.exe	Unicorn-52044.exe
3712	2668	WerFault.exe	Unicorn-35323.exe
3524	844	WerFault.exe	Unicorn-34747.exe
3532	3952	WerFault.exe	Unicorn-16328.exe
3792	2752	WerFault.exe	Unicorn-29403.exe
4036	2604	WerFault.exe	Unicorn-41047.exe
3520	2380	WerFault.exe	Unicorn-44193.exe
4184	1596	WerFault.exe	Unicorn-62412.exe
4200	2424	WerFault.exe	Unicorn-40960.exe
4208	1368	WerFault.exe	Unicorn-15890.exe
4228	404	WerFault.exe	Unicorn-34338.exe
4260	2712	WerFault.exe	Unicorn-10295.exe
4364	2832	WerFault.exe	Unicorn-47529.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exeUnicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeUnicorn-20742.exeUnicorn-40608.exeUnicorn-56944.exeUnicorn-3374.exeUnicorn-52383.exeUnicorn-55398.exeUnicorn-35532.exeUnicorn-15989.exeUnicorn-31810.exeUnicorn-27211.exeUnicorn-31618.exeUnicorn-44425.exeUnicorn-47570.exeUnicorn-13828.exeUnicorn-63906.exeUnicorn-44041.exeUnicorn-34902.exeUnicorn-59921.exeUnicorn-13600.exeUnicorn-9879.exeUnicorn-24592.exeUnicorn-45889.exeUnicorn-24208.exeUnicorn-24208.exeUnicorn-37014.exeUnicorn-56880.exeUnicorn-7679.exeUnicorn-53351.exeUnicorn-4150.exeUnicorn-21676.exeUnicorn-5339.exeUnicorn-1810.exeUnicorn-33413.exeUnicorn-53279.exeUnicorn-3886.exeUnicorn-20223.exeUnicorn-33029.exeUnicorn-165.exeUnicorn-20031.exeUnicorn-52511.exeUnicorn-52511.exeUnicorn-48982.exeUnicorn-38348.exeUnicorn-8821.exeUnicorn-54815.exeUnicorn-2085.exeUnicorn-57830.exeUnicorn-21951.exeUnicorn-29403.exeUnicorn-28888.exeUnicorn-15890.exeUnicorn-9153.exeUnicorn-31650.exeUnicorn-47529.exeUnicorn-34338.exeUnicorn-47145.exeUnicorn-62412.exeUnicorn-50098.exeUnicorn-16850.exeUnicorn-12443.exe

pid	process
2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
836	Unicorn-54406.exe
2660	Unicorn-34770.exe
2528	Unicorn-13835.exe
2504	Unicorn-20742.exe
2652	Unicorn-40608.exe
2524	Unicorn-56944.exe
2868	Unicorn-3374.exe
2680	Unicorn-52383.exe
2648	Unicorn-55398.exe
2708	Unicorn-35532.exe
764	Unicorn-15989.exe
1624	Unicorn-31810.exe
1192	Unicorn-27211.exe
2220	Unicorn-31618.exe
2108	Unicorn-44425.exe
2224	Unicorn-47570.exe
2364	Unicorn-13828.exe
1376	Unicorn-63906.exe
788	Unicorn-44041.exe
3064	Unicorn-34902.exe
1132	Unicorn-59921.exe
276	Unicorn-13600.exe
756	Unicorn-9879.exe
992	Unicorn-24592.exe
2740	Unicorn-45889.exe
1152	Unicorn-24208.exe
696	Unicorn-24208.exe
2872	Unicorn-37014.exe
1684	Unicorn-56880.exe
1560	Unicorn-7679.exe
1040	Unicorn-53351.exe
1304	Unicorn-4150.exe
2572	Unicorn-21676.exe
2576	Unicorn-5339.exe
2536	Unicorn-1810.exe
2632	Unicorn-33413.exe
2396	Unicorn-53279.exe
2500	Unicorn-3886.exe
1852	Unicorn-20223.exe
1656	Unicorn-33029.exe
2864	Unicorn-165.exe
2692	Unicorn-20031.exe
1720	Unicorn-52511.exe
1020	Unicorn-52511.exe
1552	Unicorn-48982.exe
2276	Unicorn-38348.exe
1620	Unicorn-8821.exe
1432	Unicorn-54815.exe
2240	Unicorn-2085.exe
1328	Unicorn-57830.exe
2840	Unicorn-21951.exe
2752	Unicorn-29403.exe
2976	Unicorn-28888.exe
1368	Unicorn-15890.exe
1032	Unicorn-9153.exe
872	Unicorn-31650.exe
2832	Unicorn-47529.exe
404	Unicorn-34338.exe
2824	Unicorn-47145.exe
1596	Unicorn-62412.exe
2476	Unicorn-50098.exe
2624	Unicorn-16850.exe
2540	Unicorn-12443.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exeUnicorn-54406.exeUnicorn-34770.exeUnicorn-13835.exeUnicorn-20742.exeUnicorn-56944.exeUnicorn-40608.exeUnicorn-3374.exe

description	pid	process	target process
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 2468 wrote to memory of 836	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-54406.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 836 wrote to memory of 2660	836	Unicorn-54406.exe	Unicorn-34770.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2528	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	Unicorn-13835.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 2468 wrote to memory of 2776	2468	b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe	WerFault.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 836 wrote to memory of 2504	836	Unicorn-54406.exe	Unicorn-20742.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2660 wrote to memory of 2652	2660	Unicorn-34770.exe	Unicorn-40608.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 2528 wrote to memory of 2524	2528	Unicorn-13835.exe	Unicorn-56944.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 836 wrote to memory of 2120	836	Unicorn-54406.exe	WerFault.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2504 wrote to memory of 2868	2504	Unicorn-20742.exe	Unicorn-3374.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2524 wrote to memory of 2680	2524	Unicorn-56944.exe	Unicorn-52383.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2528 wrote to memory of 2708	2528	Unicorn-13835.exe	Unicorn-35532.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2652 wrote to memory of 2648	2652	Unicorn-40608.exe	Unicorn-55398.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 764	2660	Unicorn-34770.exe	Unicorn-15989.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2660 wrote to memory of 2308	2660	Unicorn-34770.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2528 wrote to memory of 352	2528	Unicorn-13835.exe	WerFault.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe
PID 2868 wrote to memory of 1624	2868	Unicorn-3374.exe	Unicorn-31810.exe

C:\Users\Admin\AppData\Local\Temp\b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe
"C:\Users\Admin\AppData\Local\Temp\b91a2f96e09a4a75f7ccc2b10a17afecd02a515a20390e148be0ad9a5e8688df.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47570.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7679.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57830.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21941.exe
9⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18301.exe
10⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
11⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59918.exe
12⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2460.exe
13⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2211.exe
14⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 204
14⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
13⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 220
12⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
11⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48316.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62928.exe
11⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-421.exe
12⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 208
13⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
12⤵
PID:9892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
11⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 240
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63780.exe
9⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16293.exe
10⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27075.exe
11⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38719.exe
12⤵
PID:8580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18761.exe
13⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8580 -s 216
13⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
12⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
11⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
10⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
9⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34747.exe
8⤵
PID:844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 844 -s 240
9⤵
- Program crash
PID:3524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
8⤵
- Program crash
PID:1652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
7⤵
- Program crash
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4150.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21951.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41356.exe
9⤵
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 240
10⤵
PID:4288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 216
9⤵
PID:4512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
8⤵
- Program crash
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51084.exe
7⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33376.exe
8⤵
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49349.exe
9⤵
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 220
10⤵
PID:6408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1804 -s 216
9⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49385.exe
8⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
9⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59497.exe
10⤵
PID:8888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 208
11⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 220
10⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
9⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 240
8⤵
PID:5688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
7⤵
- Program crash
PID:1900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
6⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44041.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50098.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24048.exe
9⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39323.exe
10⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57995.exe
11⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11043.exe
12⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
13⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
13⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
12⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
11⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
10⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35601.exe
9⤵
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
9⤵
- Program crash
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56071.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13749.exe
9⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8218.exe
10⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
11⤵
PID:7940

C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15873.exe
12⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7940 -s 216
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
11⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
10⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 216
9⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12443.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11743.exe
8⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61736.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31400.exe
10⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63726.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51392.exe
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
12⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
11⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
10⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 216
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60895.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38338.exe
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
10⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
11⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 204
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
10⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:7044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
7⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-48982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48982.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
7⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6870.exe
7⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28955.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18053.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
10⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-567.exe
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 204
11⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
9⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
8⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 240
7⤵
- Program crash
PID:3284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
6⤵
- Program crash
PID:824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13828.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24208.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52511.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10290.exe
9⤵
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18898.exe
10⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56426.exe
11⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57842.exe
12⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1016.exe
13⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
11⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 236
10⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
9⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23097.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33397.exe
9⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4321.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8194.exe
11⤵
PID:2072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 188
12⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
11⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
10⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
9⤵
PID:3144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 240
8⤵
- Program crash
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35323.exe
7⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34165.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61446.exe
10⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35335.exe
11⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1570.exe
12⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
12⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
11⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 216
9⤵
PID:4616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 216
8⤵
- Program crash
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 696 -s 240
7⤵
- Program crash
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38348.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
7⤵
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62314.exe
8⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9297.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46016.exe
10⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18870.exe
11⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55271.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5908 -s 216
11⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 236
8⤵
- Program crash
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22905.exe
7⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19474.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16525.exe
9⤵
PID:5364

C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28299.exe
10⤵
PID:9068

C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
11⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5364 -s 216
10⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:7456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
8⤵
PID:5780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
7⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 220
6⤵
- Program crash
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37014.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54815.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-643.exe
7⤵
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34445.exe
8⤵
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-33096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33096.exe
9⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5699.exe
10⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16576.exe
11⤵
PID:7896

C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14089.exe
12⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7896 -s 216
12⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 220
11⤵
PID:9552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
10⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 216
9⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46588.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
10⤵
PID:8196

C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50677.exe
11⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8196 -s 204
11⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 216
10⤵
PID:9664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
8⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
7⤵
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30792.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53364.exe
9⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47136.exe
10⤵
PID:7644

C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41147.exe
11⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7644 -s 216
11⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5708 -s 216
10⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 236
8⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
7⤵
- Program crash
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34939.exe
6⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51357.exe
7⤵
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49925.exe
8⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11869.exe
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
10⤵
PID:7916

C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38288.exe
11⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7916 -s 204
11⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
10⤵
PID:9656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
9⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
8⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13339.exe
7⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17070.exe
8⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32611.exe
9⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-773.exe
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 204
10⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
9⤵
PID:9516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
8⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
7⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 240
6⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
5⤵
- Program crash
PID:3028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5339.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
8⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14574.exe
9⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9266.exe
10⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65191.exe
11⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43404.exe
12⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4272 -s 236
11⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 236
9⤵
- Program crash
PID:4036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
8⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9153.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13632.exe
8⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25561.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58649.exe
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40130.exe
11⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8100 -s 220
12⤵
PID:11640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4960 -s 216
11⤵
PID:8884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
10⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 216
9⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 236
8⤵
- Program crash
PID:3984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 240
7⤵
- Program crash
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1810.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15890.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30161.exe
8⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38363.exe
9⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
11⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
12⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61776.exe
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 220
12⤵
PID:5672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
11⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
10⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8897.exe
8⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
9⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
10⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16096.exe
11⤵
PID:10356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 236
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4764 -s 216
10⤵
PID:8704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 216
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 240
8⤵
- Program crash
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10295.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41897.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52157.exe
9⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25963.exe
10⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36713.exe
11⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
10⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
8⤵
- Program crash
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
7⤵
- Program crash
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
6⤵
- Program crash
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34902.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29403.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44193.exe
8⤵
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17071.exe
9⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29744.exe
10⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55420.exe
11⤵
PID:7608

C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52779.exe
12⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7608 -s 216
12⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
11⤵
PID:9104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
10⤵
PID:5280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 236
9⤵
- Program crash
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29877.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46957.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36074.exe
10⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12161.exe
11⤵
PID:10244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
11⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 236
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:5584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 240
8⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57000.exe
7⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49743.exe
8⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4227.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10650.exe
10⤵
PID:6384

C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51582.exe
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6384 -s 236
11⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
10⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-32986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32986.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
9⤵
PID:6344

C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55972.exe
10⤵
PID:10276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6344 -s 216
10⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 240
8⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 240
7⤵
- Program crash
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28888.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29777.exe
7⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31208.exe
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
10⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-401.exe
11⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 204
11⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 220
10⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51434.exe
9⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48744.exe
10⤵
PID:11108

C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34097.exe
10⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 240
10⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 240
9⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
8⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
7⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14295.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63342.exe
9⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17589.exe
10⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 204
10⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53491.exe
9⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 220
9⤵
PID:10880

C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8969.exe
8⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
9⤵
PID:11156

C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44544.exe
9⤵
PID:11576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 220
9⤵
PID:11400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 220
8⤵
PID:8228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
6⤵
- Program crash
PID:884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 240
5⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1192

C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24592.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20223.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34338.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
8⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13365.exe
9⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24939.exe
10⤵
PID:5108

C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61313.exe
11⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21343.exe
12⤵
PID:11800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 220
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5108 -s 216
11⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
10⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51746.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16335.exe
9⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45397.exe
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7904 -s 208
11⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
10⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 236
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 240
8⤵
- Program crash
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 236
7⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62412.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59792.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27865.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10605.exe
9⤵
PID:5400

C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63363.exe
10⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18695.exe
11⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 204
11⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5400 -s 220
10⤵
PID:9428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
9⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36177.exe
7⤵
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33247.exe
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
9⤵
PID:7908

C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
10⤵
PID:10352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7908 -s 216
10⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
9⤵
PID:8616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3840 -s 216
8⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 220
7⤵
- Program crash
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 240
6⤵
- Program crash
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33029.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1192 -s 240
5⤵
- Program crash
PID:584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13600.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:276

C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53279.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31650.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29393.exe
9⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61243.exe
10⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34197.exe
11⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45745.exe
12⤵
PID:7488

C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32690.exe
13⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7488 -s 216
13⤵
PID:7728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
12⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24849.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3252.exe
10⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24723.exe
11⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18420.exe
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4104 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4374.exe
8⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61627.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1524.exe
10⤵
PID:5068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 220
11⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 236
9⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
8⤵
- Program crash
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47529.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40960.exe
8⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9608.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1259.exe
10⤵
PID:4724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 220
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
9⤵
- Program crash
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5887.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9147.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40898.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60169.exe
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 236
11⤵
PID:5264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
9⤵
PID:6252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2832 -s 240
8⤵
- Program crash
PID:4364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 276 -s 240
7⤵
- Program crash
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33413.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 200
7⤵
- Program crash
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
6⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9879.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3886.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22709.exe
7⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42579.exe
8⤵
PID:3068

C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12535.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62790.exe
10⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41988.exe
11⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64357.exe
12⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
11⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3068 -s 236
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11694.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54866.exe
9⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63747.exe
10⤵
PID:7960

C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17953.exe
11⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7960 -s 216
11⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
10⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 240
8⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14278.exe
7⤵
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33205.exe
8⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26945.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51552.exe
10⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65402.exe
11⤵
PID:920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 204
11⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 216
10⤵
PID:9672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 216
9⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 216
8⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 220
7⤵
- Program crash
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35515.exe
6⤵
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
6⤵
- Program crash
PID:1504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
5⤵
- Program crash
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45889.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20031.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16850.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
8⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55083.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
10⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11152.exe
11⤵
PID:8076

C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43582.exe
12⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8076 -s 216
12⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 236
11⤵
PID:9008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 236
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34833.exe
8⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-839.exe
9⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61889.exe
10⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
11⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 204
11⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
10⤵
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 216
9⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
8⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
7⤵
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27611.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36226.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16062.exe
10⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16105.exe
11⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 204
11⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 220
10⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 240
7⤵
- Program crash
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52044.exe
6⤵
- Executes dropped EXE
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59107.exe
7⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52852.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1351.exe
9⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12962.exe
10⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
10⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
8⤵
PID:5380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
7⤵
- Program crash
PID:3652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
6⤵
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-165.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22517.exe
6⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17616.exe
7⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14839.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
9⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16768.exe
10⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
11⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7212 -s 204
11⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 220
10⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 236
8⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61004.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52679.exe
8⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
9⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8816 -s 220
10⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
9⤵
PID:9404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
7⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46759.exe
6⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36578.exe
7⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60899.exe
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59466.exe
9⤵
PID:8536

C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50172.exe
10⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8536 -s 216
10⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
9⤵
PID:10104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 220
8⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 216
7⤵
PID:5620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
5⤵
- Program crash
PID:1548

C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63906.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56880.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47145.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40576.exe
7⤵
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38555.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
9⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41796.exe
10⤵
PID:7400

C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48021.exe
11⤵
PID:11216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7400 -s 216
11⤵
PID:12036

C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3584.exe
10⤵
PID:9596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 220
10⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4506.exe
9⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54198.exe
10⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11518.exe
10⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 220
10⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 220
9⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21793.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24884.exe
9⤵
PID:7656

C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22251.exe
10⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7656 -s 216
10⤵
PID:12260

C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35701.exe
9⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 220
9⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 220
8⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9089.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17669.exe
8⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32590.exe
9⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4942.exe
10⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 216
10⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
9⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4888 -s 212
9⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57402.exe
8⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20296.exe
9⤵
PID:11204

C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61757.exe
9⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 240
9⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 220
8⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2824 -s 240
7⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6734.exe
6⤵
PID:2068

C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58041.exe
7⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12136.exe
8⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
9⤵
PID:8132

C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41726.exe
10⤵
PID:11180

C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
10⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8132 -s 220
10⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1747.exe
9⤵
PID:9396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 220
9⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2861.exe
8⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26300.exe
9⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60361.exe
9⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 220
9⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 220
8⤵
PID:7364

C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
7⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-42818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42818.exe
8⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32126.exe
9⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59773.exe
9⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 212
9⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17891.exe
8⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 220
8⤵
PID:10564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2068 -s 240
7⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46733.exe
6⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41041.exe
7⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57035.exe
8⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44209.exe
9⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2914.exe
10⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13068.exe
10⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 220
10⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34549.exe
9⤵
PID:9812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 220
9⤵
PID:10808

C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27012.exe
8⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15963.exe
9⤵
PID:11044

C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32369.exe
9⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 220
9⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 240
8⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27678.exe
7⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47198.exe
8⤵
PID:8180

C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51143.exe
9⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8180 -s 216
9⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52806.exe
8⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 220
8⤵
PID:10864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 240
7⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39340.exe
6⤵
PID:4152

C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54674.exe
7⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47411.exe
8⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19904.exe
9⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
9⤵
PID:12468

C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41487.exe
8⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5332 -s 220
8⤵
PID:11028

C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46084.exe
7⤵
PID:7224

C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
8⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7224 -s 216
8⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4152 -s 220
7⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 220
6⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2085.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
6⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8300.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13589.exe
8⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57940.exe
9⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63065.exe
10⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 220
10⤵
PID:11844

C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52401.exe
9⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 220
9⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54392.exe
8⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14789.exe
9⤵
PID:10924

C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60911.exe
9⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7152 -s 220
9⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 240
8⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35337.exe
7⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44785.exe
8⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49287.exe
9⤵
PID:11172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
9⤵
PID:11956

C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2453.exe
8⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5048 -s 220
8⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 220
7⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
6⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49541.exe
7⤵
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 368
8⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
7⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
6⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
7⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
8⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
9⤵
PID:12912

C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37066.exe
8⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 212
8⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45485.exe
7⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2203.exe
8⤵
PID:11152

C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-442.exe
8⤵
PID:12168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 240
8⤵
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 220
7⤵
PID:8576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 236
6⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15810.exe
5⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18685.exe
6⤵
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17253.exe
7⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27329.exe
8⤵
PID:5236

C:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21293.exe
9⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4546.exe
10⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
10⤵
PID:13284

C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12318.exe
9⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18834.exe
8⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52587.exe
9⤵
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49098.exe
9⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 240
9⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 220
8⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25190.exe
7⤵
PID:5248

C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38636.exe
8⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52860.exe
9⤵
PID:12592

C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56169.exe
8⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5248 -s 220
8⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
7⤵
PID:7284

C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46204.exe
6⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53063.exe
7⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30115.exe
8⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41339.exe
9⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 216
9⤵
PID:12740

C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41425.exe
8⤵
PID:10176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 220
8⤵
PID:11092

C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31283.exe
7⤵
PID:7332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8575.exe
8⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7332 -s 236
8⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 220
7⤵
PID:8684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 220
6⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-822.exe
5⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-148.exe
6⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33790.exe
7⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21978.exe
8⤵
PID:8344

C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47966.exe
9⤵
PID:7716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8344 -s 204
9⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 220
8⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
7⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44023.exe
6⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26249.exe
7⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37892.exe
8⤵
PID:13040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36874.exe
7⤵
PID:5832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 212
7⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 220
6⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 240
5⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53351.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8821.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54613.exe
6⤵
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17917.exe
7⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53106.exe
8⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35733.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57203.exe
10⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20039.exe
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:9348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 216
9⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
8⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
7⤵
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 188
8⤵
- Program crash
PID:3532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 220
7⤵
PID:5748

C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
6⤵
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14948.exe
7⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
8⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33680.exe
9⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-472.exe
10⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 204
10⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
9⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
8⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 216
7⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
6⤵
- Program crash
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45931.exe
5⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33760.exe
6⤵
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3713.exe
7⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42259.exe
8⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
9⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3249.exe
10⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
10⤵
PID:1776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
9⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 216
8⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2300 -s 236
7⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16136.exe
6⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49389.exe
7⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18486.exe
8⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39127.exe
9⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 236
8⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 220
7⤵
PID:7492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
6⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1040 -s 240
5⤵
- Program crash
PID:1028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
4⤵
- Program crash
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
2⤵
- Program crash
PID:2776

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-22804.exe
Filesize
184KB

MD5
4d58c13d03e41bc50658b7daeada0452

SHA1
1c7d62608821a9f38525116b2a464a9b885ee3d4

SHA256
5ca70e068423ad2a15ffbab733f7f7eb515481289a21c5f4fb5a5e4a8bdc475f

SHA512
89de650d93c78a8d280b653eefe45ca0ac7519ea165d09fc0f17be1a348ad78b790ba946efbec29058ae6c4c66fc66b7d348c2b7cfa4d63ae3316a05e300db56

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-24559.exe
Filesize
184KB

MD5
2e379e6e80ed87969f2daeb890fad2d0

SHA1
86e4ee608e85495a59f60c3701c3e4cc450d61eb

SHA256
b8acbaf6255a524c52e44e438c594c4e2266adcb2887920aa56bbf9fc0e4b4c8

SHA512
1c65c971d6af02032bac5bdddabf8c23958b05246bb439aa52333ddcc9ceb66b5187d3091b4518f24f0af3dd52bc6eddbb1903781865b3de26417d88b9399f64

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-280.exe
Filesize
184KB

MD5
8ca9efbadf754b1884e09f3a91be1f5d

SHA1
171ae3bd71add5ac3d07591a04923849b01cb604

SHA256
c7334e0bdc81afca9885d6ac0624dd0749ed7b9daabe0ca8a62229dd31102fa5

SHA512
d0439b97e190f34839fa983ed6303815e2abd08471ed3b92df9a8e7f3cfa3ece5cff6b39a5e24779869b238a81119bd2cc77bc755e79b806981dae41995e6a44

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3374.exe
Filesize
184KB

MD5
0678ba222e2c56c8ba2dea224a86af4f

SHA1
bfd7a73758957a72e9d4c67bc4b6b31a49c983e4

SHA256
3d8a10cba1051f6a9465db8594615f3edf8e16de1929aa361f09449515f4a64d

SHA512
2eb02c7c8aae20b619ce3a5a1bb4cb6f062a0b2d7b54c0c44211fcd6f2d9f1bb5623c6c0aa8b4264b3f8692aad4c1d23e66103743daf19672a688b9127f21f66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-35532.exe
Filesize
184KB

MD5
210060d3b5a5467fd1454aa0cb604da9

SHA1
2b8ee8745c1c104d85c2ebaee511c510c3bcf509

SHA256
0d73b524cb4a602b4454da6389b01969d0bae225bdadd136472283e22e8774f5

SHA512
641e8c6de7fe6011b09ebfa1dfa7216736f16798bc979a5f22981634becd85a9a178428ab7039087e11ee7256b5ae0c47cc558c7647b939c032440f76cb113d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40143.exe
Filesize
184KB

MD5
1047bb8a3dedb9188f7ac4423aa51da7

SHA1
33e15b4e586b79944a54be6c6bc1535bf26f98a0

SHA256
6c231debc621b4b3fa2b0684eb0a88a425e36b337f1f755c7f0d4235237303d2

SHA512
9e45bca9f687d27d1d2f7fa8094d5d26f6724f79d89d06e9901681925c9d1ac8d88167961837a1e194bf29ee483969fcc6e3c26ac820839066e786d98aad3d38

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41047.exe
Filesize
184KB

MD5
663852c88f71e35c18506c8d3c1ef9d0

SHA1
7b10ca5a1f05b1c4a8aa032afc3724c1839157f3

SHA256
1f66890b465ec1065cf86c828a43c03df73327ecf9636a85c889fce8f3995064

SHA512
763f4fc493ae9a6ccb6914dfcc5ff1ccad4364d6293c1096a1d44a6e02b4fc593a6bb236c5e403d1d63c6ff12a3d16eabc1d1a25a1a7826a019c8f50b29f9333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52133.exe
Filesize
184KB

MD5
f53eb1e1e8add72ab24543557fb77da3

SHA1
c59927b04a8423d77e4876c616679d59bec06cf6

SHA256
8b1dbee8f1939d47f1987a146ab5c1a970e679d5f36bb86edafcd2fa580c17bb

SHA512
3e1c1e01f3c96a67faa6f0aab0e39dd285a843d90993fd15bdd9d13cf19f48746169d904c199e3c88b1c8efa54063175488e26d01f3fbc2057be42e820a401f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-52383.exe
Filesize
184KB

MD5
54c23cc9ddc114a748c036d8b19e46fd

SHA1
ba523b4d7dfe43262be70beb1f8dc9ff596da3f9

SHA256
3d9f3574f645a3396109122cd94e024a9932dbdb6b59667af1addf24ec68fbed

SHA512
59df5579157d29d78d8241da13c280fdb48d8a3dca6d3b61a7fa97f0c625b7e331bbf08f0b2b2d591e307f39e6cf4a6c51fd6475edaf8764400955e0bbdc7bdd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-56544.exe
Filesize
184KB

MD5
9ec71ad34c2b4cd41952612d34b44135

SHA1
179c9c88c2298bde147e6fddbca6207d4ca3516e

SHA256
02296d071106dd8e4e02fb3c0a8161fac4c27b4227ba9cd90a15a67f4a40dca9

SHA512
e92215410f0eee9a9883e28c78ef55e288511d1799a3a878781f9aef39b3b61d9f7a1654b0b43725a31bbbb13a96e25c19e991b494dbe5704cddada3ef70e5c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5796.exe
Filesize
184KB

MD5
715deab2a802ad9d4a46111bfa9251bb

SHA1
f98bf8a0bfef81e4bb4efe43a512693d8bdb393b

SHA256
0a3cf28e94e9cd4c7f567798f299798207930a494a78ab646c490f260ec35bfd

SHA512
cab6d072aedcfbc2e055aefd773f2ac0f85c6eb67415338545e6ddab9f917101f00d1ac84969064d5a29ecada3c56fcb497afe40a3da0638f84530deef076388

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6659.exe
Filesize
184KB

MD5
21150e33b959c5d50d9f5c0f3f917c0f

SHA1
4eebd7bcf34916cb6334dd3f46178324737dd656

SHA256
847d71f3fd33bbe6ecd3b20c2dbee7e87ba8ab78319ecb4d6cd4417898fae2c3

SHA512
7d5832bab39b060c35070990fe5727cbf4a12e398ff79f040dadccc44437a46339f040c3df5a54ff7799a93a8dd1cd60ee54e96e06f36586b252396a251eee4e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13835.exe
Filesize
184KB

MD5
9c7ace3192c65037fb84b53e3c973d59

SHA1
c18862dd7abaa16b603b0a6821e3c7b8dc640cfd

SHA256
d33ad9860c3b375424dcc4e60d9bb0edbd507d80ddce9e02feff5f9d61da47d0

SHA512
c0b0b6a7d1dc748e2a64f949ec3c026700c80996db0e1b10612f48d8d398ec92c53dbdfd9d2ded2409a3a9e4cdd9b7b0ff6c96eda8118738059a24a3e953071a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15989.exe
Filesize
184KB

MD5
79d3c239b92a723780ca57c5dab1dd1e

SHA1
e16c1e8a25f21e2cc09ed27d6b847b012a9a1b50

SHA256
a6442af7dcf7f1606b54df247f42fe5293ee8e4a6055ede624e9dd19f11f710c

SHA512
486bca409b18651522f6e098588a41606a0a28ab83e78e7edc58df1a3d9d021daae77458d4c4efe759a7556e80113f5837c1523d4a2f81c1a81f0aa4fbe83001

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-20742.exe
Filesize
184KB

MD5
d4d262de9b6326fc34b82a6849c3df2b

SHA1
a574477212a25aea8881083feb910db1f69572d7

SHA256
6af6eb0c474104ad1b428b015d6bac002298bfb235bf718e214f082b8031e973

SHA512
924296356916e19e9b275465633ea40ae6a47f07002422df14eda957b23738ad2b92ff760bd1d32a5823a0368d5a6f6bb5eaa462eb1e5bbcd2d3adaf9c086b7e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27211.exe
Filesize
184KB

MD5
f4d8553ba6f27feeb03a62b7c0442b41

SHA1
e4455ec6c37a7a23645873d9e6f94f1ee505ff48

SHA256
c5a6861bda9c1c903b44936cfa6bc44d2c5296b68fc8da3841528c45ff5370cb

SHA512
6b135f7fde8c3e1c28f7b3c58f7e48a6e6b4d9a1c2f85e4c4388be5bf53bcb631574f38586128412efe509420ab48f57eaeba4cfec513093bee2be92b38cb77d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31618.exe
Filesize
184KB

MD5
8a33e19e7d6131e69014078da3095890

SHA1
307c12deea39138137abbcad0277f5408a562c5e

SHA256
788f66320fe8812c7f17ac68bae9447c7b2fec0755ed92e3950e3d50d3f1663a

SHA512
95685022d72921729ad7868a82547a2be58004b5ef12f9be1969dc390ec1317f94436ff24c1aede97c7963cbf4d4be75bde924d1aee5b1a4bb2133425ca9e674

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31810.exe
Filesize
184KB

MD5
7ac5ea41a93601fdf35f529de0beb63a

SHA1
e0f0757cc6bad4e90995a66ae266ea2bd444ff56

SHA256
e0b810c9a58ff3f48e2bc990078e69fec55ffc10bd49b4567e482dd46073417e

SHA512
b75aa0828600bbce28f3e63517979afb1d1a6d000899fe90234e76feda99a02cf4dc533c63a72e472cadfee110727f4725170d02ac6770c5c731fa3b6ff3194d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34770.exe
Filesize
184KB

MD5
217d9ac6ad59a2dbbc7d952b9b7b2fd2

SHA1
3778e215e45e2ca8961f35afb07abe4b6a76541e

SHA256
78b01b3fd75fca63459c9af4cb9f08e65f27a26e81e35b44e61ed9d582615dc2

SHA512
7a393f30a99848dba376bbb535ebeb9a0e466030c76c9258f2f2d20de5df58a6b00b7919ae15eeec5cce818a33518067b5c1e39772d6e40b468e3390f2a7fbe1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40608.exe
Filesize
184KB

MD5
3774148960f250fd61c1fb49ab8ffd0b

SHA1
063faa7fe54b5db1c8cfd6d23e92c72fe198c61b

SHA256
5f0822b92e9ada6d0bb73920c630a5763fe188d2450041196a7359b46c97a013

SHA512
28e4b980beab575dbb1b51fa117a6712cdc6ca4d3986478f515c87828e5bde35f212a433adfc115d6bed97ba61866d0140b86b9518feccd94e2c8ed7e1524b24

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44425.exe
Filesize
184KB

MD5
2e7dcf77e04eb4f80d7849470f993fe3

SHA1
305578b8e9205348b2485c58432063bb7f880637

SHA256
4f7d8d980635e5efc8092163d14b6d849ab181107f5ac00331a6a0e674118bd7

SHA512
b5157d1293113cd6763fbffb60fe37397b9aee011c118c98fd447470041fbb24be7aca4b5c095aac06020403bfaa58e5070e5526d5b190fb0259f2a2896ab317

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54406.exe
Filesize
184KB

MD5
440405bf899f416fa23ecd158e2f646b

SHA1
fd73cb77eb46a0df733e8b97f9539d22b75318aa

SHA256
ed50526af739c4382b7dfaef34bfe787dcf0ed14dbde083499cdf19bfc40bdf9

SHA512
119cbb51d374ce9d9fc2068821b6338945dc2a164abdb0cc8b19318e988757fee2e303bd8ab0f5a488c93e0b6baa2a9e61d57b1449759c615c43c024e48b26b6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55398.exe
Filesize
184KB

MD5
dde5ed4bd5ffb64ecd0d9d6c402a6eb7

SHA1
5609c2f3003b4db306a7e70b454c8dd0536be591

SHA256
32f59bcac827af1f861c1f8b302f498e0388dad8a1882ac9e1ae3b95c570cd4b

SHA512
69ebd3c214cc3e59546392be19793f5c20a1f171b6519f1ae36d2255124497b2bf872a5619053b827d0fd91e2d091575ebe613d0153c548f71bfb4983ae1608a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-56944.exe
Filesize
184KB

MD5
b9805777fd1fa6486ed85d072353b51e

SHA1
e4cb445d74c8c77c8852ba230af688c48b19dd85

SHA256
9ee7a64ffa44787b18ba694595e1a41f878a960c9ec293a54f8dd8b962ace8f3

SHA512
addf6070bcfca4fdd2c2d9980fceccfb2749afcee44eab0d922e0e63eb6f5c7dff756670bbaa21c1d75f7796a682c4b820cc210738a154f0faaab9d63f9c59df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads