ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
Size

184KB
MD5

61cfed2036999083eb511815d52aab5e
SHA1

aef7675492165985e2fcf829ba3fd149c6daffde
SHA256

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3
SHA512

e36a2772d7c968448331f28ca25a1be7a42f223d01daf0a0a8d5f59f8b21e3f647c054f915a3c9c6ee1ebbf6dfd189069e43928c1c89cec5eeddeec576690806
SSDEEP

3072:qoa3HxoT7xGMjGQWeAwLRWsahlnViF7n3:qosow2GQ/LUsahlnViF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-64631.exeUnicorn-36728.exeUnicorn-33198.exeUnicorn-31194.exeUnicorn-10259.exeUnicorn-28807.exeUnicorn-28292.exeUnicorn-15293.exeUnicorn-1879.exeUnicorn-14686.exeUnicorn-16955.exeUnicorn-30830.exeUnicorn-426.exeUnicorn-31117.exeUnicorn-11251.exeUnicorn-31117.exeUnicorn-47261.exeUnicorn-43731.exeUnicorn-30733.exeUnicorn-47069.exeUnicorn-43539.exeUnicorn-64609.exeUnicorn-12948.exeUnicorn-49150.exeUnicorn-65294.exeUnicorn-45237.exeUnicorn-48574.exeUnicorn-32046.exeUnicorn-28516.exeUnicorn-48382.exeUnicorn-64718.exeUnicorn-44853.exeUnicorn-61189.exeUnicorn-45175.exeUnicorn-50907.exeUnicorn-18043.exeUnicorn-63714.exeUnicorn-1514.exeUnicorn-63522.exeUnicorn-30657.exeUnicorn-17659.exeUnicorn-33995.exeUnicorn-13937.exeUnicorn-37368.exeUnicorn-36299.exeUnicorn-32769.exeUnicorn-20840.exeUnicorn-974.exeUnicorn-19771.exeUnicorn-33646.exeUnicorn-53512.exeUnicorn-49983.exeUnicorn-2526.exeUnicorn-32546.exeUnicorn-22428.exeUnicorn-55100.exeUnicorn-2370.exeUnicorn-10860.exeUnicorn-22044.exeUnicorn-59869.exeUnicorn-7139.exeUnicorn-18322.exeUnicorn-56148.exeUnicorn-59293.exe

pid	process
2240	Unicorn-64631.exe
2560	Unicorn-36728.exe
2636	Unicorn-33198.exe
2584	Unicorn-31194.exe
1564	Unicorn-10259.exe
2140	Unicorn-28807.exe
2396	Unicorn-28292.exe
2708	Unicorn-15293.exe
1560	Unicorn-1879.exe
1604	Unicorn-14686.exe
1148	Unicorn-16955.exe
2028	Unicorn-30830.exe
2644	Unicorn-426.exe
776	Unicorn-31117.exe
692	Unicorn-11251.exe
752	Unicorn-31117.exe
2712	Unicorn-47261.exe
1752	Unicorn-43731.exe
2184	Unicorn-30733.exe
2284	Unicorn-47069.exe
688	Unicorn-43539.exe
756	Unicorn-64609.exe
760	Unicorn-12948.exe
872	Unicorn-49150.exe
3040	Unicorn-65294.exe
2320	Unicorn-45237.exe
288	Unicorn-48574.exe
1316	Unicorn-32046.exe
2180	Unicorn-28516.exe
1732	Unicorn-48382.exe
1532	Unicorn-64718.exe
2956	Unicorn-44853.exe
2368	Unicorn-61189.exe
2168	Unicorn-45175.exe
2592	Unicorn-50907.exe
3064	Unicorn-18043.exe
2176	Unicorn-63714.exe
1452	Unicorn-1514.exe
1556	Unicorn-63522.exe
1860	Unicorn-30657.exe
292	Unicorn-17659.exe
1624	Unicorn-33995.exe
2148	Unicorn-13937.exe
1240	Unicorn-37368.exe
2980	Unicorn-36299.exe
1236	Unicorn-32769.exe
2460	Unicorn-20840.exe
2768	Unicorn-974.exe
1412	Unicorn-19771.exe
948	Unicorn-33646.exe
544	Unicorn-53512.exe
2008	Unicorn-49983.exe
3016	Unicorn-2526.exe
1856	Unicorn-32546.exe
2968	Unicorn-22428.exe
2948	Unicorn-55100.exe
2996	Unicorn-2370.exe
2976	Unicorn-10860.exe
2524	Unicorn-22044.exe
3020	Unicorn-59869.exe
2464	Unicorn-7139.exe
2924	Unicorn-18322.exe
1212	Unicorn-56148.exe
548	Unicorn-59293.exe

Loads dropped DLL 64 IoCs

Processes:

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exeUnicorn-64631.exeWerFault.exeUnicorn-36728.exeWerFault.exeUnicorn-31194.exeUnicorn-10259.exeWerFault.exeUnicorn-28807.exeUnicorn-15293.exeUnicorn-28292.exeWerFault.exeWerFault.exeUnicorn-14686.exeUnicorn-1879.exeUnicorn-426.exeUnicorn-30830.exe

pid	process
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2240	Unicorn-64631.exe
2240	Unicorn-64631.exe
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2448	WerFault.exe
2560	Unicorn-36728.exe
2560	Unicorn-36728.exe
2240	Unicorn-64631.exe
2240	Unicorn-64631.exe
2448	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
1640	WerFault.exe
2584	Unicorn-31194.exe
2584	Unicorn-31194.exe
2560	Unicorn-36728.exe
2560	Unicorn-36728.exe
1564	Unicorn-10259.exe
1564	Unicorn-10259.exe
1008	WerFault.exe
1008	WerFault.exe
1008	WerFault.exe
1008	WerFault.exe
1008	WerFault.exe
2140	Unicorn-28807.exe
2140	Unicorn-28807.exe
2584	Unicorn-31194.exe
2584	Unicorn-31194.exe
2708	Unicorn-15293.exe
2708	Unicorn-15293.exe
1564	Unicorn-10259.exe
1564	Unicorn-10259.exe
2396	Unicorn-28292.exe
2396	Unicorn-28292.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1844	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
1740	WerFault.exe
2140	Unicorn-28807.exe
1604	Unicorn-14686.exe
1604	Unicorn-14686.exe
1560	Unicorn-1879.exe
2140	Unicorn-28807.exe
1560	Unicorn-1879.exe
2644	Unicorn-426.exe
2644	Unicorn-426.exe
2396	Unicorn-28292.exe
2396	Unicorn-28292.exe
2028	Unicorn-30830.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2696	2004	WerFault.exe	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2448	2636	WerFault.exe	Unicorn-33198.exe
1640	2240	WerFault.exe	Unicorn-64631.exe
1008	2560	WerFault.exe	Unicorn-36728.exe
1844	2584	WerFault.exe	Unicorn-31194.exe
1740	1564	WerFault.exe	Unicorn-10259.exe
1536	2140	WerFault.exe	Unicorn-28807.exe
1468	2708	WerFault.exe	Unicorn-15293.exe
1304	2396	WerFault.exe	Unicorn-28292.exe
2572	1560	WerFault.exe	Unicorn-1879.exe
2588	2644	WerFault.exe	Unicorn-426.exe
2424	2028	WerFault.exe	Unicorn-30830.exe
2684	1148	WerFault.exe	Unicorn-16955.exe
1364	3040	WerFault.exe	Unicorn-65294.exe
1848	752	WerFault.exe	Unicorn-31117.exe
2068	692	WerFault.exe	Unicorn-11251.exe
900	776	WerFault.exe	Unicorn-31117.exe
604	1752	WerFault.exe	Unicorn-43731.exe
560	2712	WerFault.exe	Unicorn-47261.exe
1668	2184	WerFault.exe	Unicorn-30733.exe
3036	688	WerFault.exe	Unicorn-43539.exe
2960	760	WerFault.exe	Unicorn-12948.exe
2512	756	WerFault.exe	Unicorn-64609.exe
2624	872	WerFault.exe	Unicorn-49150.exe
2576	2320	WerFault.exe	Unicorn-45237.exe
1524	288	WerFault.exe	Unicorn-48574.exe
1124	2180	WerFault.exe	Unicorn-28516.exe
2408	1316	WerFault.exe	Unicorn-32046.exe
2600	1732	WerFault.exe	Unicorn-48382.exe
1580	2368	WerFault.exe	Unicorn-61189.exe
2300	2168	WerFault.exe	Unicorn-45175.exe
2304	2956	WerFault.exe	Unicorn-44853.exe
2648	2592	WerFault.exe	Unicorn-50907.exe
1528	2176	WerFault.exe	Unicorn-63714.exe
3100	3064	WerFault.exe	Unicorn-18043.exe
3152	1860	WerFault.exe	Unicorn-30657.exe
3160	1452	WerFault.exe	Unicorn-1514.exe
3168	1624	WerFault.exe	Unicorn-33995.exe
3248	1556	WerFault.exe	Unicorn-63522.exe
3308	292	WerFault.exe	Unicorn-17659.exe
3300	2148	WerFault.exe	Unicorn-13937.exe
3380	1240	WerFault.exe	Unicorn-37368.exe
3424	2008	WerFault.exe	Unicorn-49983.exe
3416	2768	WerFault.exe	Unicorn-974.exe
3456	1412	WerFault.exe	Unicorn-19771.exe
3464	2460	WerFault.exe	Unicorn-20840.exe
3520	1236	WerFault.exe	Unicorn-32769.exe
3528	544	WerFault.exe	Unicorn-53512.exe
3536	948	WerFault.exe	Unicorn-33646.exe
3564	2980	WerFault.exe	Unicorn-36299.exe
3952	3572	WerFault.exe	Unicorn-16849.exe
3916	2204	WerFault.exe	Unicorn-518.exe
3824	2232	WerFault.exe	Unicorn-62116.exe
3864	2928	WerFault.exe	Unicorn-17130.exe
4092	2092	WerFault.exe	Unicorn-65453.exe
3196	2808	WerFault.exe	Unicorn-46657.exe
3712	3016	WerFault.exe	Unicorn-2526.exe
3688	788	WerFault.exe	Unicorn-62801.exe
3348	2968	WerFault.exe	Unicorn-22428.exe
3108	356	WerFault.exe	Unicorn-58904.exe
4168	2872	WerFault.exe	Unicorn-31681.exe
4176	2996	WerFault.exe	Unicorn-2370.exe
4220	336	WerFault.exe	Unicorn-61701.exe
4228	2336	WerFault.exe	Unicorn-39043.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exeUnicorn-64631.exeUnicorn-36728.exeUnicorn-33198.exeUnicorn-31194.exeUnicorn-10259.exeUnicorn-28807.exeUnicorn-15293.exeUnicorn-28292.exeUnicorn-1879.exeUnicorn-14686.exeUnicorn-426.exeUnicorn-16955.exeUnicorn-30830.exeUnicorn-31117.exeUnicorn-11251.exeUnicorn-31117.exeUnicorn-43731.exeUnicorn-47261.exeUnicorn-30733.exeUnicorn-47069.exeUnicorn-43539.exeUnicorn-64609.exeUnicorn-12948.exeUnicorn-49150.exeUnicorn-65294.exeUnicorn-45237.exeUnicorn-48574.exeUnicorn-32046.exeUnicorn-28516.exeUnicorn-48382.exeUnicorn-64718.exeUnicorn-45175.exeUnicorn-61189.exeUnicorn-44853.exeUnicorn-50907.exeUnicorn-18043.exeUnicorn-63714.exeUnicorn-1514.exeUnicorn-63522.exeUnicorn-30657.exeUnicorn-33995.exeUnicorn-17659.exeUnicorn-13937.exeUnicorn-37368.exeUnicorn-32769.exeUnicorn-20840.exeUnicorn-36299.exeUnicorn-33646.exeUnicorn-974.exeUnicorn-53512.exeUnicorn-19771.exeUnicorn-49983.exeUnicorn-2526.exeUnicorn-32546.exeUnicorn-22428.exeUnicorn-55100.exeUnicorn-2370.exeUnicorn-10860.exeUnicorn-22044.exeUnicorn-59869.exeUnicorn-7139.exeUnicorn-18322.exeUnicorn-56148.exe

pid	process
2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
2240	Unicorn-64631.exe
2560	Unicorn-36728.exe
2636	Unicorn-33198.exe
2584	Unicorn-31194.exe
1564	Unicorn-10259.exe
2140	Unicorn-28807.exe
2708	Unicorn-15293.exe
2396	Unicorn-28292.exe
1560	Unicorn-1879.exe
1604	Unicorn-14686.exe
2644	Unicorn-426.exe
1148	Unicorn-16955.exe
2028	Unicorn-30830.exe
776	Unicorn-31117.exe
692	Unicorn-11251.exe
752	Unicorn-31117.exe
1752	Unicorn-43731.exe
2712	Unicorn-47261.exe
2184	Unicorn-30733.exe
2284	Unicorn-47069.exe
688	Unicorn-43539.exe
756	Unicorn-64609.exe
760	Unicorn-12948.exe
872	Unicorn-49150.exe
3040	Unicorn-65294.exe
2320	Unicorn-45237.exe
288	Unicorn-48574.exe
1316	Unicorn-32046.exe
2180	Unicorn-28516.exe
1732	Unicorn-48382.exe
1532	Unicorn-64718.exe
2168	Unicorn-45175.exe
2368	Unicorn-61189.exe
2956	Unicorn-44853.exe
2592	Unicorn-50907.exe
3064	Unicorn-18043.exe
2176	Unicorn-63714.exe
1452	Unicorn-1514.exe
1556	Unicorn-63522.exe
1860	Unicorn-30657.exe
1624	Unicorn-33995.exe
292	Unicorn-17659.exe
2148	Unicorn-13937.exe
1240	Unicorn-37368.exe
1236	Unicorn-32769.exe
2460	Unicorn-20840.exe
2980	Unicorn-36299.exe
948	Unicorn-33646.exe
2768	Unicorn-974.exe
544	Unicorn-53512.exe
1412	Unicorn-19771.exe
2008	Unicorn-49983.exe
3016	Unicorn-2526.exe
1856	Unicorn-32546.exe
2968	Unicorn-22428.exe
2948	Unicorn-55100.exe
2996	Unicorn-2370.exe
2976	Unicorn-10860.exe
2524	Unicorn-22044.exe
3020	Unicorn-59869.exe
2464	Unicorn-7139.exe
2924	Unicorn-18322.exe
1212	Unicorn-56148.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exeUnicorn-64631.exeUnicorn-33198.exeUnicorn-36728.exeUnicorn-31194.exeUnicorn-10259.exeUnicorn-28807.exeUnicorn-15293.exe

description	pid	process	target process
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2004 wrote to memory of 2240	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-64631.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2240 wrote to memory of 2560	2240	Unicorn-64631.exe	Unicorn-36728.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2636	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	Unicorn-33198.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2004 wrote to memory of 2696	2004	ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2636 wrote to memory of 2448	2636	Unicorn-33198.exe	WerFault.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2560 wrote to memory of 2584	2560	Unicorn-36728.exe	Unicorn-31194.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1564	2240	Unicorn-64631.exe	Unicorn-10259.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2240 wrote to memory of 1640	2240	Unicorn-64631.exe	WerFault.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2584 wrote to memory of 2140	2584	Unicorn-31194.exe	Unicorn-28807.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 2560 wrote to memory of 2396	2560	Unicorn-36728.exe	Unicorn-28292.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 1564 wrote to memory of 2708	1564	Unicorn-10259.exe	Unicorn-15293.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2560 wrote to memory of 1008	2560	Unicorn-36728.exe	WerFault.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2140 wrote to memory of 1560	2140	Unicorn-28807.exe	Unicorn-1879.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2584 wrote to memory of 1604	2584	Unicorn-31194.exe	Unicorn-14686.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 2708 wrote to memory of 1148	2708	Unicorn-15293.exe	Unicorn-16955.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe
PID 1564 wrote to memory of 2028	1564	Unicorn-10259.exe	Unicorn-30830.exe

C:\Users\Admin\AppData\Local\Temp\ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe
"C:\Users\Admin\AppData\Local\Temp\ba712247d3a22a45e36b1455177b87697c36942b5138c9b5fa47691f682c5ae3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:752

C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64609.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18043.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55100.exe
10⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
11⤵
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
12⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40569.exe
13⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-686.exe
14⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6608 -s 220
15⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 236
14⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
13⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 236
12⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8847.exe
11⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25909.exe
12⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24662.exe
13⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
14⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31241.exe
15⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
15⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 216
14⤵
PID:10676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 236
13⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 236
12⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 220
11⤵
PID:4784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47861.exe
10⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
11⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23901.exe
12⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31108.exe
13⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22355.exe
14⤵
PID:12244

C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24220.exe
15⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
14⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5784 -s 216
13⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
12⤵
PID:6968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
11⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
10⤵
- Program crash
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2370.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-897.exe
10⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14647.exe
11⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25430.exe
12⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48584.exe
13⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
14⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
14⤵
PID:13260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
13⤵
PID:10624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
12⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
11⤵
PID:5424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
10⤵
- Program crash
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
9⤵
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22428.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16030.exe
10⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4234.exe
11⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42629.exe
12⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
13⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17576.exe
14⤵
PID:10396

C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22727.exe
15⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10396 -s 216
15⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
14⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
13⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
12⤵
PID:6656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 236
11⤵
PID:4700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17726.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26433.exe
11⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
12⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
13⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
14⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
14⤵
PID:3628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
13⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
12⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
11⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
10⤵
- Program crash
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28836.exe
9⤵
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36139.exe
10⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
11⤵
PID:5724

C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24273.exe
12⤵
PID:7744

C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28209.exe
13⤵
PID:10288

C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62586.exe
14⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10288 -s 216
14⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7744 -s 216
13⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5724 -s 216
12⤵
PID:8876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 216
11⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 236
10⤵
PID:5112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
9⤵
- Program crash
PID:1528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 752 -s 240
8⤵
- Program crash
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12948.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2526.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13424.exe
10⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44649.exe
10⤵
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36334.exe
11⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
12⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64920.exe
13⤵
PID:9796

C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44745.exe
14⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9796 -s 216
14⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
13⤵
PID:10632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 236
12⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 236
11⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
10⤵
- Program crash
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58904.exe
9⤵
PID:356

C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50866.exe
10⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31207.exe
11⤵
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57910.exe
12⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14759.exe
13⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36255.exe
14⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 236
14⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
13⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4312 -s 236
12⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 236
11⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 356 -s 236
10⤵
- Program crash
PID:3108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
9⤵
- Program crash
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32546.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31681.exe
9⤵
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63227.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59297.exe
11⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58185.exe
12⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36571.exe
13⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
14⤵
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
14⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
13⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
12⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
11⤵
PID:5912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2872 -s 236
10⤵
- Program crash
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46377.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40709.exe
10⤵
PID:5328

C:\Users\Admin\AppData\Local\Temp\Unicorn-57661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57661.exe
11⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10644.exe
12⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54812.exe
13⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 236
13⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
12⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5328 -s 216
11⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
10⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 240
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
8⤵
- Program crash
PID:2960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 240
7⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11251.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49150.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1514.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22044.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51198.exe
10⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7031.exe
11⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28156.exe
12⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
13⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41546.exe
14⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
15⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
15⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
14⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
13⤵
PID:8964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
12⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
11⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19646.exe
10⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41669.exe
11⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39618.exe
12⤵
PID:7240

C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4846.exe
13⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5674.exe
14⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
14⤵
PID:8332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7240 -s 216
13⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
12⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 216
11⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
10⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
9⤵
PID:988

C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63990.exe
10⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64123.exe
11⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45492.exe
12⤵
PID:7276

C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55930.exe
13⤵
PID:10228

C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47734.exe
14⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10228 -s 216
14⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7276 -s 216
13⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 216
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
11⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 988 -s 236
10⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 240
9⤵
- Program crash
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7139.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16849.exe
9⤵
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 188
10⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 216
9⤵
PID:5776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
8⤵
- Program crash
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63522.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59293.exe
8⤵
- Executes dropped EXE
PID:548

C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-518.exe
9⤵
PID:2204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 240
10⤵
- Program crash
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50861.exe
9⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22090.exe
10⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49836.exe
11⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2947.exe
12⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14101.exe
13⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 236
12⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 548 -s 240
9⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
8⤵
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1123.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11812.exe
10⤵
PID:6436

C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25009.exe
11⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
12⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 236
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6436 -s 216
11⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
10⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1372 -s 216
9⤵
PID:6056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
8⤵
- Program crash
PID:3248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
7⤵
- Program crash
PID:2068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
6⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31117.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:776

C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65294.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 240
8⤵
- Program crash
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30657.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10860.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14742.exe
9⤵
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
10⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
11⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19188.exe
11⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
12⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50126.exe
13⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 236
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
12⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 220
11⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 236
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12412.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-698.exe
10⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
11⤵
PID:7020

C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
13⤵
PID:12268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7020 -s 220
12⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 236
11⤵
PID:7284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 220
9⤵
PID:4412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
8⤵
- Program crash
PID:3152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 776 -s 240
7⤵
- Program crash
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17659.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61701.exe
8⤵
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53736.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
10⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62404.exe
11⤵
PID:7228

C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15796.exe
12⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7228 -s 216
12⤵
PID:9724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
11⤵
PID:8504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 336 -s 236
9⤵
- Program crash
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 216
8⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39043.exe
7⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20062.exe
8⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21334.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61316.exe
10⤵
PID:5936

C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63479.exe
11⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8376 -s 188
12⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5936 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 236
9⤵
PID:5132

C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33948.exe
8⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17215.exe
10⤵
PID:6572

C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60177.exe
11⤵
PID:9680

C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33266.exe
12⤵
PID:12260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 236
12⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6572 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 236
10⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 216
9⤵
PID:5816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
8⤵
- Program crash
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
7⤵
- Program crash
PID:2576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47261.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48382.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19771.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
9⤵
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
10⤵
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64758.exe
11⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28348.exe
12⤵
PID:5676

C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51787.exe
13⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
14⤵
PID:10780

C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40760.exe
15⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10780 -s 236
15⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
14⤵
PID:11596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5676 -s 216
13⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 216
12⤵
PID:6900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 216
11⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43824.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47403.exe
11⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
12⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50772.exe
13⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11740.exe
14⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
14⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
13⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 216
12⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
11⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
10⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
9⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4805.exe
10⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15498.exe
11⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40417.exe
12⤵
PID:7792

C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60305.exe
13⤵
PID:10316

C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45726.exe
14⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10316 -s 216
14⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7792 -s 216
13⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
12⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
11⤵
PID:5808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 216
10⤵
PID:4796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 240
9⤵
- Program crash
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
8⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16087.exe
9⤵
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15750.exe
10⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
11⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60489.exe
12⤵
PID:6980

C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46555.exe
13⤵
PID:9904

C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
14⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9904 -s 216
14⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6980 -s 216
13⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
12⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
11⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 236
10⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44893.exe
9⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9095.exe
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2933.exe
11⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31672.exe
12⤵
PID:9864

C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44553.exe
13⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9864 -s 216
13⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
12⤵
PID:10668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5716 -s 236
11⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
9⤵
PID:5980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
8⤵
- Program crash
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33646.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:948

C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
8⤵
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16471.exe
9⤵
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17551.exe
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59157.exe
11⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25425.exe
12⤵
PID:7592

C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60030.exe
13⤵
PID:10256

C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
14⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10256 -s 236
14⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7592 -s 216
13⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
12⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
11⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 236
10⤵
PID:4924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 236
9⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45614.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20047.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
10⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14672.exe
11⤵
PID:7808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13717.exe
11⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13357.exe
12⤵
PID:11056

C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
13⤵
PID:12092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11056 -s 236
13⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 240
11⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 236
9⤵
PID:5040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 948 -s 240
8⤵
- Program crash
PID:3536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:560

C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44853.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18322.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19838.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12670.exe
9⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49452.exe
10⤵
PID:7632

C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47213.exe
11⤵
PID:10736

C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60002.exe
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10736 -s 216
12⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7632 -s 216
11⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
10⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 236
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
8⤵
PID:4480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
7⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 240
6⤵
- Program crash
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43731.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48574.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33995.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59869.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-902.exe
9⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1790.exe
10⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47787.exe
11⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32975.exe
12⤵
PID:6768

C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
13⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
14⤵
PID:11916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
14⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6768 -s 216
13⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4856 -s 216
12⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
11⤵
PID:6132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 216
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30741.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54720.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60246.exe
11⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31871.exe
12⤵
PID:11380

C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11380 -s 236
13⤵
PID:9004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
12⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
10⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
8⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16416.exe
9⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36309.exe
10⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8864.exe
11⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52207.exe
12⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 236
12⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
11⤵
PID:10456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
10⤵
PID:7624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 216
9⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
8⤵
- Program crash
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56148.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1212

C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2381.exe
8⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
9⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30652.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14386.exe
11⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 200
12⤵
PID:9460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
9⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52127.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17746.exe
9⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11143.exe
10⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49864.exe
11⤵
PID:10432

C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41284.exe
12⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10432 -s 216
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 216
11⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:6216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1212 -s 240
8⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 240
7⤵
- Program crash
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9900.exe
7⤵
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63751.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15173.exe
9⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17362.exe
10⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30116.exe
11⤵
PID:7184

C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26789.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24117.exe
13⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 236
13⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7184 -s 216
12⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
10⤵
PID:6288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 236
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-11644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11644.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
9⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17771.exe
10⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50749.exe
10⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18459.exe
11⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25249.exe
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11196 -s 216
12⤵
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
11⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 220
10⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
9⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
8⤵
PID:4560

C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27165.exe
7⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
9⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58296.exe
9⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55663.exe
10⤵
PID:6952

C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10208.exe
11⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
12⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 216
12⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6952 -s 216
11⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 236
10⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 220
9⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 236
8⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
7⤵
- Program crash
PID:3300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
6⤵
- Program crash
PID:604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
5⤵
- Program crash
PID:1304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1564

C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1148

C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47069.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32046.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36299.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17130.exe
9⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
10⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45293.exe
11⤵
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23133.exe
12⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32049.exe
13⤵
PID:9056

C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25025.exe
14⤵
PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9056 -s 236
14⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
13⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 216
12⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 216
11⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
10⤵
- Program crash
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45806.exe
9⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54582.exe
10⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52722.exe
11⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42617.exe
12⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
13⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8932.exe
14⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 216
14⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6400 -s 216
13⤵
PID:10824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 236
12⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
11⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
10⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 240
9⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62801.exe
8⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65479.exe
9⤵
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4421.exe
10⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
11⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27325.exe
12⤵
PID:8336

C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
13⤵
PID:12272

C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
14⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 236
12⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
11⤵
PID:7300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 236
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17228.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59681.exe
10⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41818.exe
11⤵
PID:6464

C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41013.exe
12⤵
PID:10104

C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18928.exe
13⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10104 -s 216
13⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6464 -s 216
12⤵
PID:11068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
11⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 236
10⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 240
9⤵
- Program crash
PID:3688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
8⤵
- Program crash
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-974.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49309.exe
8⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17156.exe
9⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39782.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
11⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64475.exe
12⤵
PID:7880

C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43637.exe
13⤵
PID:10748

C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11517.exe
14⤵
PID:12696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10748 -s 216
14⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7880 -s 216
13⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
12⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
11⤵
PID:6564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
10⤵
PID:4988

C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-181.exe
9⤵
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42354.exe
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57526.exe
11⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
12⤵
PID:9960

C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38330.exe
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9960 -s 216
13⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
12⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5164 -s 216
11⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 216
10⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61758.exe
8⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31593.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18691.exe
10⤵
PID:5456

C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49203.exe
11⤵
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27258.exe
12⤵
PID:11808

C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18755.exe
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11808 -s 236
13⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 216
12⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5456 -s 216
11⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 236
9⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
8⤵
- Program crash
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28516.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37368.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32973.exe
8⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
9⤵
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9105.exe
11⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1050.exe
12⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21676.exe
13⤵
PID:10912

C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5751.exe
14⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10912 -s 236
14⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 220
13⤵
PID:11632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
12⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 236
10⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
10⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50251.exe
11⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10497.exe
12⤵
PID:10588

C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19790.exe
13⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10588 -s 216
13⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 220
12⤵
PID:11512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
11⤵
PID:9204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 220
9⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29469.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4203.exe
9⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3983.exe
10⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16671.exe
11⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49512.exe
12⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18646.exe
13⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
13⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 236
12⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 216
11⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 216
9⤵
PID:4252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62116.exe
7⤵
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49527.exe
8⤵
PID:1864

C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32278.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54954.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60298.exe
11⤵
PID:8212

C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60325.exe
12⤵
PID:12084

C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5854.exe
13⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8212 -s 216
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1864 -s 236
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 236
8⤵
- Program crash
PID:3824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
7⤵
- Program crash
PID:1124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1148 -s 240
6⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43539.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45175.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53512.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-985.exe
8⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
9⤵
PID:448

C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37094.exe
10⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58773.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5409.exe
12⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42454.exe
13⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22919.exe
14⤵
PID:12500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 216
14⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 216
13⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5512 -s 216
12⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
11⤵
PID:6708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 216
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-700.exe
9⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14730.exe
10⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5549.exe
11⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49703.exe
12⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10204 -s 220
13⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4964 -s 216
11⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
10⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
9⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
8⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3134.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41185.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
12⤵
PID:10480

C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35851.exe
13⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10480 -s 216
13⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 216
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
11⤵
PID:8820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
10⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 236
9⤵
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
8⤵
- Program crash
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12723.exe
7⤵
PID:1108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32999.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34463.exe
9⤵
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48139.exe
11⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50632.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35871.exe
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
13⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47078.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63547.exe
9⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13343.exe
10⤵
PID:7132

C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40738.exe
11⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28793.exe
12⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
12⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7132 -s 216
11⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 216
10⤵
PID:7764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:6264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1108 -s 240
8⤵
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
7⤵
- Program crash
PID:2300

C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49983.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31524.exe
7⤵
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3466.exe
8⤵
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8996.exe
9⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9088.exe
10⤵
PID:7600

C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53678.exe
11⤵
PID:10116

C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14132.exe
12⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10116 -s 236
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7600 -s 216
11⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
10⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3696 -s 216
9⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1496 -s 236
8⤵
PID:4972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
7⤵
- Program crash
PID:3424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 688 -s 240
6⤵
- Program crash
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
5⤵
- Program crash
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30733.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64718.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32769.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65453.exe
7⤵
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65095.exe
8⤵
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20566.exe
9⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29308.exe
10⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56177.exe
11⤵
PID:7516

C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
12⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46826.exe
13⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10136 -s 216
13⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7516 -s 216
12⤵
PID:2276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
11⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 236
9⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30357.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50443.exe
10⤵
PID:7944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12225.exe
11⤵
PID:10712

C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62638.exe
12⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10712 -s 216
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7944 -s 216
11⤵
PID:11572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5184 -s 216
10⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
8⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12365.exe
7⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31894.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
8⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16364.exe
9⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27697.exe
10⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30521.exe
11⤵
PID:6960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 216
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
10⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 216
9⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2664 -s 240
8⤵
PID:5296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
7⤵
- Program crash
PID:3520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
6⤵
- Program crash
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61189.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20840.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16445.exe
7⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32423.exe
8⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35807.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
10⤵
PID:5928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44102.exe
11⤵
PID:7972

C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14766.exe
12⤵
PID:11448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18947.exe
13⤵
PID:12652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11448 -s 216
13⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7972 -s 216
12⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5928 -s 216
11⤵
PID:9268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48422.exe
8⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16843.exe
9⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 220
10⤵
PID:6524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45230.exe
7⤵
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36099.exe
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33084.exe
9⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43073.exe
10⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48694.exe
11⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
11⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
10⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
9⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1684 -s 216
8⤵
PID:6100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 220
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46657.exe
6⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16279.exe
7⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16739.exe
8⤵
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
9⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14528.exe
11⤵
PID:11952

C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64442.exe
12⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
10⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3584 -s 216
9⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
8⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 216
7⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2368 -s 240
6⤵
- Program crash
PID:1580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
5⤵
- Program crash
PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1564 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
2⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
2⤵
- Program crash
PID:2696

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-16955.exe
Filesize
184KB

MD5
fc41e98e33d4e7155b9784d67d7fd364

SHA1
b777189f13a3b7374e9aa66b1d60f26bff193246

SHA256
157173c5d3b4ef44d5b105fa49d4bb7499e82017e5ceafdf96d9c1b8681b89d2

SHA512
a978c37eabeab810cfa86e5e6d38be5acfc694e082a78df495c5d79d8237af55f2210f18393e6fa28e137362b070445d9f232d5d47ea57ee46e499d9451c5c8e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
Filesize
184KB

MD5
fffe87c3690e9f00c173c582c6549605

SHA1
476a051242ee4d6c9222a7aaaceea8be33e568c2

SHA256
7edc8b0471119223741a841891eac896aa28c9de00bb1612389dcc64b0afd674

SHA512
d0faf3d5a25745f0bb4efee52a6649fc7e89cb913a2fec1e1be68c5dff5f47b74e11c5c11185d4c71bf90775ecd2cfcac951591c60bf69aa12306cd5446723b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28292.exe
Filesize
184KB

MD5
17ff30a2cc43c9fbab6f4abf9277e01e

SHA1
a984732b83b52dc4621387d78226b4982719ed83

SHA256
7a495fea8c54de267c20a688c8dcdc5e67f0adaa9b0fdecc04cda5b76f88ca16

SHA512
30dad0c34159d3e88470e4ab4e6f480a0261cee4e364a133e60eb0aa6820c2beca648868c8df0c3353c477c970ca9727d4731fd050024d09269187529f994e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31194.exe
Filesize
184KB

MD5
e16d489a77698418844bd7b5d692a05e

SHA1
776dc6d7c524c435db281c188a4285d237453e9f

SHA256
27ab8334b4c696e47c3d5eeb5cf069a0eb56b766be3fb1cb587787f6bca625c2

SHA512
4bf4f1e15f66c85313b64115a4bace0f9ea294b180f53b6402e297b80b82041ed85600a4b86aac2af6299ddf0ddccd12f565ca3a370c65e11cc20af582050696

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32267.exe
Filesize
184KB

MD5
f227a7d0a6eeb351396d12b14705e591

SHA1
20ebedae54071b4f1c2369899486d81e3a27c561

SHA256
d6415f3cb18e7f0fc407aaa2f807df41c26e932e11f22d172518839c1fd21c18

SHA512
9147f3727716379f9c0ee2148246ae516bfea930830ab79487e48ddb8d011499080634d8473dcb7d3af4c946d842f7b334610570b75489326cc914379ef2a1cc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36728.exe
Filesize
184KB

MD5
716ac90874f4e00580a5acf99338c409

SHA1
61eb1dba2f5edcc4db80054dfc7b91b9374b9dd9

SHA256
29dbdb1a07ece6cc718d83f83e7cafc38e9a4a222bfc8c59ce6f0ef9488ba565

SHA512
267379ac25a545ae1ece725e7bbb5acc3944669766c56c42262a5a211fd51f1c8447bf759cff977938437ee8c2cf4247c5568edce8a134efffc99fc0713423e0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37357.exe
Filesize
184KB

MD5
2d5bad3dd276eee3411a305e812308e0

SHA1
74b4bcb909bf08a7d087bd6c6028d8508793fc78

SHA256
d132dd7059cb5f142086f862a69a3945a437b2cb014b473328ad508258359bc7

SHA512
0f381e9cfc61124d6012ce70f9dce25131ce02a269ecc24b425218fb9e0b47a64eab23bf18ef343a7ab75d214478a2de0643f01c1d582d8ff164a761da253d94

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54952.exe
Filesize
184KB

MD5
a946028155b0279c6f98e9904a267481

SHA1
eab976f7fb3464da1e647e0d29335597e8a67a46

SHA256
36c86c19ff2d50766ed2701fa1452704dddb22e26d26d0d81eb90d4177bbebbd

SHA512
79d28149f3fb412884de1994116ead7ff373672e8939efc197cf3e714179979f6eec61876c1571ec7eaa877cabb255eead92c521a50e1ebf15b96a94ebe02265

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55613.exe
Filesize
184KB

MD5
be57cf50bb4452ab339bdeb61505e7f9

SHA1
deabedd519a589d7748d58371fd29632bedc92cd

SHA256
9cac430cb3b8605e8839622f2b3b1daa94dd96cec1b4b22e1aa204fd8a3e2172

SHA512
658f50d0a8c7c1b90dab0e063758cef6237dee2e9e01081eeeea68b19f1b31cc6e5f01d31470b84afc4c26628f11075754a9f24866e81e5fa7ecfab1b0b2753d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
Filesize
184KB

MD5
5f5ffbd9760d726d09ffee89b070bd35

SHA1
eda124afa6f223a6e941ac023ba54d880003bedf

SHA256
cd1936d2ac9bd36b2a9006baac18487a18ecc9be0c0021d03a8a6df2cd229977

SHA512
074e36088fc94154d7efb0546adfa0841a925d7fdbd163e64243926297fd3f4bb75698e5c5303671787a3743f89511179dc1d67185155ff377322576d94eaa2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6703.exe
Filesize
184KB

MD5
524b847d98304155d2c3dd4bdb0c2b20

SHA1
f116ac49003c562fbeef20c684a0f22c239a5137

SHA256
389595abe64de33b63f4436788904534196ba6249048359c76bc12ff86e0a47b

SHA512
33b329ae3db3f5625ce2e518bc4d0995c4a08f59a47e0be9c866b894d9e3a31b8653e56d8c8bcbaf3c0b4d342ce64e64492bfd604e5828800b618815c30e99e8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10259.exe
Filesize
184KB

MD5
b6bc46dca9e9351c4c620a8606d0a1d7

SHA1
7b02b4ee18e5b6a1a547bfbf07e1ae73dea9994d

SHA256
453c16c1688fc66bf5016581942717fbad39a8db209782062f28d5b2b7aaccb1

SHA512
ea501ed9eaf43a78cc131195c1202c13fb19087599be976f062646415a59fe0330d2a3ef58e92466c6e0086e756b90fd09fd82914bf036fafb0ece51d9f00a90

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
Filesize
184KB

MD5
b4e70bc88c3645bcdd3e650ee038c092

SHA1
e85de01150925352c3e75a36157470df1090d8bb

SHA256
9af2d608231172bf5bb40bb49f0e04af80415a781410c32d43595481720353fb

SHA512
1d67050ff1e03f105b132af0a4a86996f0219f7ea536b740ddba55aef269f4439ed2591891c55f985ecd44c793d091eb4f0264ba5ce17f57b31aab8085bd2369

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-15293.exe
Filesize
184KB

MD5
be4ff74037739eee11314014612a453c

SHA1
51cffe8456bee994c2964651a22ffb32a94ab64b

SHA256
0ec93627e4200b5124e67ef66e152b711edd5ec67163a2025436d7026611c385

SHA512
64293c315a8e21ee3f8eba5b385f68916f751652ed354501c2ad435eafba4968a4b23114bc9911ca18c822375f86478aad4f710aed1f0b7a280d25610f88ac15

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1879.exe
Filesize
184KB

MD5
9b0e999726c2dfaed51f5b45c9cfdf4e

SHA1
af7159e2cff506e358c02bb8b307692ad9247b6e

SHA256
b891e007e6347a3e20c54526ef94796fad562defafbc34ed88a82b8214d8aec3

SHA512
d0286ecd29216d0f243f7bca75579976e962a82c504338bfccdc140e0e8cb45ef7228b69a5f0287ab547d411bf48a099c6f0ff5a3f06cfe0201c8f73a385219a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28807.exe
Filesize
184KB

MD5
4d5569dc3bb292f00754b76206a7f469

SHA1
b7256273f545dd35622bd0dc9dc8d39b8e8455e3

SHA256
c9543c6c937f3236bc069d45189931cd585ed87d5d8530b5b59513f4841a4cf7

SHA512
5a3aa1bfa02911926e8de062e8f436ad58f8ae9b4c7ff4b6d96c5151b71c602a0b9a119b876cb0b343f3831478960a34ad9984090143567cfd5c3dadcae5a005

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-30830.exe
Filesize
184KB

MD5
01143152f3e6178798f31e37b64661b7

SHA1
a3adbc73421f08f7cc020ed51a14a022aae690f8

SHA256
f260ee0924ef9e4b40e5444211437ed37dc87c93316bdbb53c54e12dd7b45249

SHA512
35ec260ce477f0c269d61441fd7e32f44c48df9895802dc664fefb2582f85c1da4cf8b0567ecc3e391c80cfee83b2442f2a81feacb7fc6e3e96cc4b90c740157

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
Filesize
184KB

MD5
76d8146e5c386d9220f109e95968a765

SHA1
96adaaa6a19708ac0b95ea140cca5cc52d80e102

SHA256
47af129d8ba43313c10f92aed4eb38f2c75bcc804292b89de25654e578d62e76

SHA512
ecaf91d095e3a015ab8d61fcd4d0d4863cc6fc07c701c15db604661e66aa5bd6f7b063592e6bfad6d53d0a69713cd4454df9c263cfc77d00a5197bb786800eba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-426.exe
Filesize
184KB

MD5
e08fd48f5cc69c5fcde41a7a168ef3fe

SHA1
2bf1b5be4241b15b42035624542e21bdfa0ab995

SHA256
3dbcc6fdc758790550cbaa733e9799f04e5f44cb79a3437f38e05953024a1622

SHA512
1c602df8027b1ca65ef889d9cc062577ca63feaf718ed9f730b384657e2e50ad30f3a102683a87e67e2b9d6310597285e7de20e593fa4bf7989aa45a269d2654

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64631.exe
Filesize
184KB

MD5
32eafd7cab8ef7a570558b41faafb47e

SHA1
e4dcb165f1c776f987463dfa2d1b87f38a57b672

SHA256
fb7414ecc0bb8418dc6f629923bd94ae05a4e4d361afa45dca7d46197f3602a6

SHA512
36a7e9d7f285885a6499366dffafbd64f4441edad0e2eae030df48e212c06937632aab4b49e6afc93c271a11ea66cf0fc8e070957e5bc86008782ddc7acb57f3

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads