07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8

Analysis

max time kernel
150s
max time network
125s
platform
windows7_x64
resource
win7-20240419-en
resource tags

arch:x64arch:x86image:win7-20240419-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 18:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
Size

184KB
MD5

4718d6693d1dcabacbd7bb7ad64f30d5
SHA1

1ac6a72b2c4b26676148751e2d87236bd6dc6cd9
SHA256

07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8
SHA512

deae7dde30554b12343016d9cefb259572af17bb4a483cd4ce1a26170ba85234d7f39a654bd7b5c5c579daf2dec7b103d4d401a745977f23424e6376b13b7169
SSDEEP

3072:ddF3VxoIjXOMdgyWeJcLRTeRhlnniF7n3:ddpoL4gykLFeRhlnniF7

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-48244.exeUnicorn-26838.exeUnicorn-41782.exeUnicorn-57647.exeUnicorn-11139.exeUnicorn-31005.exeUnicorn-45442.exeUnicorn-33744.exeUnicorn-61778.exeUnicorn-31052.exeUnicorn-11186.exeUnicorn-38980.exeUnicorn-58846.exeUnicorn-1477.exeUnicorn-44456.exeUnicorn-29442.exeUnicorn-30834.exeUnicorn-30834.exeUnicorn-15052.exeUnicorn-58929.exeUnicorn-37139.exeUnicorn-6412.exeUnicorn-21357.exeUnicorn-56168.exeUnicorn-49391.exeUnicorn-33609.exeUnicorn-30917.exeUnicorn-4274.exeUnicorn-39085.exeUnicorn-19219.exeUnicorn-54030.exeUnicorn-43169.exeUnicorn-20886.exeUnicorn-35830.exeUnicorn-41306.exeUnicorn-2966.exeUnicorn-26916.exeUnicorn-59588.exeUnicorn-63672.exeUnicorn-37030.exeUnicorn-21248.exeUnicorn-45198.exeUnicorn-45198.exeUnicorn-45198.exeUnicorn-64227.exeUnicorn-64227.exeUnicorn-18556.exeUnicorn-22640.exeUnicorn-2774.exeUnicorn-26724.exeUnicorn-41668.exeUnicorn-61534.exeUnicorn-10942.exeUnicorn-65016.exeUnicorn-14424.exeUnicorn-38374.exeUnicorn-19900.exeUnicorn-34844.exeUnicorn-5509.exeUnicorn-9593.exeUnicorn-24538.exeUnicorn-42266.exeUnicorn-26484.exeUnicorn-19708.exe

pid	process
2592	Unicorn-48244.exe
2416	Unicorn-26838.exe
2772	Unicorn-41782.exe
2856	Unicorn-57647.exe
2852	Unicorn-11139.exe
2100	Unicorn-31005.exe
2388	Unicorn-45442.exe
2484	Unicorn-33744.exe
2596	Unicorn-61778.exe
2016	Unicorn-31052.exe
2032	Unicorn-11186.exe
888	Unicorn-38980.exe
828	Unicorn-58846.exe
2156	Unicorn-1477.exe
2308	Unicorn-44456.exe
2184	Unicorn-29442.exe
764	Unicorn-30834.exe
608	Unicorn-30834.exe
1272	Unicorn-15052.exe
2352	Unicorn-58929.exe
3032	Unicorn-37139.exe
1768	Unicorn-6412.exe
1336	Unicorn-21357.exe
1620	Unicorn-56168.exe
1976	Unicorn-49391.exe
740	Unicorn-33609.exe
3028	Unicorn-30917.exe
1608	Unicorn-4274.exe
2396	Unicorn-39085.exe
1508	Unicorn-19219.exe
1936	Unicorn-54030.exe
2188	Unicorn-43169.exe
2192	Unicorn-20886.exe
2616	Unicorn-35830.exe
2536	Unicorn-41306.exe
2684	Unicorn-2966.exe
2696	Unicorn-26916.exe
2584	Unicorn-59588.exe
2556	Unicorn-63672.exe
2576	Unicorn-37030.exe
1120	Unicorn-21248.exe
2608	Unicorn-45198.exe
2004	Unicorn-45198.exe
2796	Unicorn-45198.exe
1308	Unicorn-64227.exe
1264	Unicorn-64227.exe
1232	Unicorn-18556.exe
2232	Unicorn-22640.exe
1660	Unicorn-2774.exe
340	Unicorn-26724.exe
1756	Unicorn-41668.exe
2452	Unicorn-61534.exe
620	Unicorn-10942.exe
3056	Unicorn-65016.exe
1696	Unicorn-14424.exe
772	Unicorn-38374.exe
892	Unicorn-19900.exe
2148	Unicorn-34844.exe
1652	Unicorn-5509.exe
2436	Unicorn-9593.exe
1484	Unicorn-24538.exe
2656	Unicorn-42266.exe
2056	Unicorn-26484.exe
2624	Unicorn-19708.exe

Loads dropped DLL 64 IoCs

Processes:

07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exeUnicorn-48244.exeUnicorn-41782.exeUnicorn-26838.exeWerFault.exeUnicorn-57647.exeUnicorn-31005.exeUnicorn-11139.exeWerFault.exeWerFault.exeUnicorn-45442.exeUnicorn-33744.exeUnicorn-61778.exeUnicorn-31052.exeUnicorn-11186.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
2592	Unicorn-48244.exe
2592	Unicorn-48244.exe
1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
2772	Unicorn-41782.exe
2772	Unicorn-41782.exe
2592	Unicorn-48244.exe
2592	Unicorn-48244.exe
2416	Unicorn-26838.exe
2416	Unicorn-26838.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2540	WerFault.exe
2856	Unicorn-57647.exe
2856	Unicorn-57647.exe
2772	Unicorn-41782.exe
2772	Unicorn-41782.exe
2100	Unicorn-31005.exe
2100	Unicorn-31005.exe
2852	Unicorn-11139.exe
2416	Unicorn-26838.exe
2852	Unicorn-11139.exe
2416	Unicorn-26838.exe
1920	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
1920	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
2236	WerFault.exe
1920	WerFault.exe
2236	WerFault.exe
2388	Unicorn-45442.exe
2388	Unicorn-45442.exe
2856	Unicorn-57647.exe
2856	Unicorn-57647.exe
2484	Unicorn-33744.exe
2484	Unicorn-33744.exe
2596	Unicorn-61778.exe
2596	Unicorn-61778.exe
2100	Unicorn-31005.exe
2100	Unicorn-31005.exe
2016	Unicorn-31052.exe
2032	Unicorn-11186.exe
2016	Unicorn-31052.exe
2032	Unicorn-11186.exe
2852	Unicorn-11139.exe
2852	Unicorn-11139.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2880	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
300	WerFault.exe
300	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2728	1740	WerFault.exe	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
2540	2592	WerFault.exe	Unicorn-48244.exe
1920	2772	WerFault.exe	Unicorn-41782.exe
2236	2416	WerFault.exe	Unicorn-26838.exe
2880	2856	WerFault.exe	Unicorn-57647.exe
2824	2100	WerFault.exe	Unicorn-31005.exe
300	2852	WerFault.exe	Unicorn-11139.exe
2468	2388	WerFault.exe	Unicorn-45442.exe
2444	2484	WerFault.exe	Unicorn-33744.exe
2344	2596	WerFault.exe	Unicorn-61778.exe
2712	2032	WerFault.exe	Unicorn-11186.exe
2860	2016	WerFault.exe	Unicorn-31052.exe
580	2156	WerFault.exe	Unicorn-1477.exe
920	828	WerFault.exe	Unicorn-58846.exe
1808	2308	WerFault.exe	Unicorn-44456.exe
1984	2184	WerFault.exe	Unicorn-29442.exe
2972	764	WerFault.exe	Unicorn-30834.exe
2248	608	WerFault.exe	Unicorn-30834.exe
1572	1272	WerFault.exe	Unicorn-15052.exe
2552	3032	WerFault.exe	Unicorn-37139.exe
2952	1336	WerFault.exe	Unicorn-21357.exe
2604	1620	WerFault.exe	Unicorn-56168.exe
2808	1936	WerFault.exe	Unicorn-54030.exe
1612	1768	WerFault.exe	Unicorn-6412.exe
968	1976	WerFault.exe	Unicorn-49391.exe
1780	740	WerFault.exe	Unicorn-33609.exe
2160	2396	WerFault.exe	Unicorn-39085.exe
1748	3028	WerFault.exe	Unicorn-30917.exe
1560	1508	WerFault.exe	Unicorn-19219.exe
636	2188	WerFault.exe	Unicorn-43169.exe
1128	1608	WerFault.exe	Unicorn-4274.exe
3464	2192	WerFault.exe	Unicorn-20886.exe
3528	2616	WerFault.exe	Unicorn-35830.exe
3560	2536	WerFault.exe	Unicorn-41306.exe
3800	2696	WerFault.exe	Unicorn-26916.exe
3812	2684	WerFault.exe	Unicorn-2966.exe
3824	2556	WerFault.exe	Unicorn-63672.exe
3872	2584	WerFault.exe	Unicorn-59588.exe
3900	1232	WerFault.exe	Unicorn-18556.exe
3916	1308	WerFault.exe	Unicorn-64227.exe
3948	1264	WerFault.exe	Unicorn-64227.exe
3964	2576	WerFault.exe	Unicorn-37030.exe
3260	1660	WerFault.exe	Unicorn-2774.exe
3536	2608	WerFault.exe	Unicorn-45198.exe
3552	1696	WerFault.exe	Unicorn-14424.exe
3568	2796	WerFault.exe	Unicorn-45198.exe
3616	1120	WerFault.exe	Unicorn-21248.exe
3624	340	WerFault.exe	Unicorn-26724.exe
3088	2436	WerFault.exe	Unicorn-9593.exe
3256	1652	WerFault.exe	Unicorn-5509.exe
3512	2504	WerFault.exe	Unicorn-12094.exe
3692	2104	WerFault.exe	Unicorn-8031.exe
3748	1796	WerFault.exe	Unicorn-22230.exe
3772	936	WerFault.exe	Unicorn-40189.exe
3136	532	WerFault.exe	Unicorn-23853.exe
4024	2896	WerFault.exe	Unicorn-13547.exe
3588	748	WerFault.exe	Unicorn-31467.exe
4228	1244	WerFault.exe	Unicorn-11046.exe
4276	1452	WerFault.exe	Unicorn-27383.exe
4312	2452	WerFault.exe	Unicorn-61534.exe
4352	940	WerFault.exe	Unicorn-1295.exe
4360	1916	WerFault.exe	Unicorn-54025.exe
4376	808	WerFault.exe	Unicorn-17077.exe
4428	2284	WerFault.exe	Unicorn-54580.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exeUnicorn-48244.exeUnicorn-26838.exeUnicorn-41782.exeUnicorn-57647.exeUnicorn-11139.exeUnicorn-31005.exeUnicorn-45442.exeUnicorn-33744.exeUnicorn-61778.exeUnicorn-11186.exeUnicorn-31052.exeUnicorn-38980.exeUnicorn-58846.exeUnicorn-1477.exeUnicorn-44456.exeUnicorn-29442.exeUnicorn-30834.exeUnicorn-15052.exeUnicorn-30834.exeUnicorn-58929.exeUnicorn-37139.exeUnicorn-6412.exeUnicorn-21357.exeUnicorn-56168.exeUnicorn-49391.exeUnicorn-33609.exeUnicorn-30917.exeUnicorn-39085.exeUnicorn-19219.exeUnicorn-4274.exeUnicorn-43169.exeUnicorn-54030.exeUnicorn-20886.exeUnicorn-35830.exeUnicorn-41306.exeUnicorn-2966.exeUnicorn-26916.exeUnicorn-59588.exeUnicorn-63672.exeUnicorn-37030.exeUnicorn-21248.exeUnicorn-45198.exeUnicorn-45198.exeUnicorn-2774.exeUnicorn-45198.exeUnicorn-64227.exeUnicorn-64227.exeUnicorn-18556.exeUnicorn-22640.exeUnicorn-41668.exeUnicorn-26724.exeUnicorn-61534.exeUnicorn-10942.exeUnicorn-14424.exeUnicorn-65016.exeUnicorn-38374.exeUnicorn-34844.exeUnicorn-19900.exeUnicorn-5509.exeUnicorn-9593.exeUnicorn-24538.exeUnicorn-42266.exeUnicorn-26484.exe

pid	process
1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
2592	Unicorn-48244.exe
2416	Unicorn-26838.exe
2772	Unicorn-41782.exe
2856	Unicorn-57647.exe
2852	Unicorn-11139.exe
2100	Unicorn-31005.exe
2388	Unicorn-45442.exe
2484	Unicorn-33744.exe
2596	Unicorn-61778.exe
2032	Unicorn-11186.exe
2016	Unicorn-31052.exe
888	Unicorn-38980.exe
828	Unicorn-58846.exe
2156	Unicorn-1477.exe
2308	Unicorn-44456.exe
2184	Unicorn-29442.exe
764	Unicorn-30834.exe
1272	Unicorn-15052.exe
608	Unicorn-30834.exe
2352	Unicorn-58929.exe
3032	Unicorn-37139.exe
1768	Unicorn-6412.exe
1336	Unicorn-21357.exe
1620	Unicorn-56168.exe
1976	Unicorn-49391.exe
740	Unicorn-33609.exe
3028	Unicorn-30917.exe
2396	Unicorn-39085.exe
1508	Unicorn-19219.exe
1608	Unicorn-4274.exe
2188	Unicorn-43169.exe
1936	Unicorn-54030.exe
2192	Unicorn-20886.exe
2616	Unicorn-35830.exe
2536	Unicorn-41306.exe
2684	Unicorn-2966.exe
2696	Unicorn-26916.exe
2584	Unicorn-59588.exe
2556	Unicorn-63672.exe
2576	Unicorn-37030.exe
1120	Unicorn-21248.exe
2608	Unicorn-45198.exe
2004	Unicorn-45198.exe
1660	Unicorn-2774.exe
2796	Unicorn-45198.exe
1264	Unicorn-64227.exe
1308	Unicorn-64227.exe
1232	Unicorn-18556.exe
2232	Unicorn-22640.exe
1756	Unicorn-41668.exe
340	Unicorn-26724.exe
2452	Unicorn-61534.exe
620	Unicorn-10942.exe
1696	Unicorn-14424.exe
3056	Unicorn-65016.exe
772	Unicorn-38374.exe
2148	Unicorn-34844.exe
892	Unicorn-19900.exe
1652	Unicorn-5509.exe
2436	Unicorn-9593.exe
1484	Unicorn-24538.exe
2656	Unicorn-42266.exe
2056	Unicorn-26484.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exeUnicorn-48244.exeUnicorn-41782.exeUnicorn-26838.exeUnicorn-57647.exeUnicorn-31005.exeUnicorn-11139.exeUnicorn-45442.exe

description	pid	process	target process
PID 1740 wrote to memory of 2592	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-48244.exe
PID 1740 wrote to memory of 2592	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-48244.exe
PID 1740 wrote to memory of 2592	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-48244.exe
PID 1740 wrote to memory of 2592	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-48244.exe
PID 2592 wrote to memory of 2416	2592	Unicorn-48244.exe	Unicorn-26838.exe
PID 2592 wrote to memory of 2416	2592	Unicorn-48244.exe	Unicorn-26838.exe
PID 2592 wrote to memory of 2416	2592	Unicorn-48244.exe	Unicorn-26838.exe
PID 2592 wrote to memory of 2416	2592	Unicorn-48244.exe	Unicorn-26838.exe
PID 1740 wrote to memory of 2772	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-41782.exe
PID 1740 wrote to memory of 2772	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-41782.exe
PID 1740 wrote to memory of 2772	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-41782.exe
PID 1740 wrote to memory of 2772	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	Unicorn-41782.exe
PID 1740 wrote to memory of 2728	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	WerFault.exe
PID 1740 wrote to memory of 2728	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	WerFault.exe
PID 1740 wrote to memory of 2728	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	WerFault.exe
PID 1740 wrote to memory of 2728	1740	07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe	WerFault.exe
PID 2772 wrote to memory of 2856	2772	Unicorn-41782.exe	Unicorn-57647.exe
PID 2772 wrote to memory of 2856	2772	Unicorn-41782.exe	Unicorn-57647.exe
PID 2772 wrote to memory of 2856	2772	Unicorn-41782.exe	Unicorn-57647.exe
PID 2772 wrote to memory of 2856	2772	Unicorn-41782.exe	Unicorn-57647.exe
PID 2592 wrote to memory of 2852	2592	Unicorn-48244.exe	Unicorn-11139.exe
PID 2592 wrote to memory of 2852	2592	Unicorn-48244.exe	Unicorn-11139.exe
PID 2592 wrote to memory of 2852	2592	Unicorn-48244.exe	Unicorn-11139.exe
PID 2592 wrote to memory of 2852	2592	Unicorn-48244.exe	Unicorn-11139.exe
PID 2416 wrote to memory of 2100	2416	Unicorn-26838.exe	Unicorn-31005.exe
PID 2416 wrote to memory of 2100	2416	Unicorn-26838.exe	Unicorn-31005.exe
PID 2416 wrote to memory of 2100	2416	Unicorn-26838.exe	Unicorn-31005.exe
PID 2416 wrote to memory of 2100	2416	Unicorn-26838.exe	Unicorn-31005.exe
PID 2592 wrote to memory of 2540	2592	Unicorn-48244.exe	WerFault.exe
PID 2592 wrote to memory of 2540	2592	Unicorn-48244.exe	WerFault.exe
PID 2592 wrote to memory of 2540	2592	Unicorn-48244.exe	WerFault.exe
PID 2592 wrote to memory of 2540	2592	Unicorn-48244.exe	WerFault.exe
PID 2856 wrote to memory of 2388	2856	Unicorn-57647.exe	Unicorn-45442.exe
PID 2856 wrote to memory of 2388	2856	Unicorn-57647.exe	Unicorn-45442.exe
PID 2856 wrote to memory of 2388	2856	Unicorn-57647.exe	Unicorn-45442.exe
PID 2856 wrote to memory of 2388	2856	Unicorn-57647.exe	Unicorn-45442.exe
PID 2772 wrote to memory of 2484	2772	Unicorn-41782.exe	Unicorn-33744.exe
PID 2772 wrote to memory of 2484	2772	Unicorn-41782.exe	Unicorn-33744.exe
PID 2772 wrote to memory of 2484	2772	Unicorn-41782.exe	Unicorn-33744.exe
PID 2772 wrote to memory of 2484	2772	Unicorn-41782.exe	Unicorn-33744.exe
PID 2100 wrote to memory of 2596	2100	Unicorn-31005.exe	Unicorn-61778.exe
PID 2100 wrote to memory of 2596	2100	Unicorn-31005.exe	Unicorn-61778.exe
PID 2100 wrote to memory of 2596	2100	Unicorn-31005.exe	Unicorn-61778.exe
PID 2100 wrote to memory of 2596	2100	Unicorn-31005.exe	Unicorn-61778.exe
PID 2852 wrote to memory of 2016	2852	Unicorn-11139.exe	Unicorn-31052.exe
PID 2852 wrote to memory of 2016	2852	Unicorn-11139.exe	Unicorn-31052.exe
PID 2852 wrote to memory of 2016	2852	Unicorn-11139.exe	Unicorn-31052.exe
PID 2852 wrote to memory of 2016	2852	Unicorn-11139.exe	Unicorn-31052.exe
PID 2416 wrote to memory of 2032	2416	Unicorn-26838.exe	Unicorn-11186.exe
PID 2416 wrote to memory of 2032	2416	Unicorn-26838.exe	Unicorn-11186.exe
PID 2416 wrote to memory of 2032	2416	Unicorn-26838.exe	Unicorn-11186.exe
PID 2416 wrote to memory of 2032	2416	Unicorn-26838.exe	Unicorn-11186.exe
PID 2772 wrote to memory of 1920	2772	Unicorn-41782.exe	WerFault.exe
PID 2772 wrote to memory of 1920	2772	Unicorn-41782.exe	WerFault.exe
PID 2772 wrote to memory of 1920	2772	Unicorn-41782.exe	WerFault.exe
PID 2772 wrote to memory of 1920	2772	Unicorn-41782.exe	WerFault.exe
PID 2416 wrote to memory of 2236	2416	Unicorn-26838.exe	WerFault.exe
PID 2416 wrote to memory of 2236	2416	Unicorn-26838.exe	WerFault.exe
PID 2416 wrote to memory of 2236	2416	Unicorn-26838.exe	WerFault.exe
PID 2416 wrote to memory of 2236	2416	Unicorn-26838.exe	WerFault.exe
PID 2388 wrote to memory of 828	2388	Unicorn-45442.exe	Unicorn-58846.exe
PID 2388 wrote to memory of 828	2388	Unicorn-45442.exe	Unicorn-58846.exe
PID 2388 wrote to memory of 828	2388	Unicorn-45442.exe	Unicorn-58846.exe
PID 2388 wrote to memory of 828	2388	Unicorn-45442.exe	Unicorn-58846.exe

C:\Users\Admin\AppData\Local\Temp\07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe
"C:\Users\Admin\AppData\Local\Temp\07b85029f5921eb5f70677364b37e76dab2475fcb889267c174f29c29e9c5ae8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44456.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49391.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64139.exe
9⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8270.exe
10⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41467.exe
11⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15923.exe
12⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22794.exe
13⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19800.exe
14⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
14⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
13⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
12⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 216
11⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58026.exe
9⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21457.exe
10⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36418.exe
11⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17371.exe
12⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33213.exe
13⤵
PID:928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 220
13⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
12⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
11⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
10⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
9⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13547.exe
8⤵
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31021.exe
9⤵
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50813.exe
10⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28717.exe
11⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11397.exe
12⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9628.exe
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
13⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4680 -s 236
11⤵
PID:7956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 236
10⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 236
9⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 220
8⤵
- Program crash
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60055.exe
8⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16439.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64544.exe
10⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36034.exe
11⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61070.exe
12⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
13⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
12⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4036 -s 216
11⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
10⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58317.exe
10⤵
PID:5888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
11⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24771.exe
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 236
12⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5888 -s 216
11⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
9⤵
PID:5332

C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40040.exe
9⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50424.exe
10⤵
PID:5820

C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26260.exe
11⤵
PID:9116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 200
12⤵
PID:11280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5820 -s 216
11⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
10⤵
PID:7340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 240
8⤵
- Program crash
PID:3916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
7⤵
- Program crash
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33609.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:740

C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27383.exe
8⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47357.exe
9⤵
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58789.exe
10⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
11⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12824.exe
12⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9301.exe
13⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10264 -s 216
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 216
12⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
11⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 236
10⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
9⤵
- Program crash
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-849.exe
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57637.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52178.exe
10⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
11⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
12⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 220
12⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 220
11⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:7560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1904 -s 216
9⤵
PID:5660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
8⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2364.exe
7⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64269.exe
8⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60460.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
10⤵
PID:6660

C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
11⤵
PID:8224

C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39182.exe
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8224 -s 216
12⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6660 -s 220
11⤵
PID:10252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
9⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65099.exe
8⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 220
9⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
8⤵
PID:5340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 740 -s 220
7⤵
- Program crash
PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
6⤵
- Program crash
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29442.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30917.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18556.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1232

C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42650.exe
8⤵
PID:1292

C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
9⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44207.exe
10⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32617.exe
11⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
12⤵
PID:10672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
12⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
11⤵
PID:8672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 220
10⤵
PID:6928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1292 -s 216
9⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-657.exe
8⤵
PID:3272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1232 -s 240
8⤵
- Program crash
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
7⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53387.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4928.exe
9⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21836.exe
10⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42451.exe
11⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35892.exe
12⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
11⤵
PID:9952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 216
10⤵
PID:7724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
9⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
8⤵
- Program crash
PID:3772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
7⤵
- Program crash
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2774.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11046.exe
7⤵
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39189.exe
8⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30201.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
10⤵
PID:6372

C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29379.exe
11⤵
PID:10172

C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10172 -s 236
12⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6372 -s 216
11⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 216
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1244 -s 236
8⤵
- Program crash
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23407.exe
7⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3667.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24275.exe
9⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
10⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-650.exe
11⤵
PID:11696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 220
11⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5988 -s 216
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
9⤵
PID:6448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
8⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
7⤵
- Program crash
PID:3260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
6⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2824

C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39085.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45198.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22230.exe
8⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18577.exe
9⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33709.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63060.exe
11⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44013.exe
12⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
13⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 220
13⤵
PID:12448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 220
12⤵
PID:9360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
11⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 236
10⤵
PID:5692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
9⤵
- Program crash
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37605.exe
8⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11041.exe
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
10⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
11⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
12⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10616 -s 216
12⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
10⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 216
9⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 240
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
7⤵
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60185.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47907.exe
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20767.exe
10⤵
PID:5388

C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22176.exe
11⤵
PID:9088

C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8865.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9088 -s 220
12⤵
PID:12440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5388 -s 216
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
10⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
9⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 236
8⤵
- Program crash
PID:3136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
7⤵
- Program crash
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64227.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
7⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29459.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40398.exe
9⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11117.exe
11⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6260.exe
12⤵
PID:6428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
12⤵
PID:2868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 216
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
8⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
7⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37902.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27866.exe
9⤵
PID:5908

C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25488.exe
9⤵
PID:6812

C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5969.exe
10⤵
PID:9444

C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23697.exe
11⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9444 -s 216
11⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6812 -s 216
10⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 220
9⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
8⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 240
7⤵
- Program crash
PID:3948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 240
6⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63672.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19708.exe
7⤵
- Executes dropped EXE
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14300.exe
8⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35380.exe
9⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50149.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
11⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32746.exe
12⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
12⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
11⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
10⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
9⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36702.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46833.exe
9⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40842.exe
10⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4350.exe
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
11⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 216
10⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
9⤵
PID:6828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
8⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2603.exe
7⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13584.exe
9⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13623.exe
10⤵
PID:8832

C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47713.exe
11⤵
PID:11484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8832 -s 216
11⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
9⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
8⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12094.exe
6⤵
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3994.exe
7⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7175.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25728.exe
9⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46343.exe
10⤵
PID:9180

C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54667.exe
11⤵
PID:11848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9180 -s 216
11⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
10⤵
PID:10220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
9⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 236
8⤵
PID:5312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 236
7⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 240
6⤵
- Program crash
PID:2808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
5⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30834.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4274.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61534.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47803.exe
8⤵
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57471.exe
9⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20884.exe
11⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44968.exe
12⤵
PID:10688

C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10688 -s 216
13⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
12⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
10⤵
PID:5964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 236
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12302.exe
9⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30313.exe
10⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63094.exe
11⤵
PID:10500

C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7438.exe
12⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10500 -s 216
12⤵
PID:8096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 236
11⤵
PID:11160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
10⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 216
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 220
8⤵
- Program crash
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1295.exe
7⤵
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51441.exe
8⤵
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20471.exe
9⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4547.exe
10⤵
PID:7124

C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20464.exe
11⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19691.exe
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
12⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7124 -s 216
11⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4864 -s 216
10⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1488 -s 216
9⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
8⤵
- Program crash
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 240
7⤵
- Program crash
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10942.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
7⤵
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47165.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28146.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17376.exe
10⤵
PID:6296

C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10733.exe
11⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54309.exe
12⤵
PID:7016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
12⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6296 -s 216
11⤵
PID:10976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
10⤵
PID:8404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
9⤵
PID:6188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 236
8⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35467.exe
7⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53556.exe
9⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47490.exe
10⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
11⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
11⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
10⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 216
9⤵
PID:8356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
8⤵
PID:6196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
7⤵
PID:4524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 764 -s 240
6⤵
- Program crash
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19219.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1508

C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22640.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4824.exe
7⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33543.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23019.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54809.exe
10⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36374.exe
11⤵
PID:8708

C:\Users\Admin\AppData\Local\Temp\Unicorn-30355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30355.exe
12⤵
PID:11672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8708 -s 220
12⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
11⤵
PID:9788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
9⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35842.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1226.exe
10⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12264.exe
11⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 220
11⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 240
8⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17761.exe
7⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9671.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52295.exe
9⤵
PID:6724

C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3888.exe
10⤵
PID:10232

C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40028.exe
11⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10232 -s 216
11⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6724 -s 216
10⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
9⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
8⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2232 -s 240
7⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23853.exe
6⤵
PID:2296

C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41135.exe
7⤵
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5037.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6438.exe
9⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60131.exe
10⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8346.exe
11⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
11⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 236
10⤵
PID:10428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
9⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2928 -s 236
8⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33002.exe
7⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50232.exe
8⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2295.exe
9⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27340.exe
10⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
10⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
9⤵
PID:9220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
8⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2296 -s 240
7⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1508 -s 240
6⤵
- Program crash
PID:1560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
5⤵
- Program crash
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15052.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43169.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26724.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31467.exe
7⤵
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2240.exe
8⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5966.exe
10⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33079.exe
11⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10204.exe
12⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 216
12⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
11⤵
PID:11168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:8116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 236
9⤵
PID:6064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 236
8⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21269.exe
7⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15234.exe
8⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28634.exe
9⤵
PID:6580

C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24553.exe
10⤵
PID:8780

C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24600.exe
11⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8780 -s 216
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6580 -s 216
10⤵
PID:10192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
9⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 220
7⤵
- Program crash
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54580.exe
6⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30829.exe
7⤵
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64025.exe
8⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9124.exe
9⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31107.exe
10⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30298.exe
11⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 216
11⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 236
10⤵
PID:10552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4996 -s 216
9⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 216
8⤵
PID:5180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
7⤵
- Program crash
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
6⤵
- Program crash
PID:636

C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41668.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54025.exe
6⤵
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-102.exe
7⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40891.exe
8⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2409.exe
9⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16956.exe
10⤵
PID:10740

C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4122.exe
11⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10740 -s 216
11⤵
PID:1924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
10⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4924 -s 216
9⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
8⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 236
7⤵
- Program crash
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-49858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49858.exe
6⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32230.exe
7⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56270.exe
8⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
9⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53131.exe
10⤵
PID:6596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 216
10⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
9⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
8⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
7⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
6⤵
PID:4516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1272 -s 240
5⤵
- Program crash
PID:1572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2856

C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37030.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8031.exe
8⤵
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46973.exe
9⤵
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54238.exe
10⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56454.exe
11⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63208.exe
12⤵
PID:9024

C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49021.exe
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9024 -s 216
13⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6140 -s 216
12⤵
PID:10032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
11⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 216
10⤵
PID:5356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2104 -s 236
9⤵
- Program crash
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4549.exe
8⤵
PID:2080

C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23512.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46257.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
11⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
12⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 236
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
10⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2080 -s 236
9⤵
PID:5372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
8⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27060.exe
7⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28499.exe
8⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17674.exe
9⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59915.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53141.exe
11⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3411.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 216
12⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 236
11⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
10⤵
PID:7804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 236
9⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18228.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41789.exe
9⤵
PID:6000

C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64386.exe
10⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
11⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
11⤵
PID:8744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6000 -s 216
10⤵
PID:9772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
8⤵
PID:2148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
7⤵
- Program crash
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-21248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21248.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1120

C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17077.exe
7⤵
PID:808

C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28883.exe
8⤵
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1996.exe
9⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22830.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39322.exe
11⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46525.exe
12⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
12⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
11⤵
PID:11200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4896 -s 216
10⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 216
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 808 -s 236
8⤵
- Program crash
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13101.exe
7⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11150.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
9⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25539.exe
10⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5165.exe
11⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 220
11⤵
PID:12604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
10⤵
PID:9520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 236
8⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1120 -s 240
7⤵
- Program crash
PID:3616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 240
6⤵
- Program crash
PID:920

C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56168.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59588.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-42266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42266.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26553.exe
8⤵
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45686.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64347.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13239.exe
11⤵
PID:8560

C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8560 -s 216
12⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
11⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
10⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 236
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7346.exe
8⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49957.exe
9⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52134.exe
10⤵
PID:8584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2596.exe
11⤵
PID:11552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8584 -s 216
11⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
10⤵
PID:9720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
9⤵
PID:6772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
8⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41497.exe
7⤵
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54430.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48971.exe
9⤵
PID:5828

C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64770.exe
10⤵
PID:8876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11880.exe
11⤵
PID:11704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8876 -s 220
11⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5828 -s 216
10⤵
PID:9860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 216
9⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 236
8⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
7⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26484.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30637.exe
7⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61638.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-372.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
10⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51605.exe
11⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 236
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 236
10⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 236
8⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1316.exe
7⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11254.exe
8⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31714.exe
9⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43821.exe
10⤵
PID:11432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
10⤵
PID:4832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
9⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
8⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
7⤵
PID:4340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 240
6⤵
- Program crash
PID:2604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
5⤵
- Program crash
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58929.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20886.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65016.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21893.exe
8⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18852.exe
9⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16665.exe
11⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59306.exe
12⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
12⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4944 -s 236
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 216
9⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50133.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18380.exe
9⤵
PID:5052

C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10743.exe
10⤵
PID:8080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46670.exe
11⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59348.exe
12⤵
PID:8380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8080 -s 216
11⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5052 -s 216
10⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
9⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 220
8⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14279.exe
7⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4461.exe
8⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33154.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53421.exe
10⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49000.exe
11⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 236
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
10⤵
PID:9068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
9⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
8⤵
PID:4772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
7⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14424.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60979.exe
7⤵
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30336.exe
8⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26226.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35458.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7977.exe
11⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11003.exe
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
10⤵
PID:7216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
9⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36017.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11529.exe
9⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44734.exe
10⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
11⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
11⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
10⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
8⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10470.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48099.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56646.exe
9⤵
PID:6460

C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17947.exe
10⤵
PID:9044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6919.exe
11⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9044 -s 216
11⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6460 -s 216
10⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 216
9⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
7⤵
- Program crash
PID:3552

C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35830.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38374.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64871.exe
7⤵
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2515.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61358.exe
9⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16774.exe
10⤵
PID:8144

C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26250.exe
11⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44574.exe
12⤵
PID:12908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8144 -s 216
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 236
10⤵
PID:9020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64523.exe
7⤵
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51820.exe
8⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32726.exe
9⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47355.exe
10⤵
PID:10276

C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53427.exe
11⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
10⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
9⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 216
8⤵
PID:6916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 240
7⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53174.exe
6⤵
PID:268

C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33242.exe
7⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47160.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15814.exe
9⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1662.exe
10⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18233.exe
11⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
10⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:8592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 236
8⤵
PID:6788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 268 -s 216
7⤵
PID:4296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
6⤵
- Program crash
PID:3528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2856 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37139.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3032

C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41306.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19900.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28691.exe
8⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51628.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42539.exe
11⤵
PID:7664

C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36172.exe
12⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47480.exe
13⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7664 -s 236
12⤵
PID:11628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
11⤵
PID:8860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 216
9⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3070.exe
8⤵
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
9⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43826.exe
10⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25892.exe
11⤵
PID:11084

C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29587.exe
12⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11084 -s 216
12⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
10⤵
PID:8660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3140 -s 216
9⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 220
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
7⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22936.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53190.exe
9⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26504.exe
10⤵
PID:7996

C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31704.exe
11⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
12⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7996 -s 216
11⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5088 -s 216
10⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2536 -s 240
7⤵
- Program crash
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34844.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24607.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2707.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
9⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60878.exe
10⤵
PID:8744

C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42223.exe
11⤵
PID:11596

C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60631.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45873.exe
8⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
9⤵
PID:8680

C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21071.exe
10⤵
PID:11524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 240
6⤵
- Program crash
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40943.exe
7⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
8⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52671.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41828.exe
10⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47329.exe
11⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:9744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
9⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 236
8⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
7⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25161.exe
6⤵
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34010.exe
7⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35218.exe
8⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47303.exe
9⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39976.exe
10⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 220
10⤵
PID:12612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
9⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
8⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 216
7⤵
PID:2472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
6⤵
- Program crash
PID:3812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
5⤵
- Program crash
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21357.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26916.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9593.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59417.exe
7⤵
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44316.exe
8⤵
PID:3100

C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57777.exe
9⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37189.exe
10⤵
PID:9176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
11⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9176 -s 220
11⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
10⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3100 -s 216
9⤵
PID:7856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
7⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16993.exe
6⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60652.exe
7⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
8⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50956.exe
9⤵
PID:8992

C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1574.exe
10⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8992 -s 216
10⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
9⤵
PID:10024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
8⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 216
7⤵
PID:4268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 240
6⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63501.exe
6⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10683.exe
7⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27124.exe
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50899.exe
9⤵
PID:7308

C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
10⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5871.exe
11⤵
PID:8540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7308 -s 236
10⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 236
9⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
8⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7154.exe
6⤵
PID:3200

C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61934.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61013.exe
8⤵
PID:7484

C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20412.exe
9⤵
PID:10992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7484 -s 216
9⤵
PID:11588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
8⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3200 -s 216
7⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 240
6⤵
PID:4728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1336 -s 240
5⤵
- Program crash
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
4⤵
- Program crash
PID:2444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 240
2⤵
- Program crash
PID:2728

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-11139.exe
Filesize
184KB

MD5
34b0045834c059e81a03074a01c69d3e

SHA1
02615d8103aace076de7073e900f1b54c02842df

SHA256
2d7c9331704f74b21c391ec58883dfe90b7a72a4fc41bf25c6fd08a915bac348

SHA512
09c93ac4b2d464f8dc0b63a7b98647738c0a841e5f911212468fd4edf87fd518b77a50a7bd713c885943114b3c41811890c6f6636d1efd2aa118262bdefaa4db

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1361.exe
Filesize
184KB

MD5
51e33dc59c4d242f5494065a4985ac80

SHA1
d92ac24575c09deb4f695258ed2421888e19429b

SHA256
6ef3dad1d2bd33ecb41ce9147721366bb4854b0fff797e9984866b60b462ef0b

SHA512
1d2fe505aa92cdc58068bbf1574c3c571d24fb5ec5d649e6f60ac241acb3ddf2deb86e235a5ce0ad02cf6a851bac02583ff38343711ccc5799ff337f454e720a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-31522.exe
Filesize
184KB

MD5
074d07dea2b5bf24d32e9a7234ef4457

SHA1
355dcff8686628ab0fdc6030fbb0dbfb78ac4ee3

SHA256
475f049d45e98def719c87b0ca3e1e9f3284cae8112b7530466f2c969b144e6f

SHA512
c92d957cef0c2f779e17d1fc2d7c7e57d09d3eb06cf452ca28ecde7bb62eb4bab5f807a53acb2306dc55e186e735c37bf4f5d95dfda198e4fe5f650441e2f1b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37039.exe
Filesize
184KB

MD5
a8abd11b597f02c448591cc642936526

SHA1
7cdb2fcd5a27ebb0820c67ff02a0f2b7fa39956e

SHA256
62856cc7b6adcef8017dbb00d8c733d6e23fc8935ad8094cc56a259d7c8b2d73

SHA512
7735c3adfd04e9251e58d58de5e06ccdd44b2168447aa2deb9bb8da0b90749fa2add38599b0f8c6fb6a52867ee34f7092143ae8e8a7bf214f26e803305274b77

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37077.exe
Filesize
184KB

MD5
d16bcf45f93776f3b57d631b902721a8

SHA1
768d5d58eb203d0edace5448c4966f55d27ec0c2

SHA256
9f2b0dbff4d4b779755edaca1fab05abbb52a259c7e2fed1a20bf1101c7460f5

SHA512
f1d0cea238922e431cfba2117a050cfa48ee6ae9b559955bf1c57d7f80ed9ad602e8581c15c92fbe44ff807f37ceb9eaca5527f99f8d19eda994a60d00bad929

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-37552.exe
Filesize
184KB

MD5
d16face68ce5d32b32597b1dfd6190f4

SHA1
96124e9d02e7ab978fc919b0e1642abd318e5e24

SHA256
92fea75eb0300a6584ff210327b01e7fa947746a4769326a72e24fa086161461

SHA512
302260401bb2c62bf18fd1fdc6a7283c2ffc5f3473270670edc34b8518832844d08bc194cb8b0e019b19ed7dd23bb857697bb07b6ed3b90ea8c6cfa801d4b3ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38980.exe
Filesize
184KB

MD5
fd0fe32b13da000540640958767851b6

SHA1
2f988fa11f875007a6cb4d6c885f21ac1e5daa8f

SHA256
6c0842673b9f0d62a934815889678c877bcbd0b45d02279d551e8493204ec7ad

SHA512
7ce8e99a5ca0161fc0071ca7b99e9a18977ae26f588abb5fffd5ed1fcf76a7e8d1d080559f4948277cec7d27145c6e29ae160bf904055337e0382c681942aded

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39909.exe
Filesize
184KB

MD5
211306f1579ac9166e02639101aa0121

SHA1
50b4a9540654720f289e2b9271a889356cc86ec2

SHA256
7a2c0faea52579908f02e326595b4742bb91cb5a218717a7026bf9f5b29dddd5

SHA512
12eec1cdf969112835bbe9844df9ca42373ecc577d19281a046d6ac29620b5db213419551b0ef1da7c5d35c23fbb2c3a613059f2dc3074e96fa74e20c87f3ebc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40189.exe
Filesize
184KB

MD5
cf8c4363b06299d5d777ba949d161f4a

SHA1
cdbea532a123a0d8517034381ef761f9ac0b530e

SHA256
25926ab1d41d80fb25a3b55d174d51094343a029ecb52a06d8d396414d498d33

SHA512
a3afe0f2151f8952466ff90239af233fec9ad2c5bab385d9bed820c1c7a225d3c13d6f19c464541b0b1852fc6b3572d02fe8a6133019b15864b9228aa48045fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41782.exe
Filesize
184KB

MD5
973fbed5c39c0aa4f6e6cdc90ab5156c

SHA1
b435529038621d5fc6d958861dbcc0c7216f6918

SHA256
0e94f7f464033577d886b98d94bf1bd09d22ea4aeef69584294bbbf0ab06b503

SHA512
8e0d2d78e08b8b212868e1f1f99379ab39bc9793fef629fde4349d8a39c4fa99925c0921873f74ae27e9f5767936aada7f3128e3f1ad822189dc8f88fd5205be

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45544.exe
Filesize
184KB

MD5
2b6ee8b30e3bff8a8c06f01b8ea04520

SHA1
ba258021c20d389d5cc229b2ceeb05ca59f7dda4

SHA256
537637d87143c106a9b7b1365995e07504d205fa9994d5489359a1b7574ef5c5

SHA512
ca04cd31eb030fac08e5e110ccd1f409c3c9fb308f169d898def36b0da1de68453420fa0d1595bd4fbb78db800f4cf36ab076ed55facf0cb7303825b24aba925

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5509.exe
Filesize
184KB

MD5
1759ed94abc1d9b59236544e2379c4d6

SHA1
ddbe1dec7363a14b73fd60ca17e0ecc4f095e7f9

SHA256
16590b079182a57558c8af6b05f47c1d5e0b801c7a0a065b820e540428b7331e

SHA512
b9470995d5f0f91661cb8a6ba05ab473fd8a2ffb8d91125f5cfda5554d21554003af8b4856c1e8f8760b8ab9e6deff5e7f6bd85fc38b05353fd3ffec5d78d5f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5608.exe
Filesize
184KB

MD5
b13de5f048cdea9549442df3823e918c

SHA1
261220ba3d7438ede70123ab2678dfa2ee37ae44

SHA256
bbda016c5b38756c9cef8577a65a879ce49b908cca25fcede47794e8924bd310

SHA512
0d147f004c0f9d6987e813bbac29fe812cdcae9322ecfe9b3a03f222a6a41878525b02f726f10d2a87f46ecaa850f2a669a5e97f0533baee75663e621d86cac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6319.exe
Filesize
184KB

MD5
e9b731ab35480ca9c1de2ddd3c79edda

SHA1
b1f30d9625c525793f1e107e088521f541eb5663

SHA256
47e488b7b60991302d6e8461c4312ade0d81e48f52d6f9049ccd560da9ff454b

SHA512
1b05c1abe4d9c1849e779e1bcc6f82ffb9ff3076667626ac4550d3a8109361014c3c93609376d5d194e4ea178e70941f41627a97916d3c0479cfd0e7eb7d6e4b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6412.exe
Filesize
184KB

MD5
7affab40c9ec5fea27626898719cb3b2

SHA1
1f6cab180fbf1d0bd2194d7e7db4748dfa647d94

SHA256
59a29466f87bf56763fb9587abd2cb1b961a5ba15f605aee364bc2bcba78d1ea

SHA512
7bcff0be09b4f9182ef8b8d8141d787064527201bb570a85f0fe739328eef5a4f3e5595fffa32e2b66388eca8d292e4076adaabb99c706ff05b7d93f94a14ec6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11186.exe
Filesize
184KB

MD5
dba7093324e37e59deca7238c834d853

SHA1
fe22647e14d98639562f022f05bedbfe33abd3f8

SHA256
1a88814212b33b733e7f11a483fbbd21cda630cbb395c1547c3e1588c74f82a1

SHA512
d526e31a8e48a8018943263592de46a14362c7d2e2e23acaa983af79b9edfae5916bd4e4fd3440923da505fa5ec1afd4f022ae1827c4f606d8e4732eeb8abdd3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1477.exe
Filesize
184KB

MD5
e290571e4b2526f5537ec13c5bbac637

SHA1
fea929bf1bbc044ebcafa3bb66bde8f78d0eae00

SHA256
8599104de21d2eaa586a202bc1a49ca0c343b6f28919cd2b54a9b485d370370a

SHA512
56a3a416b4f790ddff2b457211071df0b848d7782dbcc4b3e310d9a1a9dc580fa41894e758dd3896b8072ac1e1607af27951f69709bb3d86eff669a5e2971af0

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26838.exe
Filesize
184KB

MD5
426b31c9a648bd2f52e0282940a26436

SHA1
68e73e809087d3270b6d0ef8b022f5dcff43e6f7

SHA256
20329b034a20491bf87e2138ef18134b72453b5241611ac02a4dcd7247b2af63

SHA512
1cc324570dfe78493aacd70d0ba0394fc159317ff7c7397969697ac46213081aad3b8c52fee494ab86c706769f1ff1946e30770ff3bba917dd6832eeb6447a8e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31005.exe
Filesize
184KB

MD5
8387199937c0af9a8bb0c942ef3ae8ff

SHA1
91788ae9e3eacd01570ac3c13c78be9ad23c3974

SHA256
914a273e2b9aede45bcaf4a11fb55d69f70b6002b389c60e3b2ea95af1ca81e4

SHA512
91f1b51ba91400dbafe37a752745e0b65419f913b7eebcd0b97f49eab79729c641de70fa86cfd484c969551bfeee4cd2c2ed2790e12f6410e785cbd12f0cd350

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-31052.exe
Filesize
184KB

MD5
aadba247f423d1c1ba62f58aad1a4bc5

SHA1
a9edf3b837d8f65fa7bf3b51145e55feba9c9d2c

SHA256
f6ac7739d79188c33fb47925f19c99976b35d382ae4e4f649b2b3634a632f1aa

SHA512
4ed1c4c3eeffec4b157fdd341b72363206e63b86c365ba164717132736160af9f48443e7c2192e6926d6dec2d34a4e2bf99b51c0adf72953583e366431a186cb

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33744.exe
Filesize
184KB

MD5
c901c203c90bf4fe4ff7a50e08a10eb8

SHA1
a4b3836cb51d6db3eda23f0106cf8fcdfaf94f33

SHA256
e4bac81f1d6c0d32e89f99d1950b5e37651f21f52af796d77567a8b40c66bc6b

SHA512
dc6182d6205dbe512287cdb685aa02ab69f70fbb270ff3a1690f80164b232eeda14cb01661c4071f8b02a8d8e4c3427cbb2960df354b4fb83d441cf9fed42c6f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45442.exe
Filesize
184KB

MD5
94c7305fd959689d511eac5a098556b2

SHA1
6f1c827b56d8bd5ab3bfdff72281813e36089c1f

SHA256
fc6c23e7c8713be11b008474480d7a0a149f6aab7cc50f8632af8376bb4a7646

SHA512
414b37fa9a02a2d9ac73be93a33fb7b27afdc82205e3842cea64b3fffb363a5a6d8c49ceeba578713d8f43d93d99cff908db2d874fa25a3894f0bcad90e3a062

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48244.exe
Filesize
184KB

MD5
5303638b41c3cafd1e83e5a0f68b6933

SHA1
006cc39ed74f25860d1c8ff2cbd78a7236f74c02

SHA256
7fab1ba8ff0388b0f7c8463137e5f64f359f4d242951d7836483e7348934d514

SHA512
d686be3a60df07d5da3797a9c974689ec91910227b0711305e5202aad5e0620fd3a03c30b2bfcd0c735c938c7382ecbee47c3291125d8e8a3da7bf6ae4d5340d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57647.exe
Filesize
184KB

MD5
1ef9c28c68c406e4b93962d6939d7b60

SHA1
c01acbc8c2003f5b34bc1ab05b907d3ce430e48a

SHA256
7fab97e94a9d7a7866199869a61ba3d3d2ccf5076e27953513682c537baa48bf

SHA512
e91b9dd6185ee5593e61dbf0a2ab243b5653408dfef343e8cb7513a40d256ab84a96aa3e7c4e0c10fa5af3cc8f88613e97119486e0fda1dfdeb00937a609cd66

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58846.exe
Filesize
184KB

MD5
78e3af844315b56e90a137cf1bb09276

SHA1
c68d26bd372e8ceb1b74f64863294106449c1c0a

SHA256
e710e60905bcb5927ebba4bed6fac2906569697e590ea0d432aaf784b2a5f28e

SHA512
e4ff30b2e6f539d5ee509a89b8450099c13a4ffad35d994e635e8e4379d740f4f659b82d50c2666ca4f3809e77d83cec2682c02daa434c0757ebeadeec89215a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61778.exe
Filesize
184KB

MD5
e7c1b2a137a10c75c5ff7a3eb0bfe39d

SHA1
cb6ce00638e8473dc1eab552f9277e311057f090

SHA256
392fb677575ce389443bd7da418c6a55c1888a79166472dc17d9ae039290141b

SHA512
048db807ad113195eb599950d79c8da5ef1871d929a70001722180a0ec1b7cd3fcb20c3fda0b2339d428c1d2240241b4c13e81492069a0a3144aa81557240537

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads