6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
Size

184KB
MD5

09f491d80bb26a772d657fccfd688706
SHA1

a7997282769c952a57c749947aea9e00b1331435
SHA256

6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4
SHA512

b1a55513fcb2f42e64d4e4a047dbec25630676768511377542da866847bf2c21d2875dbc16b0ce9c9d8ac87e2740c44a407c46e54b9a21842831d3b804b5887e
SSDEEP

3072:3hL33xoUh0TdyELT5ELRUuShlnniFyn3:3htoZyESLmuShlnniFy

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-47349.exeUnicorn-54209.exeUnicorn-8537.exeUnicorn-39155.exeUnicorn-43239.exeUnicorn-23373.exeUnicorn-52523.exeUnicorn-1931.exeUnicorn-36933.exeUnicorn-21797.exeUnicorn-26073.exeUnicorn-44630.exeUnicorn-27286.exeUnicorn-12341.exeUnicorn-51236.exeUnicorn-31370.exeUnicorn-644.exeUnicorn-36545.exeUnicorn-51490.exeUnicorn-11033.exeUnicorn-49928.exeUnicorn-16509.exeUnicorn-727.exeUnicorn-59679.exeUnicorn-9087.exeUnicorn-28953.exeUnicorn-63763.exeUnicorn-63763.exeUnicorn-15138.exeUnicorn-30083.exeUnicorn-19223.exeUnicorn-5408.exeUnicorn-13576.exeUnicorn-25829.exeUnicorn-40965.exeUnicorn-30105.exeUnicorn-19799.exeUnicorn-34743.exeUnicorn-58693.exeUnicorn-27775.exeUnicorn-42719.exeUnicorn-31859.exeUnicorn-1132.exeUnicorn-46804.exeUnicorn-16077.exeUnicorn-46524.exeUnicorn-50608.exeUnicorn-16.exeUnicorn-44386.exeUnicorn-44386.exeUnicorn-6238.exeUnicorn-6238.exeUnicorn-34272.exeUnicorn-49217.exeUnicorn-3545.exeUnicorn-18490.exeUnicorn-19690.exeUnicorn-3908.exeUnicorn-50971.exeUnicorn-9383.exeUnicorn-21828.exeUnicorn-36772.exeUnicorn-25912.exeUnicorn-29996.exe

pid	process
1760	Unicorn-47349.exe
2188	Unicorn-54209.exe
2632	Unicorn-8537.exe
2608	Unicorn-39155.exe
2716	Unicorn-43239.exe
1756	Unicorn-23373.exe
2676	Unicorn-52523.exe
2888	Unicorn-1931.exe
1552	Unicorn-36933.exe
2860	Unicorn-21797.exe
1640	Unicorn-26073.exe
1268	Unicorn-44630.exe
2156	Unicorn-27286.exe
2084	Unicorn-12341.exe
2964	Unicorn-51236.exe
2672	Unicorn-31370.exe
488	Unicorn-644.exe
1772	Unicorn-36545.exe
2456	Unicorn-51490.exe
2428	Unicorn-11033.exe
1932	Unicorn-49928.exe
1332	Unicorn-16509.exe
2940	Unicorn-727.exe
960	Unicorn-59679.exe
2448	Unicorn-9087.exe
1696	Unicorn-28953.exe
1940	Unicorn-63763.exe
784	Unicorn-63763.exe
896	Unicorn-15138.exe
2076	Unicorn-30083.exe
1604	Unicorn-19223.exe
2744	Unicorn-5408.exe
2944	Unicorn-13576.exe
2528	Unicorn-25829.exe
2604	Unicorn-40965.exe
2488	Unicorn-30105.exe
2504	Unicorn-19799.exe
3064	Unicorn-34743.exe
2904	Unicorn-58693.exe
1456	Unicorn-27775.exe
328	Unicorn-42719.exe
1568	Unicorn-31859.exe
1792	Unicorn-1132.exe
2852	Unicorn-46804.exe
2196	Unicorn-16077.exe
1432	Unicorn-46524.exe
1968	Unicorn-50608.exe
2952	Unicorn-16.exe
996	Unicorn-44386.exe
872	Unicorn-44386.exe
1980	Unicorn-6238.exe
1544	Unicorn-6238.exe
1328	Unicorn-34272.exe
2976	Unicorn-49217.exe
1304	Unicorn-3545.exe
2344	Unicorn-18490.exe
576	Unicorn-19690.exe
1816	Unicorn-3908.exe
1580	Unicorn-50971.exe
2236	Unicorn-9383.exe
2712	Unicorn-21828.exe
2600	Unicorn-36772.exe
2660	Unicorn-25912.exe
2568	Unicorn-29996.exe

Loads dropped DLL 64 IoCs

Processes:

6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exeUnicorn-47349.exeUnicorn-54209.exeUnicorn-8537.exeWerFault.exeUnicorn-39155.exeUnicorn-43239.exeUnicorn-23373.exeWerFault.exeWerFault.exeUnicorn-1931.exeUnicorn-26073.exeUnicorn-21797.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
1760	Unicorn-47349.exe
1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
1760	Unicorn-47349.exe
2188	Unicorn-54209.exe
2188	Unicorn-54209.exe
2632	Unicorn-8537.exe
2632	Unicorn-8537.exe
1760	Unicorn-47349.exe
1760	Unicorn-47349.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2112	WerFault.exe
2608	Unicorn-39155.exe
2608	Unicorn-39155.exe
2188	Unicorn-54209.exe
2188	Unicorn-54209.exe
2632	Unicorn-8537.exe
2632	Unicorn-8537.exe
2716	Unicorn-43239.exe
1756	Unicorn-23373.exe
2716	Unicorn-43239.exe
1756	Unicorn-23373.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2592	WerFault.exe
2824	WerFault.exe
2592	WerFault.exe
2888	Unicorn-1931.exe
2888	Unicorn-1931.exe
1756	Unicorn-23373.exe
1640	Unicorn-26073.exe
1756	Unicorn-23373.exe
1640	Unicorn-26073.exe
2716	Unicorn-43239.exe
2860	Unicorn-21797.exe
2716	Unicorn-43239.exe
2860	Unicorn-21797.exe
2608	Unicorn-39155.exe
2608	Unicorn-39155.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1496	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe
1864	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2616	1712	WerFault.exe	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
2112	1760	WerFault.exe	Unicorn-47349.exe
2824	2188	WerFault.exe	Unicorn-54209.exe
2592	2632	WerFault.exe	Unicorn-8537.exe
1488	2608	WerFault.exe	Unicorn-39155.exe
1496	2716	WerFault.exe	Unicorn-43239.exe
1864	1756	WerFault.exe	Unicorn-23373.exe
2372	2888	WerFault.exe	Unicorn-1931.exe
2768	1552	WerFault.exe	Unicorn-36933.exe
2772	1640	WerFault.exe	Unicorn-26073.exe
1584	2860	WerFault.exe	Unicorn-21797.exe
1952	2676	WerFault.exe	Unicorn-52523.exe
1276	1268	WerFault.exe	Unicorn-44630.exe
1920	2084	WerFault.exe	Unicorn-12341.exe
820	2964	WerFault.exe	Unicorn-51236.exe
308	2156	WerFault.exe	Unicorn-27286.exe
3008	2672	WerFault.exe	Unicorn-31370.exe
1104	488	WerFault.exe	Unicorn-644.exe
2864	1772	WerFault.exe	Unicorn-36545.exe
800	2456	WerFault.exe	Unicorn-51490.exe
796	2428	WerFault.exe	Unicorn-11033.exe
1344	1932	WerFault.exe	Unicorn-49928.exe
1560	1332	WerFault.exe	Unicorn-16509.exe
1780	2940	WerFault.exe	Unicorn-727.exe
1720	960	WerFault.exe	Unicorn-59679.exe
2620	2448	WerFault.exe	Unicorn-9087.exe
1744	784	WerFault.exe	Unicorn-63763.exe
2128	1696	WerFault.exe	Unicorn-28953.exe
2140	2076	WerFault.exe	Unicorn-30083.exe
1988	1604	WerFault.exe	Unicorn-19223.exe
2304	896	WerFault.exe	Unicorn-15138.exe
1500	2944	WerFault.exe	Unicorn-13576.exe
2348	2744	WerFault.exe	Unicorn-5408.exe
1340	2488	WerFault.exe	Unicorn-30105.exe
2724	2528	WerFault.exe	Unicorn-25829.exe
3036	2604	WerFault.exe	Unicorn-40965.exe
2032	2504	WerFault.exe	Unicorn-19799.exe
2552	3064	WerFault.exe	Unicorn-34743.exe
1032	1456	WerFault.exe	Unicorn-27775.exe
2512	1568	WerFault.exe	Unicorn-31859.exe
3088	328	WerFault.exe	Unicorn-42719.exe
3096	2852	WerFault.exe	Unicorn-46804.exe
3128	2904	WerFault.exe	Unicorn-58693.exe
3120	2196	WerFault.exe	Unicorn-16077.exe
3380	580	WerFault.exe	Unicorn-65429.exe
3136	1432	WerFault.exe	Unicorn-46524.exe
3256	1968	WerFault.exe	Unicorn-50608.exe
3952	2660	WerFault.exe	Unicorn-25912.exe
4052	2344	WerFault.exe	Unicorn-18490.exe
3320	1544	WerFault.exe	Unicorn-6238.exe
3360	872	WerFault.exe	Unicorn-44386.exe
3564	2984	WerFault.exe	Unicorn-26151.exe
3620	2468	WerFault.exe	Unicorn-54417.exe
3696	576	WerFault.exe	Unicorn-19690.exe
3764	2796	WerFault.exe	Unicorn-49025.exe
3744	2524	WerFault.exe	Unicorn-10130.exe
3896	2976	WerFault.exe	Unicorn-49217.exe
4016	1816	WerFault.exe	Unicorn-3908.exe
4024	1980	WerFault.exe	Unicorn-6238.exe
3104	2600	WerFault.exe	Unicorn-36772.exe
3244	1328	WerFault.exe	Unicorn-34272.exe
3224	2952	WerFault.exe	Unicorn-16.exe
3272	2568	WerFault.exe	Unicorn-29996.exe
3212	996	WerFault.exe	Unicorn-44386.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exeUnicorn-47349.exeUnicorn-54209.exeUnicorn-8537.exeUnicorn-39155.exeUnicorn-43239.exeUnicorn-23373.exeUnicorn-1931.exeUnicorn-52523.exeUnicorn-21797.exeUnicorn-36933.exeUnicorn-26073.exeUnicorn-44630.exeUnicorn-12341.exeUnicorn-27286.exeUnicorn-31370.exeUnicorn-51236.exeUnicorn-644.exeUnicorn-36545.exeUnicorn-51490.exeUnicorn-11033.exeUnicorn-49928.exeUnicorn-16509.exeUnicorn-727.exeUnicorn-59679.exeUnicorn-9087.exeUnicorn-63763.exeUnicorn-63763.exeUnicorn-28953.exeUnicorn-30083.exeUnicorn-15138.exeUnicorn-19223.exeUnicorn-5408.exeUnicorn-13576.exeUnicorn-25829.exeUnicorn-40965.exeUnicorn-30105.exeUnicorn-19799.exeUnicorn-34743.exeUnicorn-27775.exeUnicorn-58693.exeUnicorn-31859.exeUnicorn-42719.exeUnicorn-16077.exeUnicorn-46804.exeUnicorn-46524.exeUnicorn-50608.exeUnicorn-16.exeUnicorn-44386.exeUnicorn-44386.exeUnicorn-6238.exeUnicorn-6238.exeUnicorn-34272.exeUnicorn-3545.exeUnicorn-49217.exeUnicorn-18490.exeUnicorn-19690.exeUnicorn-3908.exeUnicorn-50971.exeUnicorn-9383.exeUnicorn-21828.exeUnicorn-36772.exeUnicorn-25912.exeUnicorn-29996.exe

pid	process
1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
1760	Unicorn-47349.exe
2188	Unicorn-54209.exe
2632	Unicorn-8537.exe
2608	Unicorn-39155.exe
2716	Unicorn-43239.exe
1756	Unicorn-23373.exe
2888	Unicorn-1931.exe
2676	Unicorn-52523.exe
2860	Unicorn-21797.exe
1552	Unicorn-36933.exe
1640	Unicorn-26073.exe
1268	Unicorn-44630.exe
2084	Unicorn-12341.exe
2156	Unicorn-27286.exe
2672	Unicorn-31370.exe
2964	Unicorn-51236.exe
488	Unicorn-644.exe
1772	Unicorn-36545.exe
2456	Unicorn-51490.exe
2428	Unicorn-11033.exe
1932	Unicorn-49928.exe
1332	Unicorn-16509.exe
2940	Unicorn-727.exe
960	Unicorn-59679.exe
2448	Unicorn-9087.exe
1940	Unicorn-63763.exe
784	Unicorn-63763.exe
1696	Unicorn-28953.exe
2076	Unicorn-30083.exe
896	Unicorn-15138.exe
1604	Unicorn-19223.exe
2744	Unicorn-5408.exe
2944	Unicorn-13576.exe
2528	Unicorn-25829.exe
2604	Unicorn-40965.exe
2488	Unicorn-30105.exe
2504	Unicorn-19799.exe
3064	Unicorn-34743.exe
1456	Unicorn-27775.exe
2904	Unicorn-58693.exe
1568	Unicorn-31859.exe
328	Unicorn-42719.exe
2196	Unicorn-16077.exe
2852	Unicorn-46804.exe
1432	Unicorn-46524.exe
1968	Unicorn-50608.exe
2952	Unicorn-16.exe
996	Unicorn-44386.exe
872	Unicorn-44386.exe
1980	Unicorn-6238.exe
1544	Unicorn-6238.exe
1328	Unicorn-34272.exe
1304	Unicorn-3545.exe
2976	Unicorn-49217.exe
2344	Unicorn-18490.exe
576	Unicorn-19690.exe
1816	Unicorn-3908.exe
1580	Unicorn-50971.exe
2236	Unicorn-9383.exe
2712	Unicorn-21828.exe
2600	Unicorn-36772.exe
2660	Unicorn-25912.exe
2568	Unicorn-29996.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exeUnicorn-47349.exeUnicorn-54209.exeUnicorn-8537.exeUnicorn-39155.exeUnicorn-43239.exeUnicorn-23373.exeUnicorn-1931.exe

description	pid	process	target process
PID 1712 wrote to memory of 1760	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-47349.exe
PID 1712 wrote to memory of 1760	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-47349.exe
PID 1712 wrote to memory of 1760	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-47349.exe
PID 1712 wrote to memory of 1760	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-47349.exe
PID 1712 wrote to memory of 2188	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-54209.exe
PID 1712 wrote to memory of 2188	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-54209.exe
PID 1712 wrote to memory of 2188	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-54209.exe
PID 1712 wrote to memory of 2188	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	Unicorn-54209.exe
PID 1760 wrote to memory of 2632	1760	Unicorn-47349.exe	Unicorn-8537.exe
PID 1760 wrote to memory of 2632	1760	Unicorn-47349.exe	Unicorn-8537.exe
PID 1760 wrote to memory of 2632	1760	Unicorn-47349.exe	Unicorn-8537.exe
PID 1760 wrote to memory of 2632	1760	Unicorn-47349.exe	Unicorn-8537.exe
PID 1712 wrote to memory of 2616	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	WerFault.exe
PID 1712 wrote to memory of 2616	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	WerFault.exe
PID 1712 wrote to memory of 2616	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	WerFault.exe
PID 1712 wrote to memory of 2616	1712	6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe	WerFault.exe
PID 2188 wrote to memory of 2608	2188	Unicorn-54209.exe	Unicorn-39155.exe
PID 2188 wrote to memory of 2608	2188	Unicorn-54209.exe	Unicorn-39155.exe
PID 2188 wrote to memory of 2608	2188	Unicorn-54209.exe	Unicorn-39155.exe
PID 2188 wrote to memory of 2608	2188	Unicorn-54209.exe	Unicorn-39155.exe
PID 2632 wrote to memory of 2716	2632	Unicorn-8537.exe	Unicorn-43239.exe
PID 2632 wrote to memory of 2716	2632	Unicorn-8537.exe	Unicorn-43239.exe
PID 2632 wrote to memory of 2716	2632	Unicorn-8537.exe	Unicorn-43239.exe
PID 2632 wrote to memory of 2716	2632	Unicorn-8537.exe	Unicorn-43239.exe
PID 1760 wrote to memory of 1756	1760	Unicorn-47349.exe	Unicorn-23373.exe
PID 1760 wrote to memory of 1756	1760	Unicorn-47349.exe	Unicorn-23373.exe
PID 1760 wrote to memory of 1756	1760	Unicorn-47349.exe	Unicorn-23373.exe
PID 1760 wrote to memory of 1756	1760	Unicorn-47349.exe	Unicorn-23373.exe
PID 1760 wrote to memory of 2112	1760	Unicorn-47349.exe	WerFault.exe
PID 1760 wrote to memory of 2112	1760	Unicorn-47349.exe	WerFault.exe
PID 1760 wrote to memory of 2112	1760	Unicorn-47349.exe	WerFault.exe
PID 1760 wrote to memory of 2112	1760	Unicorn-47349.exe	WerFault.exe
PID 2608 wrote to memory of 2676	2608	Unicorn-39155.exe	Unicorn-52523.exe
PID 2608 wrote to memory of 2676	2608	Unicorn-39155.exe	Unicorn-52523.exe
PID 2608 wrote to memory of 2676	2608	Unicorn-39155.exe	Unicorn-52523.exe
PID 2608 wrote to memory of 2676	2608	Unicorn-39155.exe	Unicorn-52523.exe
PID 2188 wrote to memory of 2888	2188	Unicorn-54209.exe	Unicorn-1931.exe
PID 2188 wrote to memory of 2888	2188	Unicorn-54209.exe	Unicorn-1931.exe
PID 2188 wrote to memory of 2888	2188	Unicorn-54209.exe	Unicorn-1931.exe
PID 2188 wrote to memory of 2888	2188	Unicorn-54209.exe	Unicorn-1931.exe
PID 2632 wrote to memory of 1552	2632	Unicorn-8537.exe	Unicorn-36933.exe
PID 2632 wrote to memory of 1552	2632	Unicorn-8537.exe	Unicorn-36933.exe
PID 2632 wrote to memory of 1552	2632	Unicorn-8537.exe	Unicorn-36933.exe
PID 2632 wrote to memory of 1552	2632	Unicorn-8537.exe	Unicorn-36933.exe
PID 2716 wrote to memory of 2860	2716	Unicorn-43239.exe	Unicorn-21797.exe
PID 2716 wrote to memory of 2860	2716	Unicorn-43239.exe	Unicorn-21797.exe
PID 2716 wrote to memory of 2860	2716	Unicorn-43239.exe	Unicorn-21797.exe
PID 2716 wrote to memory of 2860	2716	Unicorn-43239.exe	Unicorn-21797.exe
PID 1756 wrote to memory of 1640	1756	Unicorn-23373.exe	Unicorn-26073.exe
PID 1756 wrote to memory of 1640	1756	Unicorn-23373.exe	Unicorn-26073.exe
PID 1756 wrote to memory of 1640	1756	Unicorn-23373.exe	Unicorn-26073.exe
PID 1756 wrote to memory of 1640	1756	Unicorn-23373.exe	Unicorn-26073.exe
PID 2188 wrote to memory of 2824	2188	Unicorn-54209.exe	WerFault.exe
PID 2188 wrote to memory of 2824	2188	Unicorn-54209.exe	WerFault.exe
PID 2188 wrote to memory of 2824	2188	Unicorn-54209.exe	WerFault.exe
PID 2188 wrote to memory of 2824	2188	Unicorn-54209.exe	WerFault.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-8537.exe	WerFault.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-8537.exe	WerFault.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-8537.exe	WerFault.exe
PID 2632 wrote to memory of 2592	2632	Unicorn-8537.exe	WerFault.exe
PID 2888 wrote to memory of 1268	2888	Unicorn-1931.exe	Unicorn-44630.exe
PID 2888 wrote to memory of 1268	2888	Unicorn-1931.exe	Unicorn-44630.exe
PID 2888 wrote to memory of 1268	2888	Unicorn-1931.exe	Unicorn-44630.exe
PID 2888 wrote to memory of 1268	2888	Unicorn-1931.exe	Unicorn-44630.exe

C:\Users\Admin\AppData\Local\Temp\6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe
"C:\Users\Admin\AppData\Local\Temp\6c01e73380ac6240b4340743e09ddcb966b3b8b3e6e032c7b4fb2031756c1ed4.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51236.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59679.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19799.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19690.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54739.exe
10⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15242.exe
11⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
12⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14046.exe
13⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
14⤵
PID:9640

C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40020.exe
15⤵
PID:12124

C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27068.exe
16⤵
PID:13736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9640 -s 216
15⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
14⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4124 -s 236
13⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
12⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
11⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53517.exe
12⤵
PID:6308

C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
13⤵
PID:9168

C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
14⤵
PID:12264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
15⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9168 -s 216
14⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6308 -s 216
13⤵
PID:9996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
12⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 240
11⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38931.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12284.exe
11⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5577.exe
12⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
13⤵
PID:9708

C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57721.exe
14⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9708 -s 216
14⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 220
13⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 220
12⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
11⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 240
10⤵
- Program crash
PID:3696

C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38957.exe
9⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32648.exe
10⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
11⤵
PID:5076

C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
12⤵
PID:7148

C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56112.exe
13⤵
PID:9720

C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29242.exe
14⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9720 -s 216
14⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7148 -s 220
13⤵
PID:11348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5076 -s 216
12⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
11⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
10⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 240
9⤵
- Program crash
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50971.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20505.exe
9⤵
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
10⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-538.exe
11⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9059.exe
12⤵
PID:6920

C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3979.exe
13⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64348.exe
14⤵
PID:13716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 236
14⤵
PID:14164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6920 -s 216
13⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
12⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
11⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 236
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19388.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
10⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49708.exe
11⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54742.exe
12⤵
PID:10144

C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6403.exe
13⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10144 -s 216
13⤵
PID:14128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4956 -s 216
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 220
9⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 240
8⤵
- Program crash
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34743.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9383.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16229.exe
9⤵
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26810.exe
10⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
11⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43294.exe
12⤵
PID:6320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32511.exe
13⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3502.exe
14⤵
PID:12272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 216
14⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6320 -s 216
13⤵
PID:10664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
12⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
11⤵
PID:6456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 236
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45839.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19275.exe
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21312.exe
11⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3512.exe
12⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29844.exe
13⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
13⤵
PID:13072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 216
11⤵
PID:8836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 240
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35449.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18978.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47658.exe
10⤵
PID:6444

C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
11⤵
PID:9584

C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42397.exe
12⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6444 -s 216
11⤵
PID:10508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
10⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 236
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
8⤵
- Program crash
PID:2552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 240
7⤵
- Program crash
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9087.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58693.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64806.exe
8⤵
PID:2184

C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59399.exe
9⤵
PID:324

C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22726.exe
10⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55546.exe
12⤵
PID:6500

C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34758.exe
13⤵
PID:8864

C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
14⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8864 -s 216
14⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6500 -s 216
13⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 220
12⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
11⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 324 -s 236
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6944.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20837.exe
10⤵
PID:4928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
11⤵
PID:7096

C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10829.exe
12⤵
PID:9436

C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9532.exe
13⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9436 -s 216
13⤵
PID:6000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7096 -s 216
12⤵
PID:10420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4928 -s 216
11⤵
PID:8164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:5892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2184 -s 240
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8807.exe
8⤵
PID:108

C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51506.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
10⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12292.exe
11⤵
PID:6852

C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27249.exe
12⤵
PID:10236

C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
13⤵
PID:12184

C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44063.exe
14⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10236 -s 216
13⤵
PID:13440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6852 -s 216
12⤵
PID:11032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
11⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14401.exe
9⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35043.exe
10⤵
PID:6356

C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45531.exe
11⤵
PID:9456

C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37218.exe
12⤵
PID:12060

C:\Users\Admin\AppData\Local\Temp\Unicorn-51463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51463.exe
13⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9456 -s 220
12⤵
PID:13604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6356 -s 216
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4684 -s 216
10⤵
PID:7852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 108 -s 240
9⤵
PID:6072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
8⤵
- Program crash
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49025.exe
7⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63483.exe
8⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33717.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9570.exe
10⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
11⤵
PID:6468

C:\Users\Admin\AppData\Local\Temp\Unicorn-55645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55645.exe
12⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
13⤵
PID:12252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 216
13⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6468 -s 216
12⤵
PID:10876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 216
11⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 236
10⤵
PID:5164

C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1765.exe
9⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18707.exe
10⤵
PID:6272

C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55562.exe
11⤵
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44488.exe
12⤵
PID:12228

C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24956.exe
13⤵
PID:14284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 236
12⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6272 -s 236
11⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
10⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
9⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35340.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16369.exe
9⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
10⤵
PID:7156

C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21738.exe
12⤵
PID:12256

C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50996.exe
13⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 236
12⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7156 -s 216
11⤵
PID:10116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
10⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
9⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
8⤵
- Program crash
PID:3764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
7⤵
- Program crash
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 240
6⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31859.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12315.exe
8⤵
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25056.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43395.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49516.exe
11⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7295.exe
12⤵
PID:10176

C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60819.exe
13⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10176 -s 236
13⤵
PID:13976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 236
12⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 220
11⤵
PID:8528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 216
9⤵
PID:4576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 236
8⤵
- Program crash
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10130.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32757.exe
8⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43530.exe
9⤵
PID:3916

C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13771.exe
10⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55022.exe
11⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62386.exe
12⤵
PID:12160

C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57109.exe
13⤵
PID:7664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 216
12⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5636 -s 216
11⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3916 -s 216
10⤵
PID:7360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 236
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27748.exe
8⤵
PID:3968

C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51179.exe
9⤵
PID:4208

C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13937.exe
10⤵
PID:7016

C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51561.exe
11⤵
PID:10060

C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13185.exe
12⤵
PID:12192

C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
13⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10060 -s 216
12⤵
PID:12692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7016 -s 216
11⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4208 -s 216
10⤵
PID:8140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3968 -s 236
9⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
8⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46804.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29996.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51231.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63950.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65185.exe
10⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6070.exe
11⤵
PID:6532

C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52931.exe
12⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6532 -s 216
12⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 236
11⤵
PID:7984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:5444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17250.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
9⤵
PID:4176

C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57108.exe
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7116 -s 220
11⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4176 -s 216
10⤵
PID:8412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 220
8⤵
- Program crash
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4723.exe
7⤵
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-43338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43338.exe
8⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55647.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38250.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58551.exe
11⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39439.exe
12⤵
PID:12680

C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
13⤵
PID:8976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 220
12⤵
PID:13836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 216
10⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
9⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 236
8⤵
PID:4792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
7⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 220
6⤵
- Program crash
PID:3008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1496

C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11033.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5408.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28289.exe
8⤵
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25549.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52274.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34275.exe
11⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12775.exe
12⤵
PID:9404

C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33798.exe
13⤵
PID:12068

C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39922.exe
14⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9404 -s 236
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
12⤵
PID:10376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36492.exe
9⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23393.exe
10⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35334.exe
11⤵
PID:9344

C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7202.exe
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9344 -s 216
12⤵
PID:12368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
11⤵
PID:10336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 236
10⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
9⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44578.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7816.exe
9⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47295.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31333.exe
11⤵
PID:9292

C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1748.exe
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9292 -s 216
12⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 220
11⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 236
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
9⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
8⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43233.exe
7⤵
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
8⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46903.exe
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15692.exe
10⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
11⤵
PID:9472

C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37493.exe
12⤵
PID:12732

C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60342.exe
13⤵
PID:14332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9472 -s 220
12⤵
PID:13844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4756 -s 216
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
9⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 236
8⤵
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
7⤵
- Program crash
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53177.exe
7⤵
PID:1820

C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39446.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26483.exe
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51763.exe
10⤵
PID:6904

C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8691.exe
11⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11478.exe
12⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6904 -s 216
11⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
10⤵
PID:8088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:5948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1820 -s 236
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23664.exe
7⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24537.exe
8⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1493.exe
9⤵
PID:6252

C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61976.exe
10⤵
PID:9312

C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35791.exe
11⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9312 -s 216
11⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6252 -s 216
10⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 216
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 236
8⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
7⤵
- Program crash
PID:4024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
6⤵
- Program crash
PID:796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 236
5⤵
- Program crash
PID:2768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1756

C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16509.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1332

C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25829.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20675.exe
8⤵
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47422.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14614.exe
10⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
11⤵
PID:6672

C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38406.exe
12⤵
PID:9756

C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18417.exe
13⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 236
13⤵
PID:14072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6672 -s 216
12⤵
PID:11768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4844 -s 216
11⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 236
9⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 236
8⤵
- Program crash
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18490.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28097.exe
8⤵
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16888.exe
9⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9378.exe
10⤵
PID:4236

C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30575.exe
11⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41063.exe
12⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40726.exe
13⤵
PID:12112

C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24629.exe
14⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
13⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
12⤵
PID:10884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4236 -s 236
11⤵
PID:7688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
10⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
9⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17363.exe
10⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18806.exe
11⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30337.exe
12⤵
PID:11872

C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1795.exe
13⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 216
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
11⤵
PID:10444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 236
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46135.exe
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
10⤵
PID:6396

C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
11⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54924.exe
12⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 216
12⤵
PID:9584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6396 -s 220
11⤵
PID:11188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
10⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
9⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
8⤵
- Program crash
PID:4052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1332 -s 240
7⤵
- Program crash
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3545.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3976.exe
8⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14318.exe
9⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42059.exe
10⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32812.exe
11⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21785.exe
12⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
12⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5880 -s 216
11⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
8⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7144.exe
9⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34083.exe
10⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14036.exe
11⤵
PID:9860

C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20799.exe
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9860 -s 216
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
11⤵
PID:10696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
10⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 240
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18921.exe
7⤵
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28948.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2362.exe
9⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
10⤵
PID:6716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48629.exe
11⤵
PID:10160

C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
12⤵
PID:12568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10160 -s 216
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6716 -s 220
11⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 220
10⤵
PID:8520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:6376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 236
8⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
7⤵
- Program crash
PID:3036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
6⤵
- Program crash
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-727.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30105.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34272.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9622.exe
8⤵
PID:2948

C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
9⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13462.exe
10⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30383.exe
11⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43393.exe
12⤵
PID:10000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22060.exe
13⤵
PID:12016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10000 -s 220
13⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 216
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 236
11⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 236
10⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17986.exe
11⤵
PID:9944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17841.exe
12⤵
PID:12572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9944 -s 216
12⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 220
11⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 220
10⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 240
9⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9274.exe
8⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
9⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
10⤵
PID:6632

C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57207.exe
11⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26637.exe
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 204
12⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6632 -s 216
11⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
10⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
8⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37395.exe
7⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34978.exe
8⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6638.exe
9⤵
PID:4144

C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
10⤵
PID:7072

C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36185.exe
11⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27872.exe
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 216
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7072 -s 216
11⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4144 -s 216
10⤵
PID:8400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 236
9⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49217.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48517.exe
7⤵
PID:1036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32155.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38927.exe
9⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21447.exe
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53616.exe
11⤵
PID:9496

C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56787.exe
12⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9496 -s 216
12⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 236
11⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 236
10⤵
PID:7476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 216
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1036 -s 236
8⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7136.exe
7⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59246.exe
9⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64280.exe
10⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31572.exe
11⤵
PID:12396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
11⤵
PID:13700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 220
10⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
9⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
8⤵
PID:6344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
- Program crash
PID:3896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
6⤵
- Program crash
PID:1780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 240
5⤵
- Program crash
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28953.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1132.exe
6⤵
- Executes dropped EXE
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1816

C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65429.exe
7⤵
PID:580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 240
8⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56145.exe
7⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38735.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49132.exe
9⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-798.exe
10⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61530.exe
11⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
11⤵
PID:13532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
9⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 216
8⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1816 -s 240
7⤵
- Program crash
PID:4016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
6⤵
- Program crash
PID:2128

C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16077.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16399.exe
6⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39254.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3924.exe
8⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18515.exe
9⤵
PID:6592

C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25687.exe
10⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35080.exe
11⤵
PID:12336

C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36497.exe
12⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
11⤵
PID:13660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6592 -s 216
10⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4632 -s 216
9⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 236
6⤵
- Program crash
PID:3120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
5⤵
- Program crash
PID:308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1756 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13576.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:996

C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63099.exe
8⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55782.exe
9⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51371.exe
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
11⤵
PID:6740

C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38323.exe
12⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41686.exe
13⤵
PID:12460

C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52750.exe
14⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
13⤵
PID:13788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6740 -s 216
12⤵
PID:10688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4360 -s 216
11⤵
PID:8000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
10⤵
PID:5608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44085.exe
8⤵
PID:3248

C:\Users\Admin\AppData\Local\Temp\Unicorn-27059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27059.exe
9⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40.exe
10⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10720.exe
11⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4545.exe
12⤵
PID:11796

C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1878.exe
13⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 216
12⤵
PID:13616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
10⤵
PID:8008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3248 -s 216
9⤵
PID:5572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 996 -s 240
8⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51402.exe
7⤵
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64443.exe
8⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1402.exe
9⤵
PID:3512

C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4316.exe
10⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47477.exe
11⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39081.exe
12⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3512 -s 216
10⤵
PID:7860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 236
9⤵
PID:6104

C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59326.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15993.exe
9⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9568.exe
10⤵
PID:9532

C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5448.exe
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9532 -s 216
11⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
10⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
9⤵
PID:7704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
8⤵
PID:5592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6238.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50655.exe
7⤵
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55590.exe
8⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34843.exe
9⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33289.exe
10⤵
PID:6936

C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13434.exe
11⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28282.exe
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 216
12⤵
PID:12388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6936 -s 216
11⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5024 -s 216
10⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
9⤵
PID:6052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2544 -s 216
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39808.exe
7⤵
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34459.exe
8⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48857.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19875.exe
10⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38313.exe
11⤵
PID:11716

C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14597.exe
12⤵
PID:14188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9612 -s 216
11⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:10572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 236
9⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3992 -s 216
8⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
7⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
6⤵
- Program crash
PID:1344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 236
5⤵
- Program crash
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-644.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63763.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27775.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21828.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36841.exe
8⤵
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1921.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44114.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18214.exe
11⤵
PID:7052

C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14228.exe
12⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43611.exe
13⤵
PID:11888

C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24437.exe
14⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
13⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7052 -s 216
12⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
9⤵
PID:4600

C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25610.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62588.exe
9⤵
PID:5384

C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26958.exe
10⤵
PID:6964

C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15826.exe
11⤵
PID:9868

C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25049.exe
12⤵
PID:12888

C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
13⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9868 -s 236
12⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6964 -s 220
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5384 -s 216
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 216
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
8⤵
PID:4288

C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16975.exe
7⤵
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10473.exe
8⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10146.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62863.exe
10⤵
PID:5216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
11⤵
PID:9576

C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36175.exe
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9576 -s 216
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5216 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 236
10⤵
PID:7532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 236
8⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 240
7⤵
- Program crash
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36772.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28673.exe
7⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4635.exe
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1786.exe
9⤵
PID:4536

C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36989.exe
10⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13112.exe
11⤵
PID:9320

C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22911.exe
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9320 -s 220
12⤵
PID:13856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
11⤵
PID:11132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4536 -s 236
10⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3816 -s 236
9⤵
PID:5916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 236
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
7⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-315.exe
9⤵
PID:6168

C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13242.exe
10⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18936.exe
11⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 216
11⤵
PID:13584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6168 -s 216
10⤵
PID:11260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
9⤵
PID:8428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
8⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 240
7⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 240
6⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42719.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:328

C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25912.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5875.exe
7⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21740.exe
8⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54311.exe
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44716.exe
10⤵
PID:9152

C:\Users\Admin\AppData\Local\Temp\Unicorn-41966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41966.exe
11⤵
PID:12096

C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10155.exe
12⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9152 -s 216
11⤵
PID:12536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 216
10⤵
PID:10016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 236
9⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 236
8⤵
PID:5208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 236
7⤵
- Program crash
PID:3952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 328 -s 236
6⤵
- Program crash
PID:3088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 488 -s 240
5⤵
- Program crash
PID:1104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1268

C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36545.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1772

C:\Users\Admin\AppData\Local\Temp\Unicorn-15138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15138.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54417.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-660.exe
8⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-31470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31470.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24153.exe
10⤵
PID:4800

C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8208.exe
11⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7596.exe
12⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8717.exe
13⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 236
13⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 216
12⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4800 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 236
10⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 236
9⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46415.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3540.exe
9⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16761.exe
10⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20560.exe
11⤵
PID:9224

C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51779.exe
12⤵
PID:11988

C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13092.exe
13⤵
PID:13952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11988 -s 216
13⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9224 -s 220
12⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 236
11⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
10⤵
PID:8156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:5940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
8⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
7⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3592.exe
7⤵
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27002.exe
8⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42744.exe
9⤵
PID:5528

C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12562.exe
10⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43725.exe
11⤵
PID:11116

C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5220.exe
12⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 236
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 236
8⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46031.exe
7⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36789.exe
8⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53901.exe
9⤵
PID:7000

C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53232.exe
10⤵
PID:8820

C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40212.exe
11⤵
PID:11372

C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17229.exe
12⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8820 -s 216
11⤵
PID:12960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7000 -s 216
10⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
9⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
8⤵
PID:6080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
7⤵
- Program crash
PID:3224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1772 -s 240
6⤵
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30083.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2076

C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46524.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26151.exe
7⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60167.exe
8⤵
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64334.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
10⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51078.exe
11⤵
PID:6652

C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6060.exe
12⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
13⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
13⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6652 -s 216
12⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5040 -s 216
11⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
10⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 236
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48553.exe
8⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36021.exe
9⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1986.exe
10⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55754.exe
11⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29137.exe
12⤵
PID:12080

C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32413.exe
13⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
12⤵
PID:12708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
11⤵
PID:10516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 216
10⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
9⤵
PID:5392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 240
8⤵
- Program crash
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44386.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
8⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30710.exe
9⤵
PID:4492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4492 -s 224
10⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
9⤵
PID:6860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 236
8⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
7⤵
- Program crash
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27774.exe
6⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53644.exe
7⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-416.exe
8⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38935.exe
9⤵
PID:6760

C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50191.exe
10⤵
PID:9656

C:\Users\Admin\AppData\Local\Temp\Unicorn-24774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24774.exe
11⤵
PID:12300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9656 -s 216
11⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6760 -s 220
10⤵
PID:11204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
9⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
8⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 216
7⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2076 -s 240
6⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1268 -s 240
5⤵
- Program crash
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51490.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19223.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1604

C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50608.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51724.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53452.exe
8⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1978.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23860.exe
10⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34649.exe
11⤵
PID:9928

C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48956.exe
12⤵
PID:11440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9928 -s 216
12⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
11⤵
PID:10736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 216
10⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
9⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 216
8⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 236
7⤵
- Program crash
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49264.exe
6⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22918.exe
7⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34576.exe
8⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11576.exe
9⤵
PID:9144

C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25106.exe
10⤵
PID:10468

C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29725.exe
11⤵
PID:14236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9144 -s 216
10⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5496 -s 216
9⤵
PID:9908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
8⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
7⤵
PID:4552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1604 -s 240
6⤵
- Program crash
PID:1988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 236
5⤵
- Program crash
PID:800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 240
4⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
2⤵
- Program crash
PID:2616

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12341.exe
Filesize
184KB

MD5
20454fb9036e5865d3c2f542a0cf1c91

SHA1
c9746cc58476b4159c29b592a04881995061dff9

SHA256
17d8d1effb7e39f732a83c69a48168f312a564a88a1f13275d969d8b1d12fd35

SHA512
0e16352602ada44b3874e967b10f494c084bc1b57ad2b25b694d78e16a454fd59cf951da25bc4660c5fa6f20bfdbe8c56a4ba5325d7771bce63a614fd76dd61c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
Filesize
184KB

MD5
a18ddab78660ec3edd41ad1f248062e7

SHA1
4bf776903edb1bd097c65c8f822c311bd5a75216

SHA256
8dcf72449e4563bff6ef02618089a3029dbbc61afcf7eec272e5b6483fc54a79

SHA512
3765c7878665a3f5961175c7d9a10423d8f314e300dd6cd8688634ba467092fea5507eb331683adcd1e9c733ef064a02f6d61d50c9043c29345d0b2e62d097f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-28043.exe
Filesize
184KB

MD5
67ecd603333f0201534bfab2edfbf9ed

SHA1
5ad7465913bfc2aeacfcb59a7484c26bde4add03

SHA256
146241395fc233a3e16460046c6da91281164c9a2183f3439f567ba063882142

SHA512
4c33cc53f02bdf1c8b0ecdcf1d531d9cdb4392c731a93975419211aa9ca73c735de86c5f24cb3d91e8ca44e11a3b30a8a8e1f41cbe66371fb4a608de9560e154

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-32988.exe
Filesize
184KB

MD5
af565e1fe5042c2a62df77b5f3930781

SHA1
61c08c211c6663f89556bd4c1ed5fed3e19861ba

SHA256
71bd71140708084b718d14ea290912742229a24350bf52310c2d0bd5ec839980

SHA512
451defdcbb208806ab61aa6e629a61afc407e470f28792eabef28f9c09a908227614a26c33f0aa30a67ce44db0c127d6f76fc160217f1dc0c23687602e9e21df

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36933.exe
Filesize
184KB

MD5
cb43c743aaec441be30876633a039129

SHA1
e7101615ae57bc23ac25d3b39f0ce18a8c16bdb4

SHA256
5ed06735bec71012090e2b4181313803ded25b5f72d13535fdbd5db9d683aef0

SHA512
ca8132dcae64ea7518a046e8b1c1240be7fea9191892d5ffdf62cac986f63400181770dac9d5d380263e2ac1513b0eb51f22587884477971e131df678c28a53b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40965.exe
Filesize
184KB

MD5
e052b25f6dec1dfe9797455c8b1eedeb

SHA1
5b992e4582754cd43cba31cece9a5c79bca484e1

SHA256
38b5771c49cff2e4ddd599d8201253defee9035e798772dad6ae0a7735564197

SHA512
52fe87c7041686a45b3be23a2389e87eab7a3856b946f361ce6bc97715ca74d531aded09ecea1d94a0ea219edac87e606e201d2a5dd9d03f5ce313f8375b2832

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54713.exe
Filesize
184KB

MD5
ab23f5d0dd84a5e12d49d217ac455d36

SHA1
9a63a594f1f0b955c26abec2d9b11d06e4a8de3b

SHA256
b8cc7f8ceadd35b5d77012bab6f84c9cf4ccabc3d1f782c5a647d28cabd3a865

SHA512
fd73e3e3e4385c8778e52ba95b14e98b2d1368fab81cba58d299f07a2c639b6bbd983eb7c2bce60d98ad13dac7956be870f78b813f9b6c4de870b7d1b29fe8a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55645.exe
Filesize
184KB

MD5
0dad9ac15c1eed80a0b4a0de969488f5

SHA1
88073a93f9d877e54e30bf6f5f540575825c0fc8

SHA256
a1789abc57167e25595a2036a8f1813f4078c4c8441fe5f8ee3e1253252e8b1f

SHA512
e1e969fa9e85a88dcea766ffb9c1795b9b1a8ea67f7779319f7a6dc6b4b832ee5b5704bcb790644cb87e743ed1cf56f2f5328c1f2dc8f3d11ff5d102f32c3ac0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63714.exe
Filesize
184KB

MD5
fc9b6d30173b9e39d1ad784a321a3f6f

SHA1
f42172c935da675e1cbf995f930a73be76a887b7

SHA256
dad9a1d551d03f3c5f86e559b43ee7c59cabfccc2bfaa6f40e177b07173971b3

SHA512
00505dec2b6ed12e6e29525b0dfc51faa6a595ca94cd529da773e112dd4f452ec95985120f52f5e5d6a6c4b6b6a4610b55d7b6bd88f04114bba0f02bfb028b03

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-8537.exe
Filesize
184KB

MD5
3bbd4451ea02617bb784e745898cc9bb

SHA1
9affd854166d83c4da5f06ac834f72e3680b7af4

SHA256
842277e45f700296e5e299f0b8a6063c5caacb973506f4d3991496d2dfaf2918

SHA512
b509197c34f379f8f2f0133cd1974fb34c89db21548f21f1ebf79514778a73272cef50ee30da841062de82e383f238a292bcba358bb0bed1ffe5969726dce09c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1931.exe
Filesize
184KB

MD5
65d91db8937b5c41eef13194382a57da

SHA1
112a2267176871c5e944f216dfd2f7800252d255

SHA256
83406a504b6c0c5537cad92e36a03e08657c89bb77372dbbc64152a78950e45c

SHA512
ff77b03839bdf43f90b81e199e46200477f55392b406679c19264d26cd06cfa9f56e2c7533e9123a3a853b006d8c80732d8adb5b72586ec5a8114c155e20aecd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21797.exe
Filesize
184KB

MD5
caf98d3844f931cc9aef12cf4e5eca68

SHA1
ba38740110507fadecaa3ed7e17dc3c7c7a8153c

SHA256
1c09e90f96ab8022c876d5171e05f8a90d780c23d2df381d92682d26688756b0

SHA512
f27c4809bb090ac8628e4b088a9d5aa52f7f49ae02773c61e1a9dcd9638c7ad0564aa6fc962a42a10e7a9f2d99467cdefa53fe30ecef9db19478d1b084c047e5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23373.exe
Filesize
184KB

MD5
86ded785465d85f48f0d5921f8580b81

SHA1
1c9bb25a1820faa7de1f3470d553b487b19ee6db

SHA256
befa92221a1ad4a1fabf0f6b534a3b6297bafc5ef59a83602041b2d21f3b2466

SHA512
40b25afc932a953e7f716e09dacd86f9e45ed30ff5f67701622b0350f79758a37ac735fcc5a3b20235b48516a184e1b0ff6a48f2b9f28f1d80bf301f4c78bd2f

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27286.exe
Filesize
184KB

MD5
338142c59298af23de50bfe9ac6a5928

SHA1
5579bd0816c59eea87eaa56835e6b6498f209b46

SHA256
d7e09eb60537021b6126881099599e7521e7f76c5c30140b4e7c3fd1e1a7fae0

SHA512
c4e035a39e6866b4960073d4f5f0f6613ec86acc4b5596e591ae74f16f5132f1cc3cf48db1a1e38a6ab0815baa116b45e9b93045fa2087a6a4373058eebf1fab

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39155.exe
Filesize
184KB

MD5
176fe42b817c1b6d3588096e92ff8c8b

SHA1
490e6f9bb9709a804aecd84923aead5e9a0b2a1d

SHA256
50bdef1d86ad41570e3cddfd97fd119b41dc97af647bf30e3526f5b8463107bf

SHA512
f69215cb91dbd719b7896313ac1bd538482e510fa677b476ad3a33b9fbf5e7acb1890322c95a3884990563a025c3069b2cb17ded9fcaa53585ee13a6380493d2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43239.exe
Filesize
184KB

MD5
811eb6035c3004cb2d7d9c1b431f764e

SHA1
392ff7e69f04f41836190decccef436d0cec99b5

SHA256
9ea587c1aa39a2afc625e5e7bfbf31aa7bf4de8da5e276072cb42a01e1998668

SHA512
3eb54f21b984595e38ed65f68d9742ee9c587493e06b866b513c73d572963f20b962f57437b6d4a79fa509c3facb58b9d7405490d4ee7bc08953b685f1764a57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44630.exe
Filesize
184KB

MD5
4c31b94c097e5f89320e609ff77fa636

SHA1
51dab870e34dacc0d9a38324b6ba5b6acea15642

SHA256
2896b4e44208a00a200952a6fd9914bf4ac375e531ae50e0fa84e48e635aaf12

SHA512
742752af9a13b4629310b0316019fd8a7363f71f11de5bb4e1db82abff6fc05d24c8de8f6e4c6c29e4e3e3502f4907c5198ba17065cbae249e99d673413ea66c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47349.exe
Filesize
184KB

MD5
fb5965e641dce524f4c524c5b0e4edf2

SHA1
c397ed5b6a66bfaaabdcd55e63f7e342b681226e

SHA256
0cb55065a8b67e17fe2cf42591474f7619ed0032074a159661422dd63eb6db80

SHA512
b37845b0b6ffa96a11fb91cc107595a78c079ebd9a91a4ed558b5ce29c8949fcf32c97ba4d847a18c7054e0ce68e1b2788108e37234372ef826cd5a02d341c0e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52523.exe
Filesize
184KB

MD5
f52392b23d11af1795eeb76c6b577355

SHA1
0902a9a8a2aadbfef1a9c306115d5abca1534e68

SHA256
e96086d41135ead89b5391f8cd48ed59f5114df8726ac697e7f8ab6e514a52f7

SHA512
67c068e0384407a58759dc8ab7e1e57c53703af2dd15fb1924546e69503907bd76f809f8165dc8e191bacd0ea64243bc03255f71ba9aa36a14c35a5d7685bd73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
Filesize
184KB

MD5
6bb1d36fb6ad9cce7d61d87712d87163

SHA1
98ab02f0e5b875014d064080617678d8387e319c

SHA256
f7de148dac7c4a54c872859208277eb42fddc017528c4ad37b8a72c2b4a1cae5

SHA512
cbe3a32c4dd58d550c70fc5e5c76c6102f9973279186fb6677929a5f56753dabfb2259415cd857a7320f38168d83d4ca0a0faedd4508801f2648ca347ec66996

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads