bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
Size

184KB
MD5

5ba9a2435b3a932fca580ac96523cec9
SHA1

9d86b2d8d1f34042c0e5eb3d6a81319d0da80785
SHA256

bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd
SHA512

a87066d11e9cfb5803383efe062fd517fba07a2371a4618f58e9d0d386c83d951ea39c41010e97c9e573104030ccd6dd1a25cca03edaaf15afdfd9c1292ae444
SSDEEP

1536:X7S/6jZmu3xxoRxvrhhAlJwMHLI2Zcimd8xcLR2Vzdtnhl5hj5rizp5X:Ld73xxo3Dhh4dHE2eOcLRKDnhln5iFB

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-49403.exeUnicorn-27725.exeUnicorn-24195.exeUnicorn-65166.exeUnicorn-65166.exeUnicorn-9421.exeUnicorn-18504.exeUnicorn-63106.exeUnicorn-50107.exeUnicorn-34648.exeUnicorn-46578.exeUnicorn-19324.exeUnicorn-43828.exeUnicorn-47357.exeUnicorn-63693.exeUnicorn-55011.exeUnicorn-14492.exeUnicorn-60164.exeUnicorn-63086.exeUnicorn-42151.exeUnicorn-45717.exeUnicorn-65390.exeUnicorn-32334.exeUnicorn-45141.exeUnicorn-64814.exeUnicorn-64814.exeUnicorn-31950.exeUnicorn-12084.exeUnicorn-12406.exeUnicorn-58078.exeUnicorn-11272.exeUnicorn-31138.exeUnicorn-2378.exeUnicorn-18331.exeUnicorn-14609.exeUnicorn-50619.exeUnicorn-63426.exeUnicorn-50427.exeUnicorn-34126.exeUnicorn-37464.exeUnicorn-4599.exeUnicorn-50271.exeUnicorn-4599.exeUnicorn-1.exeUnicorn-53608.exeUnicorn-20796.exeUnicorn-53276.exeUnicorn-546.exeUnicorn-65507.exeUnicorn-57469.exeUnicorn-48787.exeUnicorn-19452.exeUnicorn-35788.exeUnicorn-11148.exeUnicorn-51667.exeUnicorn-22332.exeUnicorn-40291.exeUnicorn-5227.exeUnicorn-23187.exeUnicorn-26525.exeUnicorn-21372.exeUnicorn-39331.exeUnicorn-26333.exeUnicorn-42669.exe

pid	process
2660	Unicorn-49403.exe
2236	Unicorn-27725.exe
2744	Unicorn-24195.exe
2612	Unicorn-65166.exe
3008	Unicorn-65166.exe
3052	Unicorn-9421.exe
2576	Unicorn-18504.exe
2776	Unicorn-63106.exe
1904	Unicorn-50107.exe
1916	Unicorn-34648.exe
2148	Unicorn-46578.exe
1264	Unicorn-19324.exe
2028	Unicorn-43828.exe
2088	Unicorn-47357.exe
2680	Unicorn-63693.exe
696	Unicorn-55011.exe
640	Unicorn-14492.exe
480	Unicorn-60164.exe
2448	Unicorn-63086.exe
1196	Unicorn-42151.exe
1456	Unicorn-45717.exe
1004	Unicorn-65390.exe
340	Unicorn-32334.exe
1740	Unicorn-45141.exe
2224	Unicorn-64814.exe
684	Unicorn-64814.exe
1608	Unicorn-31950.exe
2116	Unicorn-12084.exe
1296	Unicorn-12406.exe
1988	Unicorn-58078.exe
1508	Unicorn-11272.exe
1348	Unicorn-31138.exe
3040	Unicorn-2378.exe
2800	Unicorn-18331.exe
2688	Unicorn-14609.exe
2648	Unicorn-50619.exe
2524	Unicorn-63426.exe
1640	Unicorn-50427.exe
2708	Unicorn-34126.exe
2792	Unicorn-37464.exe
1908	Unicorn-4599.exe
1724	Unicorn-50271.exe
1504	Unicorn-4599.exe
2160	Unicorn-1.exe
1664	Unicorn-53608.exe
1360	Unicorn-20796.exe
1676	Unicorn-53276.exe
2056	Unicorn-546.exe
1408	Unicorn-65507.exe
668	Unicorn-57469.exe
1208	Unicorn-48787.exe
1308	Unicorn-19452.exe
1744	Unicorn-35788.exe
1492	Unicorn-11148.exe
1672	Unicorn-51667.exe
1784	Unicorn-22332.exe
3028	Unicorn-40291.exe
1924	Unicorn-5227.exe
2172	Unicorn-23187.exe
2716	Unicorn-26525.exe
2504	Unicorn-21372.exe
2552	Unicorn-39331.exe
2608	Unicorn-26333.exe
328	Unicorn-42669.exe

Loads dropped DLL 64 IoCs

Processes:

bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exeUnicorn-49403.exeUnicorn-27725.exeUnicorn-24195.exeWerFault.exeUnicorn-65166.exeUnicorn-65166.exeUnicorn-9421.exeWerFault.exeWerFault.exeUnicorn-63106.exeUnicorn-50107.exeUnicorn-34648.exeUnicorn-46578.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
2660	Unicorn-49403.exe
1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
2660	Unicorn-49403.exe
2236	Unicorn-27725.exe
2744	Unicorn-24195.exe
2236	Unicorn-27725.exe
2660	Unicorn-49403.exe
2744	Unicorn-24195.exe
2660	Unicorn-49403.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2060	WerFault.exe
2612	Unicorn-65166.exe
2612	Unicorn-65166.exe
2744	Unicorn-24195.exe
2744	Unicorn-24195.exe
3008	Unicorn-65166.exe
3008	Unicorn-65166.exe
3052	Unicorn-9421.exe
2236	Unicorn-27725.exe
2236	Unicorn-27725.exe
3052	Unicorn-9421.exe
2968	WerFault.exe
2440	WerFault.exe
2968	WerFault.exe
2440	WerFault.exe
2968	WerFault.exe
2968	WerFault.exe
2440	WerFault.exe
2440	WerFault.exe
2968	WerFault.exe
2440	WerFault.exe
2776	Unicorn-63106.exe
2776	Unicorn-63106.exe
1904	Unicorn-50107.exe
3008	Unicorn-65166.exe
1904	Unicorn-50107.exe
1916	Unicorn-34648.exe
1916	Unicorn-34648.exe
3008	Unicorn-65166.exe
2612	Unicorn-65166.exe
3052	Unicorn-9421.exe
2612	Unicorn-65166.exe
3052	Unicorn-9421.exe
2148	Unicorn-46578.exe
2148	Unicorn-46578.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1736	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe
2332	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2484	1932	WerFault.exe	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
2060	2660	WerFault.exe	Unicorn-49403.exe
2968	2744	WerFault.exe	Unicorn-24195.exe
2440	2236	WerFault.exe	Unicorn-27725.exe
1736	2612	WerFault.exe	Unicorn-65166.exe
1544	3008	WerFault.exe	Unicorn-65166.exe
2332	3052	WerFault.exe	Unicorn-9421.exe
1728	2776	WerFault.exe	Unicorn-63106.exe
2032	1904	WerFault.exe	Unicorn-50107.exe
1648	1916	WerFault.exe	Unicorn-34648.exe
2580	2576	WerFault.exe	Unicorn-18504.exe
2996	2148	WerFault.exe	Unicorn-46578.exe
1512	1264	WerFault.exe	Unicorn-19324.exe
2008	2028	WerFault.exe	Unicorn-43828.exe
348	1004	WerFault.exe	Unicorn-65390.exe
2284	2088	WerFault.exe	Unicorn-47357.exe
2064	2680	WerFault.exe	Unicorn-63693.exe
1428	640	WerFault.exe	Unicorn-14492.exe
1180	480	WerFault.exe	Unicorn-60164.exe
1868	2708	WerFault.exe	Unicorn-34126.exe
316	2448	WerFault.exe	Unicorn-63086.exe
2392	1196	WerFault.exe	Unicorn-42151.exe
1056	1456	WerFault.exe	Unicorn-45717.exe
1692	340	WerFault.exe	Unicorn-32334.exe
1660	1740	WerFault.exe	Unicorn-45141.exe
2388	2224	WerFault.exe	Unicorn-64814.exe
2232	1296	WerFault.exe	Unicorn-12406.exe
1668	2116	WerFault.exe	Unicorn-12084.exe
2844	1608	WerFault.exe	Unicorn-31950.exe
1708	684	WerFault.exe	Unicorn-64814.exe
2568	1988	WerFault.exe	Unicorn-58078.exe
2668	1508	WerFault.exe	Unicorn-11272.exe
1716	3040	WerFault.exe	Unicorn-2378.exe
2044	1348	WerFault.exe	Unicorn-31138.exe
2908	2800	WerFault.exe	Unicorn-18331.exe
2472	2688	WerFault.exe	Unicorn-14609.exe
2168	2524	WerFault.exe	Unicorn-63426.exe
2900	2648	WerFault.exe	Unicorn-50619.exe
404	1640	WerFault.exe	Unicorn-50427.exe
1136	2792	WerFault.exe	Unicorn-37464.exe
944	1664	WerFault.exe	Unicorn-53608.exe
3088	1908	WerFault.exe	Unicorn-4599.exe
3120	1724	WerFault.exe	Unicorn-50271.exe
3128	2160	WerFault.exe	Unicorn-1.exe
3184	1504	WerFault.exe	Unicorn-4599.exe
4072	2572	WerFault.exe	Unicorn-1107.exe
3632	1360	WerFault.exe	Unicorn-20796.exe
3512	1676	WerFault.exe	Unicorn-53276.exe
3832	2056	WerFault.exe	Unicorn-546.exe
3948	940	WerFault.exe	Unicorn-52700.exe
3540	1408	WerFault.exe	Unicorn-65507.exe
3604	668	WerFault.exe	Unicorn-57469.exe
3644	2504	WerFault.exe	Unicorn-21372.exe
3732	3028	WerFault.exe	Unicorn-40291.exe
3708	1784	WerFault.exe	Unicorn-22332.exe
3736	1924	WerFault.exe	Unicorn-5227.exe
3908	860	WerFault.exe	Unicorn-10951.exe
3972	2928	WerFault.exe	Unicorn-9804.exe
4116	1744	WerFault.exe	Unicorn-35788.exe
4124	1672	WerFault.exe	Unicorn-51667.exe
4172	328	WerFault.exe	Unicorn-42669.exe
4188	1536	WerFault.exe	Unicorn-63655.exe
4196	760	WerFault.exe	Unicorn-46779.exe
4236	3048	WerFault.exe	Unicorn-13914.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exeUnicorn-49403.exeUnicorn-27725.exeUnicorn-24195.exeUnicorn-65166.exeUnicorn-65166.exeUnicorn-9421.exeUnicorn-63106.exeUnicorn-18504.exeUnicorn-34648.exeUnicorn-46578.exeUnicorn-50107.exeUnicorn-19324.exeUnicorn-47357.exeUnicorn-43828.exeUnicorn-55011.exeUnicorn-63693.exeUnicorn-14492.exeUnicorn-60164.exeUnicorn-63086.exeUnicorn-42151.exeUnicorn-45717.exeUnicorn-65390.exeUnicorn-32334.exeUnicorn-45141.exeUnicorn-64814.exeUnicorn-64814.exeUnicorn-31950.exeUnicorn-12084.exeUnicorn-12406.exeUnicorn-58078.exeUnicorn-11272.exeUnicorn-2378.exeUnicorn-18331.exeUnicorn-14609.exeUnicorn-50619.exeUnicorn-63426.exeUnicorn-50427.exeUnicorn-34126.exeUnicorn-37464.exeUnicorn-50271.exeUnicorn-1.exeUnicorn-4599.exeUnicorn-4599.exeUnicorn-53608.exeUnicorn-20796.exeUnicorn-53276.exeUnicorn-546.exeUnicorn-52700.exeUnicorn-65507.exeUnicorn-57469.exeUnicorn-48787.exeUnicorn-19452.exeUnicorn-35788.exeUnicorn-51667.exeUnicorn-11148.exeUnicorn-22332.exeUnicorn-40291.exeUnicorn-5227.exeUnicorn-23187.exeUnicorn-26525.exeUnicorn-21372.exeUnicorn-39331.exeUnicorn-26333.exe

pid	process
1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
2660	Unicorn-49403.exe
2236	Unicorn-27725.exe
2744	Unicorn-24195.exe
3008	Unicorn-65166.exe
2612	Unicorn-65166.exe
3052	Unicorn-9421.exe
2776	Unicorn-63106.exe
2576	Unicorn-18504.exe
1916	Unicorn-34648.exe
2148	Unicorn-46578.exe
1904	Unicorn-50107.exe
1264	Unicorn-19324.exe
2088	Unicorn-47357.exe
2028	Unicorn-43828.exe
696	Unicorn-55011.exe
2680	Unicorn-63693.exe
640	Unicorn-14492.exe
480	Unicorn-60164.exe
2448	Unicorn-63086.exe
1196	Unicorn-42151.exe
1456	Unicorn-45717.exe
1004	Unicorn-65390.exe
340	Unicorn-32334.exe
1740	Unicorn-45141.exe
2224	Unicorn-64814.exe
684	Unicorn-64814.exe
1608	Unicorn-31950.exe
2116	Unicorn-12084.exe
1296	Unicorn-12406.exe
1988	Unicorn-58078.exe
1508	Unicorn-11272.exe
3040	Unicorn-2378.exe
2800	Unicorn-18331.exe
2688	Unicorn-14609.exe
2648	Unicorn-50619.exe
2524	Unicorn-63426.exe
1640	Unicorn-50427.exe
2708	Unicorn-34126.exe
2792	Unicorn-37464.exe
1724	Unicorn-50271.exe
2160	Unicorn-1.exe
1504	Unicorn-4599.exe
1908	Unicorn-4599.exe
1664	Unicorn-53608.exe
1360	Unicorn-20796.exe
1676	Unicorn-53276.exe
2056	Unicorn-546.exe
940	Unicorn-52700.exe
1408	Unicorn-65507.exe
668	Unicorn-57469.exe
1208	Unicorn-48787.exe
1308	Unicorn-19452.exe
1744	Unicorn-35788.exe
1672	Unicorn-51667.exe
1492	Unicorn-11148.exe
1784	Unicorn-22332.exe
3028	Unicorn-40291.exe
1924	Unicorn-5227.exe
2172	Unicorn-23187.exe
2716	Unicorn-26525.exe
2504	Unicorn-21372.exe
2552	Unicorn-39331.exe
2608	Unicorn-26333.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exeUnicorn-49403.exeUnicorn-27725.exeUnicorn-24195.exeUnicorn-65166.exeUnicorn-65166.exeUnicorn-9421.exeUnicorn-63106.exe

description	pid	process	target process
PID 1932 wrote to memory of 2660	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-49403.exe
PID 1932 wrote to memory of 2660	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-49403.exe
PID 1932 wrote to memory of 2660	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-49403.exe
PID 1932 wrote to memory of 2660	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-49403.exe
PID 1932 wrote to memory of 2744	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-24195.exe
PID 1932 wrote to memory of 2744	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-24195.exe
PID 1932 wrote to memory of 2744	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-24195.exe
PID 1932 wrote to memory of 2744	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	Unicorn-24195.exe
PID 2660 wrote to memory of 2236	2660	Unicorn-49403.exe	Unicorn-27725.exe
PID 2660 wrote to memory of 2236	2660	Unicorn-49403.exe	Unicorn-27725.exe
PID 2660 wrote to memory of 2236	2660	Unicorn-49403.exe	Unicorn-27725.exe
PID 2660 wrote to memory of 2236	2660	Unicorn-49403.exe	Unicorn-27725.exe
PID 1932 wrote to memory of 2484	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	WerFault.exe
PID 1932 wrote to memory of 2484	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	WerFault.exe
PID 1932 wrote to memory of 2484	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	WerFault.exe
PID 1932 wrote to memory of 2484	1932	bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe	WerFault.exe
PID 2236 wrote to memory of 3008	2236	Unicorn-27725.exe	Unicorn-65166.exe
PID 2236 wrote to memory of 3008	2236	Unicorn-27725.exe	Unicorn-65166.exe
PID 2236 wrote to memory of 3008	2236	Unicorn-27725.exe	Unicorn-65166.exe
PID 2236 wrote to memory of 3008	2236	Unicorn-27725.exe	Unicorn-65166.exe
PID 2744 wrote to memory of 2612	2744	Unicorn-24195.exe	Unicorn-65166.exe
PID 2744 wrote to memory of 2612	2744	Unicorn-24195.exe	Unicorn-65166.exe
PID 2744 wrote to memory of 2612	2744	Unicorn-24195.exe	Unicorn-65166.exe
PID 2744 wrote to memory of 2612	2744	Unicorn-24195.exe	Unicorn-65166.exe
PID 2660 wrote to memory of 3052	2660	Unicorn-49403.exe	Unicorn-9421.exe
PID 2660 wrote to memory of 3052	2660	Unicorn-49403.exe	Unicorn-9421.exe
PID 2660 wrote to memory of 3052	2660	Unicorn-49403.exe	Unicorn-9421.exe
PID 2660 wrote to memory of 3052	2660	Unicorn-49403.exe	Unicorn-9421.exe
PID 2660 wrote to memory of 2060	2660	Unicorn-49403.exe	WerFault.exe
PID 2660 wrote to memory of 2060	2660	Unicorn-49403.exe	WerFault.exe
PID 2660 wrote to memory of 2060	2660	Unicorn-49403.exe	WerFault.exe
PID 2660 wrote to memory of 2060	2660	Unicorn-49403.exe	WerFault.exe
PID 2612 wrote to memory of 2576	2612	Unicorn-65166.exe	Unicorn-18504.exe
PID 2612 wrote to memory of 2576	2612	Unicorn-65166.exe	Unicorn-18504.exe
PID 2612 wrote to memory of 2576	2612	Unicorn-65166.exe	Unicorn-18504.exe
PID 2612 wrote to memory of 2576	2612	Unicorn-65166.exe	Unicorn-18504.exe
PID 2744 wrote to memory of 2776	2744	Unicorn-24195.exe	Unicorn-63106.exe
PID 2744 wrote to memory of 2776	2744	Unicorn-24195.exe	Unicorn-63106.exe
PID 2744 wrote to memory of 2776	2744	Unicorn-24195.exe	Unicorn-63106.exe
PID 2744 wrote to memory of 2776	2744	Unicorn-24195.exe	Unicorn-63106.exe
PID 3008 wrote to memory of 1904	3008	Unicorn-65166.exe	Unicorn-50107.exe
PID 3008 wrote to memory of 1904	3008	Unicorn-65166.exe	Unicorn-50107.exe
PID 3008 wrote to memory of 1904	3008	Unicorn-65166.exe	Unicorn-50107.exe
PID 3008 wrote to memory of 1904	3008	Unicorn-65166.exe	Unicorn-50107.exe
PID 2236 wrote to memory of 2148	2236	Unicorn-27725.exe	Unicorn-46578.exe
PID 2236 wrote to memory of 2148	2236	Unicorn-27725.exe	Unicorn-46578.exe
PID 2236 wrote to memory of 2148	2236	Unicorn-27725.exe	Unicorn-46578.exe
PID 2236 wrote to memory of 2148	2236	Unicorn-27725.exe	Unicorn-46578.exe
PID 3052 wrote to memory of 1916	3052	Unicorn-9421.exe	Unicorn-34648.exe
PID 3052 wrote to memory of 1916	3052	Unicorn-9421.exe	Unicorn-34648.exe
PID 3052 wrote to memory of 1916	3052	Unicorn-9421.exe	Unicorn-34648.exe
PID 3052 wrote to memory of 1916	3052	Unicorn-9421.exe	Unicorn-34648.exe
PID 2744 wrote to memory of 2968	2744	Unicorn-24195.exe	WerFault.exe
PID 2744 wrote to memory of 2968	2744	Unicorn-24195.exe	WerFault.exe
PID 2744 wrote to memory of 2968	2744	Unicorn-24195.exe	WerFault.exe
PID 2744 wrote to memory of 2968	2744	Unicorn-24195.exe	WerFault.exe
PID 2236 wrote to memory of 2440	2236	Unicorn-27725.exe	WerFault.exe
PID 2236 wrote to memory of 2440	2236	Unicorn-27725.exe	WerFault.exe
PID 2236 wrote to memory of 2440	2236	Unicorn-27725.exe	WerFault.exe
PID 2236 wrote to memory of 2440	2236	Unicorn-27725.exe	WerFault.exe
PID 2776 wrote to memory of 1264	2776	Unicorn-63106.exe	Unicorn-19324.exe
PID 2776 wrote to memory of 1264	2776	Unicorn-63106.exe	Unicorn-19324.exe
PID 2776 wrote to memory of 1264	2776	Unicorn-63106.exe	Unicorn-19324.exe
PID 2776 wrote to memory of 1264	2776	Unicorn-63106.exe	Unicorn-19324.exe

C:\Users\Admin\AppData\Local\Temp\bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe
"C:\Users\Admin\AppData\Local\Temp\bdae66f685ea2397835b0fa49dea2c3c580f3e664be2504a78e2c1628eabc2bd.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-49403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49403.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3008

C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32334.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50619.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11148.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17636.exe
10⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14885.exe
11⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
12⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
13⤵
PID:7404

C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26458.exe
14⤵
PID:11184

C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32806.exe
15⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7404 -s 216
14⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
13⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
12⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
11⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27692.exe
10⤵
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46617.exe
11⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
12⤵
PID:7004

C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4962.exe
13⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20156.exe
14⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 220
14⤵
PID:13020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7004 -s 216
13⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 216
12⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3552 -s 236
11⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 240
10⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46779.exe
9⤵
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
10⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
11⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17638.exe
12⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13371.exe
13⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
14⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
14⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
13⤵
PID:10804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 236
12⤵
PID:7744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
11⤵
PID:6028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 216
10⤵
- Program crash
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 240
9⤵
- Program crash
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51667.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1672

C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
9⤵
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
10⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12792.exe
11⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20638.exe
12⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
13⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53679.exe
14⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
14⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 216
13⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5044 -s 216
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
11⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 216
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-929.exe
10⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64477.exe
11⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41270.exe
12⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10321.exe
13⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
13⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 236
12⤵
PID:10984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 216
11⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:6004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1672 -s 220
9⤵
- Program crash
PID:4124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
8⤵
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63426.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19452.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17143.exe
9⤵
PID:288

C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64361.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41464.exe
11⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
12⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
13⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16438.exe
14⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 220
14⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 236
13⤵
PID:11224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
12⤵
PID:8596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
11⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 288 -s 216
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12316.exe
9⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64157.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17914.exe
11⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
12⤵
PID:11176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
10⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 220
9⤵
PID:4716

C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
8⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
9⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34038.exe
10⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35350.exe
11⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
12⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62741.exe
13⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 216
12⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
11⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 236
9⤵
PID:4876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
8⤵
- Program crash
PID:2168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
7⤵
- Program crash
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45141.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50427.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22332.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19274.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2061.exe
11⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22162.exe
12⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59642.exe
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
13⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 236
12⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
11⤵
PID:7572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
10⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 216
9⤵
- Program crash
PID:3708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
8⤵
- Program crash
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
8⤵
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52138.exe
9⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5823.exe
10⤵
PID:5240

C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1053.exe
11⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18996.exe
12⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 216
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5240 -s 216
11⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3576 -s 236
9⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 236
8⤵
- Program crash
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
7⤵
- Program crash
PID:1660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 220
6⤵
- Program crash
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2028

C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65390.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 320
7⤵
- Program crash
PID:348

C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14609.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35788.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63655.exe
8⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61865.exe
9⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32258.exe
10⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14752.exe
11⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23738.exe
12⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
13⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
12⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
11⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 216
9⤵
- Program crash
PID:4188

C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
8⤵
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33659.exe
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14368.exe
10⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6140.exe
11⤵
PID:9476

C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
12⤵
PID:7184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9476 -s 216
12⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5012 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3756 -s 236
9⤵
PID:5472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
8⤵
- Program crash
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43597.exe
7⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48326.exe
8⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43061.exe
9⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29169.exe
10⤵
PID:6588

C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49939.exe
11⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
12⤵
PID:8080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6588 -s 216
11⤵
PID:10256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4520 -s 216
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 236
9⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
8⤵
PID:4284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
7⤵
- Program crash
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2028 -s 240
6⤵
- Program crash
PID:2008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3008 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14492.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:640

C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31950.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9804.exe
8⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1107.exe
9⤵
PID:2572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 220
10⤵
- Program crash
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14442.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
11⤵
PID:6316

C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39882.exe
12⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4810.exe
13⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
13⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6316 -s 216
12⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 240
9⤵
- Program crash
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
8⤵
PID:1392

C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31222.exe
9⤵
PID:3492

C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64105.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-36834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36834.exe
11⤵
PID:7912

C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16328.exe
12⤵
PID:10524

C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27092.exe
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10524 -s 236
13⤵
PID:12548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7912 -s 220
12⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:9024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3492 -s 236
10⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1392 -s 236
9⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
8⤵
- Program crash
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55476.exe
7⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
8⤵
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47942.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30639.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64649.exe
11⤵
PID:7336

C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8725.exe
12⤵
PID:10816

C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33167.exe
13⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7336 -s 216
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 236
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-11548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11548.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33270.exe
9⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21406.exe
10⤵
PID:6448

C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61693.exe
11⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61857.exe
12⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 236
12⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6448 -s 216
11⤵
PID:10692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 216
10⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:6812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 240
8⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 220
7⤵
- Program crash
PID:2844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 640 -s 236
6⤵
- Program crash
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58078.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53608.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26525.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16759.exe
8⤵
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14584.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22715.exe
10⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52163.exe
11⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
12⤵
PID:9316

C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-228.exe
13⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9316 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
12⤵
PID:11236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
11⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 236
10⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 216
9⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44605.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62377.exe
9⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35298.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25809.exe
11⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63002.exe
12⤵
PID:12344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 220
12⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
10⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 220
8⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62238.exe
7⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15257.exe
9⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64893.exe
10⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37475.exe
11⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
11⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5600 -s 216
10⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
9⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 216
8⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
7⤵
- Program crash
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39331.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33479.exe
7⤵
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6539.exe
9⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-21074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21074.exe
10⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28305.exe
11⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49079.exe
12⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
12⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
11⤵
PID:10536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
10⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 216
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
7⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
8⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3014.exe
9⤵
PID:7312

C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34724.exe
10⤵
PID:10112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54896.exe
11⤵
PID:8040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10112 -s 216
11⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
9⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 216
8⤵
PID:6300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 220
7⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
6⤵
- Program crash
PID:2568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
5⤵
- Program crash
PID:2996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
7⤵
- Program crash
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34126.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
7⤵
- Program crash
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 220
6⤵
- Program crash
PID:2064

C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12084.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4599.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21372.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33998.exe
8⤵
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30985.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28273.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
11⤵
PID:8552

C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8552 -s 220
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:7280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 216
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 216
8⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27261.exe
7⤵
PID:296

C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62742.exe
8⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14110.exe
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30513.exe
10⤵
PID:6152

C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
11⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37727.exe
12⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
12⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6152 -s 216
11⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
10⤵
PID:1632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 296 -s 236
8⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 240
7⤵
- Program crash
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 236
6⤵
- Program crash
PID:1668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 240
5⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60164.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12406.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37464.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5227.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36078.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19082.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21968.exe
10⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41312.exe
11⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35632.exe
12⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36.exe
13⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 216
12⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5368 -s 216
11⤵
PID:2396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 216
8⤵
- Program crash
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47163.exe
7⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48902.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64681.exe
9⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36533.exe
10⤵
PID:7816

C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43681.exe
11⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2675.exe
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10468 -s 216
12⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7816 -s 216
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 216
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 240
7⤵
- Program crash
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23187.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16951.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15461.exe
8⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-65205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65205.exe
9⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 200
10⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 236
9⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 236
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60941.exe
7⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4126.exe
8⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33679.exe
9⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2607.exe
10⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
10⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
9⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
8⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2172 -s 240
7⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 240
6⤵
- Program crash
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50271.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42669.exe
6⤵
- Executes dropped EXE
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33780.exe
7⤵
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31414.exe
8⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-602.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-50295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50295.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13644.exe
11⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53788.exe
12⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
12⤵
PID:12980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 220
11⤵
PID:10796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:8300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 236
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 236
8⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60557.exe
7⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32315.exe
8⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4109.exe
9⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65284.exe
10⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
11⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 220
11⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 220
10⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
9⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 236
8⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 240
7⤵
- Program crash
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13914.exe
6⤵
PID:3048

C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16038.exe
7⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63451.exe
8⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65359.exe
9⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 220
10⤵
PID:9820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 236
9⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 216
8⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 236
7⤵
- Program crash
PID:4236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
6⤵
- Program crash
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
5⤵
- Program crash
PID:1180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2060

C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45717.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18331.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57469.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17854.exe
8⤵
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52379.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44621.exe
10⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
11⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2727.exe
12⤵
PID:8740

C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42922.exe
13⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8740 -s 216
13⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
12⤵
PID:9844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 216
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48993.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55550.exe
11⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29598.exe
12⤵
PID:11008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 236
12⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2476 -s 240
9⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36270.exe
8⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35418.exe
9⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34407.exe
10⤵
PID:5476

C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
11⤵
PID:7440

C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17620.exe
12⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
13⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
13⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7440 -s 216
12⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5476 -s 216
11⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
10⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 236
9⤵
PID:5976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 668 -s 240
8⤵
- Program crash
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43982.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8471.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18890.exe
9⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50769.exe
10⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
11⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38907.exe
12⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27253.exe
13⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 236
13⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 216
12⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
11⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
10⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 236
9⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29150.exe
9⤵
PID:6092

C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
10⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-747.exe
11⤵
PID:11496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 236
11⤵
PID:4032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6092 -s 216
10⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
9⤵
PID:7352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2800 -s 240
7⤵
- Program crash
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48787.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1208

C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47127.exe
7⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47833.exe
8⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48122.exe
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55142.exe
10⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17683.exe
11⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7604 -s 216
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 216
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 216
8⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28652.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63721.exe
8⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50425.exe
9⤵
PID:7472

C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30080.exe
10⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7472 -s 216
10⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
9⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 236
8⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1208 -s 240
7⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
6⤵
- Program crash
PID:1056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 236
5⤵
- Program crash
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55011.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:696

C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64814.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 684 -s 240
6⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26333.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33095.exe
7⤵
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29001.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39544.exe
9⤵
PID:4848

C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
10⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2811.exe
11⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55464.exe
12⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
12⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
11⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4848 -s 236
10⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:5216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 216
8⤵
PID:4300

C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59021.exe
7⤵
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57992.exe
8⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55396.exe
9⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31076.exe
10⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37260.exe
11⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
11⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7456 -s 220
10⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
9⤵
PID:8580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3744 -s 216
8⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 220
7⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 236
6⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63086.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31138.exe
6⤵
- Executes dropped EXE
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52700.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13520.exe
8⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37003.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
10⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34163.exe
11⤵
PID:5924

C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6258.exe
12⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8476.exe
13⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
13⤵
PID:12080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5924 -s 216
12⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 216
11⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16128.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17827.exe
10⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54600.exe
11⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21186.exe
12⤵
PID:10324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
11⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
9⤵
PID:5128

C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33473.exe
8⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61533.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22544.exe
10⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59216.exe
11⤵
PID:7864

C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63837.exe
12⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7864 -s 236
12⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
11⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
9⤵
PID:5324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 240
8⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26327.exe
7⤵
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4330.exe
8⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46074.exe
9⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55216.exe
10⤵
PID:5124

C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32849.exe
11⤵
PID:7556

C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51668.exe
12⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 236
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5124 -s 216
11⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 216
10⤵
PID:5828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8611.exe
8⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36799.exe
9⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57327.exe
10⤵
PID:7760

C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19411.exe
11⤵
PID:11108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7760 -s 216
11⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
10⤵
PID:8840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 216
9⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2144 -s 240
8⤵
PID:4568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 240
7⤵
- Program crash
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65507.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31367.exe
7⤵
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19899.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28093.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45564.exe
10⤵
PID:5916

C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13095.exe
11⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45641.exe
12⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 220
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5916 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
9⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47924.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4095.exe
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9823.exe
10⤵
PID:7648

C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-163.exe
11⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7648 -s 216
11⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
10⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:7064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2500 -s 240
8⤵
PID:5252

C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33.exe
7⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61713.exe
9⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41068.exe
10⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20191.exe
11⤵
PID:9952

C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47960.exe
12⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9952 -s 236
12⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6856 -s 236
11⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 236
10⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
8⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
7⤵
- Program crash
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
6⤵
- Program crash
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11272.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20796.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30817.exe
7⤵
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64309.exe
8⤵
PID:792

C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1694.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23016.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39252.exe
11⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
12⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19043.exe
13⤵
PID:8100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
13⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
12⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
11⤵
PID:8524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
10⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 792 -s 236
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47366.exe
8⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-50691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50691.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46963.exe
10⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23782.exe
11⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28002.exe
12⤵
PID:5904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 236
11⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
9⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2012 -s 240
8⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28984.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1310.exe
8⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13368.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53746.exe
10⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60209.exe
11⤵
PID:10428

C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46941.exe
12⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10428 -s 216
12⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
11⤵
PID:11024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
9⤵
PID:6420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 236
8⤵
PID:4496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
7⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10951.exe
6⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48850.exe
7⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20854.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-41848.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41848.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51639.exe
10⤵
PID:7384

C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
11⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13884.exe
12⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 220
12⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7384 -s 216
11⤵
PID:10464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
10⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
9⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
8⤵
PID:4480

C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-988.exe
7⤵
PID:3936

C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50898.exe
8⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64145.exe
9⤵
PID:6828

C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49664.exe
10⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21256.exe
11⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
11⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6828 -s 216
10⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
9⤵
PID:8124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3936 -s 236
8⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 240
7⤵
- Program crash
PID:3908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
6⤵
- Program crash
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
5⤵
- Program crash
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42151.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2378.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53276.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
7⤵
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1761.exe
8⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53308.exe
9⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18418.exe
10⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47617.exe
11⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56410.exe
12⤵
PID:9364

C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11281.exe
13⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9364 -s 216
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
12⤵
PID:1216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4776 -s 216
11⤵
PID:3004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
10⤵
PID:5364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 236
9⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15845.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31817.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36040.exe
10⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-458.exe
11⤵
PID:10632

C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
12⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10632 -s 216
12⤵
PID:8872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
11⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 236
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 220
8⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44226.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36780.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17458.exe
9⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21022.exe
10⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30692.exe
11⤵
PID:9520

C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32966.exe
12⤵
PID:5484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9520 -s 216
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 220
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
10⤵
PID:8272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
PID:4656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10567.exe
6⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13930.exe
7⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12332.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45569.exe
9⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3113.exe
10⤵
PID:7320

C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30126.exe
11⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7320 -s 216
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
10⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
8⤵
PID:5548

C:\Users\Admin\AppData\Local\Temp\Unicorn-9680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9680.exe
7⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29041.exe
8⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52184.exe
9⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33131.exe
10⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41176.exe
11⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
11⤵
PID:12620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
10⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
9⤵
PID:9124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
8⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 240
7⤵
PID:5536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 220
6⤵
- Program crash
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-546.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30241.exe
6⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13738.exe
7⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45690.exe
8⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45953.exe
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24497.exe
10⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48796.exe
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
11⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
10⤵
PID:9600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
9⤵
PID:7268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 216
8⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65521.exe
7⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12128.exe
8⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46920.exe
9⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45589.exe
10⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
10⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
9⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 216
8⤵
PID:7408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 240
7⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33665.exe
6⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61917.exe
7⤵
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38688.exe
8⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64478.exe
9⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65373.exe
10⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
10⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
9⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3820 -s 216
8⤵
PID:6660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 236
7⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
6⤵
- Program crash
PID:3832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
5⤵
- Program crash
PID:2392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
4⤵
- Program crash
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
2⤵
- Program crash
PID:2484

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-18504.exe
Filesize
184KB

MD5
820ccb9eec4ad6d2dda3dc7e0466189a

SHA1
bf78f41947ddfa8747438650ea9898c6a6de7a96

SHA256
2f64499672e2a0eeb64e95dce2866b06a0014f2adfddf644e195c90482a04319

SHA512
ba80d217cb1e5caa62b1d06fa9d139c8c081cb64541376bad0feac9071ffdccceb393572687a37438c015e99a761bcfc8dbd95b108ffa2188b3717fb45e7d3fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37659.exe
Filesize
184KB

MD5
bc9bff73c0f3fcb962fe0aa7c3b4a8aa

SHA1
6a3f7960612a06fd77e5242fd0dcc21f26d35c83

SHA256
e1fe035b3b72c6ed8264a469ec0afbdd868dfce1e5815d4071fe9be4cdcdb099

SHA512
a666c852dd7e9c5d297430ebfc864b000ce44a0ba02a556dbb911a5e33606bb2254848b74290e1cffdb36362cd65f5322a701d2c8722638b3d7e9fe5221d866b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40291.exe
Filesize
184KB

MD5
dfa292b60dc4435ab507399efcf4d71e

SHA1
09fc8084c7aeac07922cd7867eeaf72468a47e0b

SHA256
a994feebb67fc9a36fcfe00b7eaf2dbd0952717e7cb6c8f36106bbe8d4c8f263

SHA512
dedd3324e333515983cfd3de3bad37dcbae9941bc9358cc58bdb3808ac71e7eebde2fff9491b4c5f435e1c5500b030ad88d1b88fea1d327af4e5029dc7560813

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-50107.exe
Filesize
184KB

MD5
b6fb48414482171887b8cc3ab7febef0

SHA1
b2911bb4b6f3562dede30665c1b9ccf1ad8c7a07

SHA256
366b6e21a640051f724ef05b46f8492ec2ac89781c91a849b0390d8d6949cbb6

SHA512
84c286629ee0501ef0bcdd9743f4ad4d66dafc305c77c439b8208351ef48e66139135b1dfc11dac128f1bfcfb13776bb2544dd32a745d0dc5517e901692209cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55012.exe
Filesize
184KB

MD5
37880e50a416e60ef5c8183cf29ada26

SHA1
6cb8224bd5c52ba618b46f25fc8b7a6e18a2e273

SHA256
3e3d9d13872c07a0f03b48752a89e3bafcf7b94445a7b5767c50a63670b9c71f

SHA512
e7b4ccc56283f4bda30dfaba3ec686fdc3acafd6919f61f48e4c51bf033121be3eb9d3c364aad428c11c684394b9a630def3e93e759c3edc904de94f637d39a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55149.exe
Filesize
184KB

MD5
fe5ff0af3e3344b0524f973e66da0623

SHA1
5f0368a1bea383a58b563db1c501d1dc1b65bc08

SHA256
de5b3c193fe10c6227c2dbc897f277242783233f67b2947c0f28fdfc69b5b2d6

SHA512
0454a39e0523267e57437e0f0d88362cc3cd2c111ad2a849bb9d79a29c18a3adcbf5f8a32abc00a2ee939602f398e4b63aa25687386b1aa22e7ca68cf6c4f82c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55848.exe
Filesize
184KB

MD5
9c47dadf444be6169fcf94d0f9215458

SHA1
f43a69b70bd03677f9c7274a8f5cde3fb1bf1238

SHA256
52d44bbe3b3409bed64fc4d53385739af2ef0151f3ee845d66adc7004b31f489

SHA512
7744e23e5bca557231797c82e66e7d326a7f8a97e6cc98710dea540b3073ff7e4512be375cd479368fbb0e5fa93b38895196fcc5eb9aa489c61326ffc4d0d6f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5950.exe
Filesize
184KB

MD5
6b37f9df157c6fa82ea917eb20bdf4da

SHA1
9b8717e0dbc4871eee8e5a3424f3423e01a42f7c

SHA256
da90850684fbf966ae64744ba1f020e60729950fadd892471d67fa37c259580f

SHA512
a5b5ea80e8e2bb38ace16c2df7a419c4212a76d422a8c53621aa9e5bc4bc2cafa633d31793f30c9c6b834f8b939175adf07f36f944285b9fe4325790c8a5c6bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6398.exe
Filesize
184KB

MD5
b314fbe1a171edb8dceb87de8dcfa48a

SHA1
677ba94c8e0acaa1ecfd27bc2530344b73eb76d4

SHA256
30c123e3554b3bf730f06e7def15235fdeaa916e98bbefc836a676f1e8bc50f5

SHA512
6c66cc1f58cb2f9b21d187d1c72877f194952f44e4018682d252b510e63c60caa6fbfc4773c77844ff989f262297378ea0693cc6175eab26db183909fdde863f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6450.exe
Filesize
184KB

MD5
c40e6b90c20bb066cee6ab69155a1410

SHA1
bf685db23d76d1f98a1342852b71b7260f04d12f

SHA256
1fa81aa972c312e574a385839e44e0ffa2815efef578d6321bd3ce9e74a7893c

SHA512
c981507c309b1120254c4008026dcc21ce64a6a19375fe181bfe6e24dacfa1e8f7de31ead79548dfb7d3deecbb4089a56daa783a48c33c8b1cd08fc764535182

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-65166.exe
Filesize
184KB

MD5
2eb34301c9bf1a81f21f325ca6f44d6b

SHA1
e243ffdcb594fb354cea4df1abffcd096b6884bf

SHA256
d168e7af4c9831e8c9df5c23bc1e877fa308b14e2c5a0b8f02ec793b16d7234c

SHA512
045a0bc1b16345813209b634e74c92b9902d45ad20ef5a7e750c3b5b4350411190b344780b0a7ad4c0befa43b742933f448d1652563a0974a57ef938ea4e8d9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
Filesize
184KB

MD5
e4d4aefdaee611b2a7449bfc22feda65

SHA1
211153c826a08b64e621dd71b2790a3e0540221d

SHA256
c50bd922cd25b00d9718d3d26eec55a99af260be460356ba9fab520fb92d613b

SHA512
3c0efacd68dee2050cbaed2619d8e7b5c21f4eba00b291e57249eb57ed30ac978bcc178cfc78f24ec3ac189dd7182f4a43ef68a675e93d2ec5d60604558aedf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9989.exe
Filesize
184KB

MD5
99683dffe20ccd4d5acefc938c53a66b

SHA1
ee002ddd0703e40137e7616283a9c7a492888587

SHA256
9df4dd6e4e2443f807935354cafc7ecbacedbeaaf9ffc6da3036ec11b2876b85

SHA512
8221f229ca71c96be90b27f79df4ae1eb973f906ce9ef99ca07243177a6c566e101f5567977d72c46c57ea7c9bef579ab6f5a473854eb581b527c1336c04ff94

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-19324.exe
Filesize
184KB

MD5
b65f30622ea9a5c8a4893af01e327b7a

SHA1
4839eb0054fa1c2dab146c78028c82776ca327cd

SHA256
922eb4b170ebb822d0dd29db0afbd474fd8e12a53a64de071693958fb7fcdeed

SHA512
9ecb52dfd11bddca24f033f38846e1bbab648279a8e81fa8a120d5d28d78d71b057f96f4437d2ec1bea3fe44d5d81710dabfa71ce06793490f73d8a587e59c1a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-24195.exe
Filesize
184KB

MD5
b8ea7df594baeaa48737af0e31d9c316

SHA1
6f6ecca5498e693028c9c25ce08d80fb13aff8e6

SHA256
039f463094d85ed5585f31c8b5373f5878a9c736f7fa4e68e863b34dadd19c93

SHA512
d2b870b1a6585087cc816c28287d5cf100ccba6ba4223b8b5158d466b6453ec0812cb2505396dc5e1334fa062708ba3afcfdfd320527a9271f89dbb8de7eeef2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27725.exe
Filesize
184KB

MD5
5a4d943168d950726244bfe7cebfdcaf

SHA1
18d7d4e1ff8ab6c8264de10ba99e3d3d5081de2d

SHA256
1961042ebd75f21a499aebb2d7f94351f60840d581365b4ba762e67d8604461e

SHA512
7545ec824c96494334b651e9273372bc2e809a3259d45a41948ca2e7e1fa2e81e71ea8a30bd6fb3966457d870cb72457381f976bef2822aa628d92f3635c7dc1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34648.exe
Filesize
184KB

MD5
0f3c5bf7d50693f8202ac18847276b5f

SHA1
e0f910bddb6ae53ce69ce23307359fb25ce26cb9

SHA256
49b546c113617756503cebd0a4efff22e8b1c165341d15adc9c924a253c3ee8e

SHA512
4d9b2c8c424e6ec844b1381db94cd800140d6b6b21d468cfe7ead6e09e4074e23045dcc33112e3bbfd526c23934209e21cfa180473d4d2a634ebc4dc752d408f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43828.exe
Filesize
184KB

MD5
6f2689aff366efe4f0ab64ea293e9cac

SHA1
6703e50dfc3d0f4e4bb2f3de93dedaab3c5b3e2a

SHA256
87a5db6c80c15d00ed8ac6f74a01abb9f547dc57524d26ec7a8eb82c99d6011b

SHA512
056318e7b489cd719f896b79a942536127451ebe781f8523b634b96498fdcde7ad2ad1bac95ead3a1d471eda1ae3f31b7adfaa8556c18c78e6cf5a4d2216c5cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-46578.exe
Filesize
184KB

MD5
ca1f852c3c3e982f09105f9c26499e81

SHA1
1fcb837430717390fb2493e15e4fe3e3d5356654

SHA256
36ef5323bb1eaaa0ed83de05eef5bd81e2ac22f626eefd1337e6eaba979353e8

SHA512
14e98beded571f5d6753f0622f7a66fa2351d6d629b6c4a7a872e2284c37755410dd6e294d414fbfe7691057dcbbe6ca95ec15bb08f79c658ce8d489cd5be703

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
Filesize
184KB

MD5
2ec01cb6150962e9654ba1872f836d65

SHA1
9c376bec56173913d96890f23210e8d683a63adb

SHA256
b5d0a2598a1847c7bc9f196a4688dde64e0b48833767be304be2bcb183212116

SHA512
b896cca08a3e2f362d2c5419de721a4dbe932c344bea4664ae855b173d93599509cb1ecffb595842fcb5c306e4a59a38ff1cd1d406e7b1d66f827474b0138828

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49403.exe
Filesize
184KB

MD5
69d4e360926ee87c0cbe8fedcfdf9f58

SHA1
e260c217250d4815836f3af0a69394e8e8bff96b

SHA256
dd87b40b0c59763334a62c2f38c4a5ea236d90b4e9d081c7c4a1edde19801fa1

SHA512
3adae62abfd8e78ea943423f822bbe0db8e421ff5f2d25e8859d87eb281a128dd3aec5e6d9a3ee871ee1765f35be01a0bce86e1b06d1f7b565b51e051de8b1a5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63106.exe
Filesize
184KB

MD5
f0b0e58e471b318b4c5e8e5ef6c8bae3

SHA1
358b70a90a25c8354e0b3397ff4454f4a523692e

SHA256
fcf7e91adae788d5733972b1bcc1b7759e8bd71607564bf03d7b7391b34e70c6

SHA512
da42ed258a359c0a7597f75f5566a3cdede098f43f2ad60c86899f83c538a44a650a6f5a19f22e630c37371167c2ca7705e716131156fb727b1e0f13b64d3542

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63693.exe
Filesize
184KB

MD5
b0066460f2dd6ffa917877ede9810862

SHA1
61aa1490c8ab70439130d4881c6bd4b138e8a2f7

SHA256
eed388baf38d89ba3aed6926f7293d85de446fb93bb6d770cd3b38a29a70f3bf

SHA512
2c24463fd62c37fc7cfc0fcb31cb2f4882660b2f4846878cba4c8a37f05b6fdb7b9b4b7b0318778a1ae3ff87b2bcc594bde612a85f0ea99210bd2b90faf62f07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9421.exe
Filesize
184KB

MD5
66a8dcf289edad4f1381ea69ab9f2c3a

SHA1
dee2dda052fcbf88335f51215f50f3e936b38f57

SHA256
95c9d0f7fe8b07f21c304594bea6a544213a1dafa5b168f7ef93c76db9167a69

SHA512
447bc4731e87d202f610ad2f7cfc39e32c59c41bc62b1b89bba0cb00975e09a31241349a56d82b1e8a61f9f041d8cdc9ac04e41c536adea7ba19f2c0ed5c3dba

Download Submit
memory/1348-811-0x0000000002940000-0x0000000002A9C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads