781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
Size

184KB
MD5

18ea32368dd8bbd32884c6edd7b8ccb0
SHA1

60f45fe89da5af539944d813edd2e57737a4616e
SHA256

781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170
SHA512

f312237fa48d5172e56cf0d97a90a5a90a4faf05b20839735acdb5c6e8913ff859316b9a407388a2bd03753ff3f39b5671d02a1685f45c49ddbd3607e6cf3c13
SSDEEP

3072:l3e3s8oXbnu/dFaWe8wLRqsyhlnViFpn3:l36oalFafL4syhlnViFp

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-43110.exeUnicorn-64490.exeUnicorn-44625.exeUnicorn-64573.exeUnicorn-29763.exeUnicorn-40623.exeUnicorn-52404.exeUnicorn-1812.exeUnicorn-3395.exeUnicorn-27070.exeUnicorn-427.exeUnicorn-58351.exeUnicorn-43406.exeUnicorn-23540.exeUnicorn-56317.exeUnicorn-17423.exeUnicorn-52233.exeUnicorn-32367.exeUnicorn-29675.exeUnicorn-64485Unicorn-32367.exeUnicorn-5725.exeUnicorn-5253.exeUnicorn-28366.exeUnicorn-13421.exeUnicorn-36726.exeUnicorn-34034.exeUnicorn-22336.exeUnicorn-15559.exeUnicorn-30504Unicorn-11475.exeUnicorn-46286.exeUnicorn-23536.exeUnicorn-3670.exeUnicorn-37878.exeUnicorn-57744.exeUnicorn-53660.exeUnicorn-33794.exeUnicorn-35186.exeUnicorn-43354.exeUnicorn-50131.exeUnicorn-51522.exeUnicorn-20604.exeUnicorn-35548.exeUnicorn-10297.exeUnicorn-17074.exeUnicorn-17074.exeUnicorn-6213.exeUnicorn-29326.exeUnicorn-53743.exeUnicorn-8434.exeUnicorn-31547.exeUnicorn-821.exeUnicorn-13073.exeUnicorn-28855.exeUnicorn-64412.exeUnicorn-14656.exeUnicorn-26909.exeUnicorn-22825.exeUnicorn-45938.exeUnicorn-35077.exeUnicorn-41853.exeUnicorn-39737.exeUnicorn-17179.exe

pid	process
2448	Unicorn-43110.exe
2812	Unicorn-64490.exe
2468	Unicorn-44625.exe
2712	Unicorn-64573.exe
2640	Unicorn-29763.exe
2484	Unicorn-40623.exe
2676	Unicorn-52404.exe
1592	Unicorn-1812.exe
1896	Unicorn-3395.exe
2644	Unicorn-27070.exe
1420	Unicorn-427.exe
864	Unicorn-58351.exe
2912	Unicorn-43406.exe
2924	Unicorn-23540.exe
584	Unicorn-56317.exe
2344	Unicorn-17423.exe
812	Unicorn-52233.exe
2332	Unicorn-32367.exe
628	Unicorn-29675.exe
448	Unicorn-64485
888	Unicorn-32367.exe
3000	Unicorn-5725.exe
2072	Unicorn-5253.exe
1712	Unicorn-28366.exe
2960	Unicorn-13421.exe
2616	Unicorn-36726.exe
884	Unicorn-34034.exe
2264	Unicorn-22336.exe
1652	Unicorn-15559.exe
2328	Unicorn-30504
1540	Unicorn-11475.exe
2192	Unicorn-46286.exe
2620	Unicorn-23536.exe
2496	Unicorn-3670.exe
2408	Unicorn-37878.exe
2540	Unicorn-57744.exe
300	Unicorn-53660.exe
1484	Unicorn-33794.exe
1848	Unicorn-35186.exe
2684	Unicorn-43354.exe
1220	Unicorn-50131.exe
620	Unicorn-51522.exe
3060	Unicorn-20604.exe
2920	Unicorn-35548.exe
1648	Unicorn-10297.exe
2940	Unicorn-17074.exe
840	Unicorn-17074.exe
544	Unicorn-6213.exe
1236	Unicorn-29326.exe
1248	Unicorn-53743.exe
1920	Unicorn-8434.exe
2280	Unicorn-31547.exe
2160	Unicorn-821.exe
2632	Unicorn-13073.exe
1736	Unicorn-28855.exe
3028	Unicorn-64412.exe
2024	Unicorn-14656.exe
1520	Unicorn-26909.exe
2744	Unicorn-22825.exe
2688	Unicorn-45938.exe
2784	Unicorn-35077.exe
1556	Unicorn-41853.exe
2868	Unicorn-39737.exe
1472	Unicorn-17179.exe

Loads dropped DLL 64 IoCs

Processes:

781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exeUnicorn-43110.exeUnicorn-64490.exeUnicorn-44625.exeWerFault.exeWerFault.exeUnicorn-29763.exeUnicorn-40623.exeWerFault.exeUnicorn-1812.exeUnicorn-52404.exeUnicorn-3395.exeWerFault.exeWerFault.exeUnicorn-23540.exeUnicorn-27070.exeUnicorn-43406.exeUnicorn-58351.exe

pid	process
2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
2448	Unicorn-43110.exe
2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
2448	Unicorn-43110.exe
2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
2812	Unicorn-64490.exe
2468	Unicorn-44625.exe
2468	Unicorn-44625.exe
2812	Unicorn-64490.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2376	WerFault.exe
2448	Unicorn-43110.exe
2448	Unicorn-43110.exe
2376	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2640	Unicorn-29763.exe
2640	Unicorn-29763.exe
2812	Unicorn-64490.exe
2812	Unicorn-64490.exe
2484	Unicorn-40623.exe
2484	Unicorn-40623.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1544	WerFault.exe
1592	Unicorn-1812.exe
1592	Unicorn-1812.exe
2676	Unicorn-52404.exe
2676	Unicorn-52404.exe
2640	Unicorn-29763.exe
2640	Unicorn-29763.exe
1896	Unicorn-3395.exe
1896	Unicorn-3395.exe
2484	Unicorn-40623.exe
2484	Unicorn-40623.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
536	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
2924	Unicorn-23540.exe
2924	Unicorn-23540.exe
2644	Unicorn-27070.exe
2644	Unicorn-27070.exe
2912	Unicorn-43406.exe
2912	Unicorn-43406.exe
1592	Unicorn-1812.exe
864	Unicorn-58351.exe
1896	Unicorn-3395.exe
864	Unicorn-58351.exe
1592	Unicorn-1812.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
3004	2108	WerFault.exe	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
2376	2712	WerFault.exe	Unicorn-64573.exe
2664	2448	WerFault.exe	Unicorn-43110.exe
1544	2812	WerFault.exe	Unicorn-64490.exe
536	2640	WerFault.exe	Unicorn-29763.exe
560	2484	WerFault.exe	Unicorn-40623.exe
956	2468	WerFault.exe	Unicorn-44625.exe
1576	1592	WerFault.exe	Unicorn-1812.exe
1744	2676	WerFault.exe	Unicorn-52404.exe
1020	1896	WerFault.exe	Unicorn-3395.exe
2608	2924	WerFault.exe	Unicorn-23540.exe
2096	2644	WerFault.exe	Unicorn-27070.exe
2528	2912	WerFault.exe	Unicorn-43406.exe
2896	864	WerFault.exe	Unicorn-58351.exe
2016	1420	WerFault.exe	Unicorn-427.exe
1456	1484	WerFault.exe	Unicorn-33794.exe
2204	584	WerFault.exe	Unicorn-56317.exe
692	2344	WerFault.exe	Unicorn-17423.exe
1492	888	WerFault.exe	Unicorn-32367.exe
1692	448	WerFault.exe	Unicorn-64485
680	2332	WerFault.exe	Unicorn-32367.exe
2948	3000	WerFault.exe	Unicorn-5725.exe
2864	628	WerFault.exe	Unicorn-29675.exe
240	2072	WerFault.exe	Unicorn-5253.exe
2972	1712	WerFault.exe	Unicorn-28366.exe
2284	2616	WerFault.exe	Unicorn-36726.exe
1960	884	WerFault.exe	Unicorn-34034.exe
2060	2264	WerFault.exe	Unicorn-22336.exe
2996	1652	WerFault.exe	Unicorn-15559.exe
2992	2328	WerFault.exe	Unicorn-30504
2172	1540	WerFault.exe	Unicorn-11475.exe
2720	2620	WerFault.exe	Unicorn-23536.exe
2740	2496	WerFault.exe	Unicorn-3670.exe
2732	2192	WerFault.exe	Unicorn-46286.exe
1120	1868	WerFault.exe	Unicorn-21310.exe
1404	2408	WerFault.exe	Unicorn-37878.exe
1984	2540	WerFault.exe	Unicorn-57744.exe
2316	2684	WerFault.exe	Unicorn-43354.exe
2372	1220	WerFault.exe	Unicorn-50131.exe
2708	300	WerFault.exe	Unicorn-53660.exe
1448	1848	WerFault.exe	Unicorn-35186.exe
376	620	WerFault.exe	Unicorn-51522.exe
3132	1648	WerFault.exe	Unicorn-10297.exe
3140	840	WerFault.exe	Unicorn-17074.exe
3148	3060	WerFault.exe	Unicorn-20604.exe
3208	2940	WerFault.exe	Unicorn-17074.exe
3224	544	WerFault.exe	Unicorn-6213.exe
3244	1236	WerFault.exe	Unicorn-29326.exe
3676	812	WerFault.exe	Unicorn-52233.exe
3088	1248	WerFault.exe	Unicorn-53743.exe
3104	1920	WerFault.exe	Unicorn-8434.exe
3128	2160	WerFault.exe	Unicorn-821.exe
3196	2280	WerFault.exe	Unicorn-31547.exe
3460	2632	WerFault.exe	Unicorn-13073.exe
3484	1736	WerFault.exe	Unicorn-28855.exe
3584	1556	WerFault.exe	Unicorn-41853.exe
3576	2868	WerFault.exe	Unicorn-39737.exe
3628	2024	WerFault.exe	Unicorn-14656.exe
3640	3028	WerFault.exe	Unicorn-64412.exe
3736	1520	WerFault.exe	Unicorn-26909.exe
3732	1472	WerFault.exe	Unicorn-17179.exe
3756	1340	WerFault.exe	Unicorn-58766.exe
3820	2744	WerFault.exe	Unicorn-22825.exe
3992	2784	WerFault.exe	Unicorn-35077.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exeUnicorn-43110.exeUnicorn-64490.exeUnicorn-44625.exeUnicorn-29763.exeUnicorn-64573.exeUnicorn-40623.exeUnicorn-52404.exeUnicorn-1812.exeUnicorn-3395.exeUnicorn-27070.exeUnicorn-427.exeUnicorn-43406.exeUnicorn-58351.exeUnicorn-23540.exeUnicorn-56317.exeUnicorn-17423.exeUnicorn-52233.exeUnicorn-32367.exeUnicorn-5725.exeUnicorn-64485Unicorn-32367.exeUnicorn-29675.exeUnicorn-5253.exeUnicorn-28366.exeUnicorn-13421.exeUnicorn-36726.exeUnicorn-34034.exeUnicorn-22336.exeUnicorn-15559.exeUnicorn-30504Unicorn-11475.exeUnicorn-3670.exeUnicorn-46286.exeUnicorn-23536.exeUnicorn-37878.exeUnicorn-57744.exeUnicorn-33794.exeUnicorn-53660.exeUnicorn-35186.exeUnicorn-43354.exeUnicorn-50131.exeUnicorn-51522.exeUnicorn-20604.exeUnicorn-17074.exeUnicorn-10297.exeUnicorn-17074.exeUnicorn-29326.exeUnicorn-6213.exeUnicorn-53743.exeUnicorn-8434.exeUnicorn-31547.exeUnicorn-821.exeUnicorn-13073.exeUnicorn-28855.exeUnicorn-64412.exeUnicorn-14656.exeUnicorn-26909.exeUnicorn-22825.exeUnicorn-45938.exeUnicorn-35077.exeUnicorn-41853.exeUnicorn-39737.exeUnicorn-51989.exe

pid	process
2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
2448	Unicorn-43110.exe
2812	Unicorn-64490.exe
2468	Unicorn-44625.exe
2640	Unicorn-29763.exe
2712	Unicorn-64573.exe
2484	Unicorn-40623.exe
2676	Unicorn-52404.exe
1592	Unicorn-1812.exe
1896	Unicorn-3395.exe
2644	Unicorn-27070.exe
1420	Unicorn-427.exe
2912	Unicorn-43406.exe
864	Unicorn-58351.exe
2924	Unicorn-23540.exe
584	Unicorn-56317.exe
2344	Unicorn-17423.exe
812	Unicorn-52233.exe
2332	Unicorn-32367.exe
3000	Unicorn-5725.exe
448	Unicorn-64485
888	Unicorn-32367.exe
628	Unicorn-29675.exe
2072	Unicorn-5253.exe
1712	Unicorn-28366.exe
2960	Unicorn-13421.exe
2616	Unicorn-36726.exe
884	Unicorn-34034.exe
2264	Unicorn-22336.exe
1652	Unicorn-15559.exe
2328	Unicorn-30504
1540	Unicorn-11475.exe
2496	Unicorn-3670.exe
2192	Unicorn-46286.exe
2620	Unicorn-23536.exe
2408	Unicorn-37878.exe
2540	Unicorn-57744.exe
1484	Unicorn-33794.exe
300	Unicorn-53660.exe
1848	Unicorn-35186.exe
2684	Unicorn-43354.exe
1220	Unicorn-50131.exe
620	Unicorn-51522.exe
3060	Unicorn-20604.exe
840	Unicorn-17074.exe
1648	Unicorn-10297.exe
2940	Unicorn-17074.exe
1236	Unicorn-29326.exe
544	Unicorn-6213.exe
1248	Unicorn-53743.exe
1920	Unicorn-8434.exe
2280	Unicorn-31547.exe
2160	Unicorn-821.exe
2632	Unicorn-13073.exe
1736	Unicorn-28855.exe
3028	Unicorn-64412.exe
2024	Unicorn-14656.exe
1520	Unicorn-26909.exe
2744	Unicorn-22825.exe
2688	Unicorn-45938.exe
2784	Unicorn-35077.exe
1556	Unicorn-41853.exe
2868	Unicorn-39737.exe
1320	Unicorn-51989.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exeUnicorn-43110.exeUnicorn-44625.exeUnicorn-64490.exeUnicorn-64573.exeUnicorn-29763.exeUnicorn-40623.exeUnicorn-1812.exeUnicorn-52404.exe

description	pid	process	target process
PID 2108 wrote to memory of 2448	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-43110.exe
PID 2108 wrote to memory of 2448	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-43110.exe
PID 2108 wrote to memory of 2448	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-43110.exe
PID 2108 wrote to memory of 2448	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-43110.exe
PID 2448 wrote to memory of 2812	2448	Unicorn-43110.exe	Unicorn-64490.exe
PID 2448 wrote to memory of 2812	2448	Unicorn-43110.exe	Unicorn-64490.exe
PID 2448 wrote to memory of 2812	2448	Unicorn-43110.exe	Unicorn-64490.exe
PID 2448 wrote to memory of 2812	2448	Unicorn-43110.exe	Unicorn-64490.exe
PID 2108 wrote to memory of 2468	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-44625.exe
PID 2108 wrote to memory of 2468	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-44625.exe
PID 2108 wrote to memory of 2468	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-44625.exe
PID 2108 wrote to memory of 2468	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	Unicorn-44625.exe
PID 2108 wrote to memory of 3004	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	WerFault.exe
PID 2108 wrote to memory of 3004	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	WerFault.exe
PID 2108 wrote to memory of 3004	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	WerFault.exe
PID 2108 wrote to memory of 3004	2108	781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe	WerFault.exe
PID 2468 wrote to memory of 2712	2468	Unicorn-44625.exe	Unicorn-64573.exe
PID 2468 wrote to memory of 2712	2468	Unicorn-44625.exe	Unicorn-64573.exe
PID 2468 wrote to memory of 2712	2468	Unicorn-44625.exe	Unicorn-64573.exe
PID 2468 wrote to memory of 2712	2468	Unicorn-44625.exe	Unicorn-64573.exe
PID 2812 wrote to memory of 2640	2812	Unicorn-64490.exe	Unicorn-29763.exe
PID 2812 wrote to memory of 2640	2812	Unicorn-64490.exe	Unicorn-29763.exe
PID 2812 wrote to memory of 2640	2812	Unicorn-64490.exe	Unicorn-29763.exe
PID 2812 wrote to memory of 2640	2812	Unicorn-64490.exe	Unicorn-29763.exe
PID 2712 wrote to memory of 2376	2712	Unicorn-64573.exe	WerFault.exe
PID 2712 wrote to memory of 2376	2712	Unicorn-64573.exe	WerFault.exe
PID 2712 wrote to memory of 2376	2712	Unicorn-64573.exe	WerFault.exe
PID 2712 wrote to memory of 2376	2712	Unicorn-64573.exe	WerFault.exe
PID 2448 wrote to memory of 2484	2448	Unicorn-43110.exe	Unicorn-40623.exe
PID 2448 wrote to memory of 2484	2448	Unicorn-43110.exe	Unicorn-40623.exe
PID 2448 wrote to memory of 2484	2448	Unicorn-43110.exe	Unicorn-40623.exe
PID 2448 wrote to memory of 2484	2448	Unicorn-43110.exe	Unicorn-40623.exe
PID 2448 wrote to memory of 2664	2448	Unicorn-43110.exe	WerFault.exe
PID 2448 wrote to memory of 2664	2448	Unicorn-43110.exe	WerFault.exe
PID 2448 wrote to memory of 2664	2448	Unicorn-43110.exe	WerFault.exe
PID 2448 wrote to memory of 2664	2448	Unicorn-43110.exe	WerFault.exe
PID 2640 wrote to memory of 2676	2640	Unicorn-29763.exe	Unicorn-52404.exe
PID 2640 wrote to memory of 2676	2640	Unicorn-29763.exe	Unicorn-52404.exe
PID 2640 wrote to memory of 2676	2640	Unicorn-29763.exe	Unicorn-52404.exe
PID 2640 wrote to memory of 2676	2640	Unicorn-29763.exe	Unicorn-52404.exe
PID 2812 wrote to memory of 1592	2812	Unicorn-64490.exe	Unicorn-1812.exe
PID 2812 wrote to memory of 1592	2812	Unicorn-64490.exe	Unicorn-1812.exe
PID 2812 wrote to memory of 1592	2812	Unicorn-64490.exe	Unicorn-1812.exe
PID 2812 wrote to memory of 1592	2812	Unicorn-64490.exe	Unicorn-1812.exe
PID 2484 wrote to memory of 1896	2484	Unicorn-40623.exe	Unicorn-3395.exe
PID 2484 wrote to memory of 1896	2484	Unicorn-40623.exe	Unicorn-3395.exe
PID 2484 wrote to memory of 1896	2484	Unicorn-40623.exe	Unicorn-3395.exe
PID 2484 wrote to memory of 1896	2484	Unicorn-40623.exe	Unicorn-3395.exe
PID 2812 wrote to memory of 1544	2812	Unicorn-64490.exe	WerFault.exe
PID 2812 wrote to memory of 1544	2812	Unicorn-64490.exe	WerFault.exe
PID 2812 wrote to memory of 1544	2812	Unicorn-64490.exe	WerFault.exe
PID 2812 wrote to memory of 1544	2812	Unicorn-64490.exe	WerFault.exe
PID 1592 wrote to memory of 2644	1592	Unicorn-1812.exe	Unicorn-27070.exe
PID 1592 wrote to memory of 2644	1592	Unicorn-1812.exe	Unicorn-27070.exe
PID 1592 wrote to memory of 2644	1592	Unicorn-1812.exe	Unicorn-27070.exe
PID 1592 wrote to memory of 2644	1592	Unicorn-1812.exe	Unicorn-27070.exe
PID 2676 wrote to memory of 1420	2676	Unicorn-52404.exe	Unicorn-427.exe
PID 2676 wrote to memory of 1420	2676	Unicorn-52404.exe	Unicorn-427.exe
PID 2676 wrote to memory of 1420	2676	Unicorn-52404.exe	Unicorn-427.exe
PID 2676 wrote to memory of 1420	2676	Unicorn-52404.exe	Unicorn-427.exe
PID 2640 wrote to memory of 864	2640	Unicorn-29763.exe	Unicorn-58351.exe
PID 2640 wrote to memory of 864	2640	Unicorn-29763.exe	Unicorn-58351.exe
PID 2640 wrote to memory of 864	2640	Unicorn-29763.exe	Unicorn-58351.exe
PID 2640 wrote to memory of 864	2640	Unicorn-29763.exe	Unicorn-58351.exe

C:\Users\Admin\AppData\Local\Temp\781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe
"C:\Users\Admin\AppData\Local\Temp\781ae46a8554c61301bbc4256b7f5dc4067da3eb1687ba53132246fa22609170.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2108

C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-64485
C:\Users\Admin\AppData\Local\Temp\Unicorn-64485
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 448 -s 220
8⤵
- Program crash
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30504
C:\Users\Admin\AppData\Local\Temp\Unicorn-30504
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 240
8⤵
- Program crash
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 240
7⤵
- Program crash
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5725.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46286.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13073.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48144.exe
9⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45596.exe
10⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60069.exe
11⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17387.exe
12⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32431.exe
13⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33381.exe
14⤵
PID:11124

C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55542.exe
15⤵
PID:6616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11124 -s 220
15⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
14⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5508 -s 216
13⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
12⤵
PID:7640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
11⤵
PID:5556

C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56732.exe
10⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39452.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1704.exe
12⤵
PID:8308

C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45249.exe
13⤵
PID:11068

C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33332.exe
14⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11068 -s 216
14⤵
PID:13740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8308 -s 216
13⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
12⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
11⤵
PID:7824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 240
10⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55388.exe
9⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15144.exe
10⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27117.exe
11⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23879.exe
12⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6546.exe
13⤵
PID:10932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10932 -s 212
14⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
13⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
12⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
11⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
10⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 220
9⤵
- Program crash
PID:3460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 236
8⤵
- Program crash
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60157.exe
8⤵
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21310.exe
9⤵
PID:1868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 188
10⤵
- Program crash
PID:1120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 236
9⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1444.exe
8⤵
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26053.exe
9⤵
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48860.exe
10⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49286.exe
11⤵
PID:7704

C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9431.exe
12⤵
PID:10872

C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
13⤵
PID:13280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10872 -s 216
13⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7704 -s 216
12⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
11⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3912 -s 236
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 236
9⤵
PID:4416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 240
8⤵
- Program crash
PID:3244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 240
7⤵
- Program crash
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
6⤵
- Program crash
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:864

C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29675.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23536.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10297.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17179.exe
9⤵
- Executes dropped EXE
PID:1472

C:\Users\Admin\AppData\Local\Temp\Unicorn-43868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43868.exe
10⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
11⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
12⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
13⤵
PID:6124

C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38269.exe
14⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
15⤵
PID:10612

C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8827.exe
16⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10612 -s 216
16⤵
PID:13676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
15⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6124 -s 216
14⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4620 -s 216
13⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
12⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38833.exe
11⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
12⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14620.exe
13⤵
PID:7204

C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31523.exe
14⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51702.exe
15⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
15⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7204 -s 216
14⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
13⤵
PID:8708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4740 -s 216
12⤵
PID:7152

C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
10⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55985.exe
11⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10095.exe
12⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
13⤵
PID:9112

C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-599.exe
14⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42974.exe
15⤵
PID:13400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9112 -s 216
14⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
13⤵
PID:10012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4256 -s 236
12⤵
PID:7760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 236
11⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1472 -s 220
10⤵
- Program crash
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
9⤵
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21969.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62482.exe
11⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
12⤵
PID:6908

C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64.exe
13⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54655.exe
14⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
14⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6908 -s 216
13⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
12⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
11⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 236
10⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
9⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
8⤵
PID:2056

C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
9⤵
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42197.exe
10⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56561.exe
11⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51813.exe
12⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
13⤵
PID:8664

C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58269.exe
14⤵
PID:10892

C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7156.exe
15⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10892 -s 236
15⤵
PID:14048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8664 -s 216
14⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
13⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
12⤵
PID:7264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
11⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61392.exe
10⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
11⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61102.exe
12⤵
PID:9016

C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4683.exe
13⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38734.exe
14⤵
PID:8184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9016 -s 216
13⤵
PID:12380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 216
12⤵
PID:9956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
11⤵
PID:7508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
10⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18247.exe
9⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33941.exe
10⤵
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22644.exe
11⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5923.exe
12⤵
PID:10940

C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5454.exe
13⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10940 -s 216
13⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
12⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4556 -s 236
11⤵
PID:9136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
10⤵
PID:6736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2056 -s 240
9⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 240
8⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51989.exe
8⤵
- Suspicious use of SetWindowsHookEx
PID:1320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
9⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25861.exe
10⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62290.exe
11⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5876.exe
12⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12664.exe
13⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45096.exe
14⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 216
14⤵
PID:13164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 236
13⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4752 -s 236
12⤵
PID:8064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
11⤵
PID:6536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 236
10⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45466.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38964.exe
10⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46229.exe
11⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55731.exe
12⤵
PID:8800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3396.exe
13⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8800 -s 236
13⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
12⤵
PID:10236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
10⤵
PID:5744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1320 -s 220
9⤵
PID:3444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
8⤵
- Program crash
PID:3208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
7⤵
- Program crash
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3670.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47905.exe
8⤵
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58066.exe
9⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32960.exe
10⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11719.exe
11⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57267.exe
12⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54413.exe
13⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
14⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33140.exe
15⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
15⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
14⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
13⤵
PID:8376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 236
12⤵
PID:7144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57822.exe
11⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64911.exe
12⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5970.exe
13⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6881.exe
14⤵
PID:12352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
14⤵
PID:13692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
13⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
12⤵
PID:9388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 220
11⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 236
10⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57142.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65196.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8398.exe
11⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43474.exe
12⤵
PID:10580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31557.exe
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10580 -s 216
13⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 236
12⤵
PID:10908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 216
11⤵
PID:8816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 236
10⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 220
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7474.exe
8⤵
PID:352

C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13608.exe
9⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64236.exe
10⤵
PID:4180

C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34517.exe
11⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
12⤵
PID:7928

C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
13⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64852.exe
14⤵
PID:6640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
14⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7928 -s 216
13⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
12⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4180 -s 236
11⤵
PID:6260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
10⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 352 -s 236
9⤵
PID:4368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
8⤵
- Program crash
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5481.exe
7⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-43868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43868.exe
8⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61247.exe
9⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17667.exe
10⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19141.exe
11⤵
PID:5728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 212
12⤵
PID:8568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4484 -s 216
11⤵
PID:7316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 236
10⤵
PID:5368

C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18413.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14096.exe
10⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53043.exe
11⤵
PID:7936

C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55363.exe
12⤵
PID:10996

C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30701.exe
13⤵
PID:6632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10996 -s 216
13⤵
PID:13884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7936 -s 236
12⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
11⤵
PID:9544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:6696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
9⤵
PID:4904

C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53634.exe
8⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37018.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23609.exe
10⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7910.exe
10⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31611.exe
11⤵
PID:7964

C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31793.exe
12⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7964 -s 236
12⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
11⤵
PID:9728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 220
10⤵
PID:7380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
9⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 240
8⤵
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
7⤵
- Program crash
PID:2740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 864 -s 240
6⤵
- Program crash
PID:2896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17423.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34034.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:884

C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43354.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28855.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17418.exe
10⤵
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23038.exe
11⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49270.exe
12⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39369.exe
13⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24538.exe
14⤵
PID:8928

C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19266.exe
15⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20068.exe
16⤵
PID:7876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8928 -s 216
15⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
14⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
13⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
12⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31542.exe
11⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
12⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6883.exe
13⤵
PID:8048

C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36806.exe
14⤵
PID:11104

C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8552.exe
15⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11104 -s 216
15⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8048 -s 236
14⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
13⤵
PID:8680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
12⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
11⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11340.exe
10⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21175.exe
11⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23225.exe
12⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30101.exe
13⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1886.exe
14⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57644.exe
15⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
15⤵
PID:13608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
14⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
13⤵
PID:9364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
12⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
11⤵
PID:5224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1736 -s 240
10⤵
- Program crash
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5720.exe
9⤵
PID:1012

C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32576.exe
10⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
11⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63681.exe
12⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45539.exe
13⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20231.exe
14⤵
PID:10520

C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19305.exe
15⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10520 -s 216
15⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
14⤵
PID:1252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 236
13⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
12⤵
PID:6808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
11⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
10⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22649.exe
11⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 220
12⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
11⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1012 -s 240
10⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
9⤵
- Program crash
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64412.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39592.exe
9⤵
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56348.exe
10⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50853.exe
11⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
12⤵
PID:7692

C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40781.exe
13⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15953.exe
14⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
14⤵
PID:12900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7692 -s 216
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 220
12⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
11⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
10⤵
PID:4540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 216
9⤵
- Program crash
PID:3640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 884 -s 240
8⤵
- Program crash
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50131.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14656.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62150.exe
9⤵
PID:340

C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
10⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44309.exe
11⤵
PID:4448

C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
12⤵
PID:5904

C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16375.exe
13⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3126.exe
14⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48002.exe
15⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
15⤵
PID:12876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6200 -s 216
14⤵
PID:9880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5904 -s 236
13⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4448 -s 216
12⤵
PID:6680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 236
11⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1885.exe
10⤵
PID:4544

C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16811.exe
11⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13956.exe
12⤵
PID:8352

C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13790.exe
13⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18122.exe
14⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8352 -s 216
13⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
12⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4544 -s 216
11⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 220
10⤵
PID:5784

C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60541.exe
9⤵
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25259.exe
10⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61626.exe
11⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51948.exe
12⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65150.exe
13⤵
PID:11548

C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22637.exe
14⤵
PID:13816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 236
13⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
12⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 216
11⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3764 -s 216
10⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 220
9⤵
- Program crash
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15642.exe
8⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41294.exe
10⤵
PID:4772

C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14864.exe
11⤵
PID:5608

C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2368.exe
12⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20916.exe
13⤵
PID:10644

C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27281.exe
14⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10644 -s 216
14⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6432 -s 216
13⤵
PID:11048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5608 -s 216
12⤵
PID:8696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4772 -s 216
11⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
10⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2762.exe
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55897.exe
10⤵
PID:5152

C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13271.exe
11⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16853.exe
12⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3072.exe
13⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
13⤵
PID:14032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
12⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5152 -s 216
11⤵
PID:9748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4852 -s 216
10⤵
PID:7500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 220
9⤵
PID:5992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 240
8⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 240
7⤵
- Program crash
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22336.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51522.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:620

C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35077.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41922.exe
9⤵
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23723.exe
10⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27672.exe
11⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21637.exe
12⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42213.exe
13⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17468.exe
14⤵
PID:12808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
14⤵
PID:7580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
13⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
12⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
11⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
10⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
9⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-69.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64065.exe
11⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49431.exe
12⤵
PID:7236

C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33360.exe
13⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23197.exe
14⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
14⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7236 -s 216
13⤵
PID:11152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5568 -s 236
12⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
11⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
10⤵
PID:5972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
9⤵
- Program crash
PID:3992

C:\Users\Admin\AppData\Local\Temp\Unicorn-60759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60759.exe
8⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58533.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60536.exe
10⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22213.exe
11⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
12⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-1131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1131.exe
13⤵
PID:12860

C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38489.exe
13⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 220
13⤵
PID:5880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
12⤵
PID:11084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 236
11⤵
PID:8196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 620 -s 240
8⤵
- Program crash
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41853.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23256.exe
8⤵
PID:1360

C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27999.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58206.exe
10⤵
PID:4792

C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60915.exe
11⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-48243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48243.exe
12⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5023.exe
13⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 216
13⤵
PID:7816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 216
12⤵
PID:11092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4792 -s 216
11⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 236
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 216
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20385.exe
8⤵
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60645.exe
9⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54205.exe
10⤵
PID:6240

C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32898.exe
11⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15373.exe
12⤵
PID:11416

C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65231.exe
13⤵
PID:13708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
12⤵
PID:12488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6240 -s 236
11⤵
PID:10064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 216
10⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3436 -s 216
9⤵
PID:4192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 220
8⤵
- Program crash
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
7⤵
- Program crash
PID:2060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 220
6⤵
- Program crash
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11475.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-821.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63904.exe
8⤵
PID:1272

C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37598.exe
8⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45103.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63297.exe
10⤵
PID:5980

C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26920.exe
11⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43220.exe
12⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34811.exe
13⤵
PID:12576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 236
13⤵
PID:7348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5980 -s 236
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
9⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
8⤵
- Program crash
PID:3128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 236
7⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17074.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:840

C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26140.exe
7⤵
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8263.exe
8⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62015.exe
9⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5928.exe
10⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2176.exe
11⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62633.exe
12⤵
PID:10444

C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8998.exe
13⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10444 -s 216
13⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
12⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 236
11⤵
PID:8392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
10⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
9⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58486.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18181.exe
9⤵
PID:6072

C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17465.exe
10⤵
PID:8104

C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
11⤵
PID:10508

C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2221.exe
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10508 -s 220
12⤵
PID:13580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8104 -s 216
11⤵
PID:12044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6072 -s 216
10⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
8⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 840 -s 216
7⤵
- Program crash
PID:3140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2332 -s 240
6⤵
- Program crash
PID:680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1592 -s 240
5⤵
- Program crash
PID:1576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1896

C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52233.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13421.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33794.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 200
8⤵
- Program crash
PID:1456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 240
7⤵
- Program crash
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36726.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35186.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22825.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47952.exe
9⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34605.exe
10⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48284.exe
11⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20075.exe
12⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54657.exe
13⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40026.exe
14⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 216
14⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
13⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
12⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
11⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 236
10⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41381.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57438.exe
10⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4558.exe
11⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13105.exe
12⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53334.exe
13⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64961.exe
14⤵
PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 236
14⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 216
13⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 236
12⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
11⤵
PID:7368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 236
10⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
9⤵
- Program crash
PID:3820

C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5528.exe
8⤵
PID:2164

C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44288.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2228.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63868.exe
11⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28830.exe
12⤵
PID:11036

C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40649.exe
13⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11036 -s 236
13⤵
PID:2840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 236
12⤵
PID:11656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
11⤵
PID:8424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2164 -s 236
9⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
8⤵
- Program crash
PID:1448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
7⤵
- Program crash
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
6⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32367.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15559.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20604.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39737.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2868

C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39352.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
10⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30625.exe
11⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37693.exe
12⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45057.exe
13⤵
PID:10264

C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45584.exe
14⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10264 -s 216
14⤵
PID:13548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 216
13⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
12⤵
PID:9252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 236
10⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2868 -s 236
9⤵
- Program crash
PID:3576

C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46369.exe
8⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7147.exe
9⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17832.exe
10⤵
PID:6352

C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59156.exe
11⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44154.exe
12⤵
PID:11352

C:\Users\Admin\AppData\Local\Temp\Unicorn-49772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49772.exe
13⤵
PID:13504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 236
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6352 -s 216
11⤵
PID:10020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
10⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
9⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 220
8⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58766.exe
7⤵
PID:1340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1340 -s 220
8⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 240
7⤵
- Program crash
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-35548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35548.exe
6⤵
- Executes dropped EXE
PID:2920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
6⤵
- Program crash
PID:1492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1896 -s 240
5⤵
- Program crash
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56317.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:584

C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5253.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57744.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8434.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1920

C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34247.exe
9⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4179.exe
10⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47433.exe
11⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26925.exe
12⤵
PID:5192

C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40324.exe
13⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6655.exe
14⤵
PID:11244

C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56876.exe
15⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11244 -s 216
15⤵
PID:9080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 236
14⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5192 -s 216
13⤵
PID:9056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
12⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
11⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33789.exe
10⤵
PID:4112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4112 -s 200
11⤵
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61911.exe
9⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11506.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-11055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11055.exe
11⤵
PID:6288

C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9571.exe
12⤵
PID:8716

C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15290.exe
13⤵
PID:10720

C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53451.exe
14⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10720 -s 216
14⤵
PID:13860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8716 -s 216
13⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6288 -s 216
12⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 236
11⤵
PID:7952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 240
10⤵
PID:6040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1920 -s 240
9⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1060.exe
8⤵
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
9⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
10⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41123.exe
11⤵
PID:6112

C:\Users\Admin\AppData\Local\Temp\Unicorn-5513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5513.exe
12⤵
PID:7456

C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51268.exe
12⤵
PID:7856

C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
13⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
14⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 220
14⤵
PID:13592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7856 -s 216
13⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6112 -s 220
12⤵
PID:9452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
11⤵
PID:4764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
10⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25813.exe
9⤵
PID:4076

C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57651.exe
10⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39063.exe
11⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13946.exe
12⤵
PID:10280

C:\Users\Admin\AppData\Local\Temp\Unicorn-12335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12335.exe
13⤵
PID:12996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10280 -s 216
13⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
12⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 216
11⤵
PID:9192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4076 -s 216
10⤵
PID:6720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
9⤵
PID:5004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
8⤵
- Program crash
PID:1984

C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31547.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15279.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49296.exe
9⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
10⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54745.exe
11⤵
PID:5344

C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56660.exe
12⤵
PID:7700

C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59940.exe
13⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25958.exe
14⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 216
14⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7700 -s 216
13⤵
PID:11804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5344 -s 216
12⤵
PID:9040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 236
11⤵
PID:7056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
10⤵
PID:5060

C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64708.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43069.exe
10⤵
PID:5756

C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52550.exe
11⤵
PID:8748

C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33272.exe
12⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19876.exe
13⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8748 -s 236
12⤵
PID:12224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5756 -s 216
11⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
9⤵
PID:4996

C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6872.exe
8⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
9⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47153.exe
10⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27854.exe
11⤵
PID:8492

C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45633.exe
12⤵
PID:10372

C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49175.exe
13⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10372 -s 220
13⤵
PID:13912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8492 -s 236
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
11⤵
PID:9700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
10⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 236
9⤵
PID:5084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 240
8⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
7⤵
- Program crash
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37878.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53743.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36193.exe
8⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42498.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4262.exe
10⤵
PID:3288

C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34709.exe
11⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52913.exe
12⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39411.exe
13⤵
PID:11208

C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10856.exe
14⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11208 -s 236
14⤵
PID:13956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
13⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
12⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3288 -s 216
11⤵
PID:7160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:5088

C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58102.exe
9⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12150.exe
10⤵
PID:5656

C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33225.exe
11⤵
PID:7968

C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18031.exe
12⤵
PID:10296

C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15459.exe
13⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10296 -s 216
13⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7968 -s 216
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5656 -s 216
11⤵
PID:8628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 236
10⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 220
9⤵
PID:4104

C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58019.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43541.exe
9⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-31009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31009.exe
10⤵
PID:5428

C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28155.exe
11⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20169.exe
12⤵
PID:10656

C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16996.exe
13⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10656 -s 216
13⤵
PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
12⤵
PID:11996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5428 -s 220
11⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
10⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 216
9⤵
PID:2736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 240
8⤵
- Program crash
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28579.exe
7⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63494.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
9⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17797.exe
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63676.exe
11⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5347.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52517.exe
13⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
13⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 236
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
11⤵
PID:9164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
10⤵
PID:7112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
9⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33405.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32955.exe
9⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30738.exe
10⤵
PID:8848

C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44948.exe
11⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33882.exe
12⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 236
12⤵
PID:14144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8848 -s 216
11⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
10⤵
PID:9888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
8⤵
PID:5128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
7⤵
- Program crash
PID:1404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 584 -s 240
6⤵
- Program crash
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28366.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53660.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26909.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25154.exe
8⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11060.exe
9⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
10⤵
PID:6220

C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12477.exe
11⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44538.exe
12⤵
PID:11456

C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25351.exe
13⤵
PID:13924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8264 -s 216
12⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6220 -s 216
11⤵
PID:10072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
10⤵
PID:7884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 236
9⤵
PID:5320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 216
8⤵
- Program crash
PID:3736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
7⤵
- Program crash
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45938.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19172.exe
7⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42773.exe
8⤵
PID:3880

C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6976.exe
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57542.exe
10⤵
PID:6228

C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55072.exe
11⤵
PID:9060

C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58544.exe
12⤵
PID:11304

C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37520.exe
13⤵
PID:13468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9060 -s 216
12⤵
PID:12404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6228 -s 216
11⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 216
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3880 -s 236
9⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42917.exe
8⤵
PID:4420

C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60173.exe
9⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30573.exe
10⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14008.exe
11⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61707.exe
12⤵
PID:12988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
12⤵
PID:8168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6440 -s 216
11⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 236
10⤵
PID:8416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4420 -s 216
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
8⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49550.exe
7⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30194.exe
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48523.exe
9⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62114.exe
10⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17455.exe
11⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36264.exe
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 220
12⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
11⤵
PID:11780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 236
10⤵
PID:8688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 236
9⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37401.exe
8⤵
PID:5472

C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50137.exe
9⤵
PID:7716

C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17839.exe
10⤵
PID:10484

C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40924.exe
11⤵
PID:7000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10484 -s 216
11⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7716 -s 236
10⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5472 -s 216
9⤵
PID:9300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 220
8⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 240
7⤵
PID:5044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1712 -s 240
6⤵
- Program crash
PID:2972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 240
5⤵
- Program crash
PID:2608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2664

C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 188
4⤵
- Loads dropped DLL
- Program crash
PID:2376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
3⤵
- Program crash
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2108 -s 240
2⤵
- Program crash
PID:3004

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14665.exe
Filesize
184KB

MD5
18cfdfa078d4f08ce51cecca24b467be

SHA1
f5810d4e62a25c3a9b319cee0f1ef011268cd0ff

SHA256
9ba0ffe520fdb399ff8bf0f8e31cd8edac6c3b2d363bc9ba0ee85fee7d1530a5

SHA512
cf83d6063f58d43e3b5f3b98ce6a027168e731f6172fde46d1aee5c1987de46fb4c0f1403be4a5e4066c851c736a4e974fd9f785d07033a6ee2b8d66e64a8aad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36167.exe
Filesize
184KB

MD5
1c7c862b2172ac651583e22fa3cc9f77

SHA1
a64e22300bf32b3b80771aaff9dc910596aa052c

SHA256
1212f0b5e116c3e391807394c7a573011f2e5d3a6208989fcae6ebe53706f476

SHA512
209e7bfd0c88943d6fea6f558c520292ec03754fcd3600f9006673f9039ef6355fa5094584c8e454210ea0cd75565fb26cc2a6a55df84daf4d394fc80e6fcddc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36183.exe
Filesize
184KB

MD5
e021cc644b340f3bcb35e3cdfc9bd806

SHA1
f6887ac68a671d562cc575d9e2c831f21c009cbc

SHA256
c1c0be30f95bad3d1c45ae44808c08e30446288fd1346eaf001eed547cf9255b

SHA512
ab3f5dc86ea6de12d686d8a87dcb1b88323b008f59badf26c00da76c5c56b13df8e18b854b34ce581cd68d4a588256b294ee4125cb536555b39e19d8c03a0533

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-43406.exe
Filesize
184KB

MD5
03124e434ee6acc5994ab16b26c2351f

SHA1
a9eafddfd344397b015d4b3851e34a0a68cd0dde

SHA256
4861303d55906fb56d2d5a2335528aaf117dfdf66cbba7160fd75dcf05c8f0ce

SHA512
2418d81378a8f36b3a8d4aadb17c1cc2e386361ac8f5adbd7a1a648b834a84949fede2378966aa297b5b9464548bcd7fff7ea1794fff87c9c4df6677186d2d39

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58679.exe
Filesize
184KB

MD5
122f14ae1e1e7ccb8d1fb7b23fd78a56

SHA1
c1e79b35d348d46cc82f0f27f5846b9f5771935a

SHA256
504a6ff5e585d66492be18ebe95fca6f5f1f6dc7a8a8f7e33afca5dc449dd54c

SHA512
5e1be316c44699913b8840fec9c1a62b052ec994e8cd1d7dac8947c02a5a7ee7c8296e4bccc73e79932aee596a670d07cfe3742f55200b89b25f061d6255af75

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6208.exe
Filesize
184KB

MD5
76330881f6acb679f9f9a63c1d9b5b32

SHA1
5a701f743e99e5dfc6afd3dfb4af33bf30abc241

SHA256
ec5cf5bc740ec7ac80f988faeb034d5b830abaef87cc10cf0634cfde84c8e15f

SHA512
c4afcd3f07c76b85237aac4af21f880e737d8752de6707cc9110e1cb741a00aaf2fa6717e8a66019ee390603b97312514b37bf93b95c4fae649f2ea027d920f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6213.exe
Filesize
184KB

MD5
fd30a72bf361d6de6740295e85484385

SHA1
8db01d727e3e9ee3d76488904acb6c1c22eea2a0

SHA256
ccb4fb330a43f3113be0c4d63f9b195419a9fe3461f050515e4c01436e223328

SHA512
0cd41c577cbe974299fd78f4a7b3f431fe9625854cc06bde08cfe34388c845828604f557ec866c1efc7db2da3327428067e0eb7e3435a193b8e8f1acefd465c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-63582
Filesize
1B

MD5
93b885adfe0da089cdf634904fd59f71

SHA1
5ba93c9db0cff93f52b521d7420e43f6eda2784f

SHA256
6e340b9cffb37a989ca544e6bb780a2c78901d3fb33738768511a30617afa01d

SHA512
b8244d028981d693af7b456af8efa4cad63d282e19ff14942c246e50d9351d22704a802a71c3580b6370de4ceb293c324a8423342557d4e5c38438f0e36910ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64490.exe
Filesize
184KB

MD5
fcd17ebff728ed172a2dec8eea6a4feb

SHA1
54a96753ca17c08d7936894d066f66e91821db4c

SHA256
89def508ae43b4244c64fe6094d429dde7b6b64d3229429cceb80c5cfab595bd

SHA512
7574f84139cb104ddad5b7e5e79bad30c9dd32057733c232914de3897a10d688552b4ad9f26309f750efeafaeb95a6c63fc1da9884cdac030b8f3dd117598c66

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-64573.exe
Filesize
184KB

MD5
7ff000689dccf27e2475465c798174b2

SHA1
4acf0db73dabe751fda490ebf1d08f84e24675e7

SHA256
19e1cc3db0503021e8d2be62d9577d75eeeb07983785cd53814329c636d826ec

SHA512
0f4ab5ab631ba6ea9a49515ce14847ff5e8d643e046b919357cf80c887bc27b7cd8542f29b1ab8c1a26076f6b572bc9009391060bc9b619e2307b7d1e93fe720

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6509.exe
Filesize
184KB

MD5
c9f561f0ece767eb2df318517ad9eb8e

SHA1
b20678b5c6baab31a28c5c146b35f94c92eccff9

SHA256
0ed179279a94ae71287717bae1d72f3fbe8fdc5af945869f9812bec54a8d652c

SHA512
b0e013f16453852ebacbf9b9e47db2589b4ef41ce7a6e07e1fd949724f3439defe9ca1c0003e94394fc1460fff14dca9947f23080464053a48357486f5e24207

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-1812.exe
Filesize
184KB

MD5
364f5bee1330af4d06c57ab6804c04da

SHA1
ad750c7350ac515e343d1448b1f9fea4ac7c9459

SHA256
92bc6cde6842fd066fa7cde715b573d434f8c7541025322308578988536febeb

SHA512
8302f5c7bd9b559e18cfa1826d6ac61f4e90d402a04880bf7af6b6bcc5aae2b429a0382c486423e78bfeb70bf74e495733a098d41be18658727c6d4765183528

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23540.exe
Filesize
184KB

MD5
b39c1aeb06a66157bc0c6e8f202e6fae

SHA1
aeefb9939f9ef08086a8445962eeec09d750767b

SHA256
90fc241f5c0e603318882e5f1eba16e145ae16cbd6f9c5dc26ab8ec353eb4086

SHA512
556b60c4cce1d8a97be3c414be501c9dfa38a75181e74506343c775c731c22db4f69b69fb9250140c52826d7ec505b682dd81292c515e674a943b4308f7533ca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27070.exe
Filesize
184KB

MD5
5659662be1d3f7d78474b3a741676c12

SHA1
a91d483ee75f5b4f86dd92b4ff0b32641e2a93d7

SHA256
be360a5608e6f0e4403f7a6220f294707ac6b463bcc49bf90337e8050952bff7

SHA512
afc302d9b880fa7bd15649903cb1621c5e008aa68e329cc63cf8d8700286878559718a6c94bb5a1ae10b62a88737ec0f37951e7340eea77f89a377a9e6563aa5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-29763.exe
Filesize
184KB

MD5
9c16ebda658240bc0e22dcb4455a919f

SHA1
f46609e7fe9983421fdbdc73f10253ad19b609f9

SHA256
95bf95cffbcca081ffd94aa3d8fe72b12d2dfba5ea3ff182f83146da18ed9a2e

SHA512
bb936913403ab826c3b5d6370d857af6069021658d86812eb376df0a43fb8287594be07a27f62e543aeaa852daa7ad6ec70e4eb50315148701652593114dad31

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3395.exe
Filesize
184KB

MD5
4c92f7eb76c4e08cc22f64586d45c22c

SHA1
76340e815d6abebe4c39c1594056b8046f1d52fb

SHA256
5f275af93a97c15ecc05967453af3c91bd30f889d586ef7855b2372faf9ddf1b

SHA512
3a152ea974f394de06a7517c5a09d4c8d8facd64bbc5d5bec7b5d2ac56bd45c74b423b7d565fe117459d48f9da059eaaf6ea44bc4818e2fabaf920dd991d09aa

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-40623.exe
Filesize
184KB

MD5
c8626a027b593b7dff123f1c343ae140

SHA1
5d7c39b504780f82a0a2001444aa738483d9f3d9

SHA256
17a183858dc73a7a5ac9a9f0a6bb0d1f0d378e73ea21028ce8c043d276e8c119

SHA512
4d2de2c86b60b63754d108db14d5c8c50fc8c9f61b6ffca37eb84bbb686b6ff70c6fd174dd17a7e783c794a8ef1bdf3545675cc44df27890b465cd9ab449d15c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-427.exe
Filesize
184KB

MD5
76820598e55b43b746f32d3351d0d160

SHA1
0dfe5a6e4ec13a0538abaa2edbc3dd62b0934fcd

SHA256
096ddc9b7d94b820bff5d6acba0ceb279281c932cf12904bb6749e7c1f956cb1

SHA512
4edc9e394419b6e80358fb21314188a0e4f16fe7b1e67645b5e69e34c779a20a4bcd3d2d3a8805d0d923a22b1d314c7ff273f3cb3329cdac7db2c8a0522ab6b4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-43110.exe
Filesize
184KB

MD5
6a0c3d4985da739de9b7e4e43f2a85b0

SHA1
dfbbba75d9f373767b8bea1c95f00a9bf5154451

SHA256
0bce6cce47020a696e777bbc5473b6cceebf1fe7b5fc13e3310ca99e83931193

SHA512
d72380ce99bd4fdd2c9690924ab3e176d8779d51ee704268d573d9d5399ea8b3c4186422a4735bff4d8de7854a1f16609b54baaeb387918e5ac8b925527328f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44625.exe
Filesize
184KB

MD5
e238e2beb8b249ceed28fe6c1a5b9de7

SHA1
a4d0ba0f44db0059460e50468a4e154bb2ef258b

SHA256
7703182dde781726cd3f826770a5b2da4631fef00f73cf2bc4ffd575df93defa

SHA512
012d2d03fceb5a46d7945db714f0482b91d393cb69f3d964820a11febbd0f1c4503cd6c2c3712dd8a685443552cef677fa11412b95d065400ab4a38daf43661a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-52404.exe
Filesize
184KB

MD5
5b1a39a0deb1e6d26d151c8371418ebf

SHA1
eaba816813e899a688319ef9fe02e6aedaae28a3

SHA256
280bf4c1382cfcd5210c449ea5f9e87106318f62a94faa7f60d3d6d34cb97240

SHA512
a7242813760b10f116b0f51a6c45b785bc12dffc35e4dc9a6371ef3d49bc9c44dde2889f48170dc2d0d2cf3df680173bd40511e7b5d1c639a740a7100de1e5f3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58351.exe
Filesize
184KB

MD5
f4bd23910af360f3201f10e656a59646

SHA1
6ff36ddd33b737d39008fb7c627c05ab6b51c97a

SHA256
21b8b451ede38f5b4a2c7be42212508fe7e9a6fc9d0f6a25a479b52eeb10fd99

SHA512
d88b914b2483bde42b6ad583bda55e6b9794fb7958a7b9cc45b86240c7c3703e817e5d1fae9ed9a68c396bc9bc548e97a74962e8ba2a132b83eec8180964479e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads