878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 23:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
Size

184KB
MD5

f6cdbb3efd964c996d32c2532d0cafdd
SHA1

e6bb830cff1b934788977e56572659fb9022fa2e
SHA256

878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8
SHA512

2431653d9efe99c0c21a884cebffd0e53774053012fa3657ba8440e6a76fe928da2016aa359ad79f7e467576e4f17b218301dad922054ab524579d92ef391977
SSDEEP

3072:xZwtQyof7Go3d1GWe8wLRts4hlnViFcn3:xZoott1GfLbs4hlnViFc

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-53832.exeUnicorn-49639.exeUnicorn-33857.exeUnicorn-36401.exeUnicorn-53806.exeUnicorn-33940.exeUnicorn-10033.exeUnicorn-8642.exeUnicorn-63318.exeUnicorn-47537.exeUnicorn-28591.exeUnicorn-12809.exeUnicorn-22945.exeUnicorn-53671.exeUnicorn-3079.exeUnicorn-57755.exeUnicorn-22669.exeUnicorn-42535.exeUnicorn-62955.exeUnicorn-54787.exeUnicorn-4195.exeUnicorn-24061.exeUnicorn-41466.exeUnicorn-21600.exeUnicorn-44673.exeUnicorn-24807.exeUnicorn-52924.exeUnicorn-52924.exeUnicorn-2332.exeUnicorn-18668.exeUnicorn-38534.exeUnicorn-63230.exeUnicorn-12638.exeUnicorn-18114.exeUnicorn-40672.exeUnicorn-9945.exeUnicorn-55617.exeUnicorn-9945.exeUnicorn-41034.exeUnicorn-10308.exeUnicorn-30174.exeUnicorn-53007.exeUnicorn-2415.exeUnicorn-57091.exeUnicorn-26365.exeUnicorn-57838.exeUnicorn-32587.exeUnicorn-20335.exeUnicorn-20335.exeUnicorn-35279.exeUnicorn-4553.exeUnicorn-59229.exeUnicorn-39363.exeUnicorn-48731.exeUnicorn-20697.exeUnicorn-26173.exeUnicorn-26919.exeUnicorn-3806.exeUnicorn-7890.exeUnicorn-42701.exeUnicorn-8445.exeUnicorn-63121.exeUnicorn-43255.exeUnicorn-32395.exe

pid	process
3028	Unicorn-53832.exe
2988	Unicorn-49639.exe
3004	Unicorn-33857.exe
2712	Unicorn-36401.exe
2264	Unicorn-53806.exe
2948	Unicorn-33940.exe
1696	Unicorn-10033.exe
2628	Unicorn-8642.exe
2788	Unicorn-63318.exe
2240	Unicorn-47537.exe
2188	Unicorn-28591.exe
1664	Unicorn-12809.exe
2092	Unicorn-22945.exe
2432	Unicorn-53671.exe
320	Unicorn-3079.exe
2428	Unicorn-57755.exe
1856	Unicorn-22669.exe
3016	Unicorn-42535.exe
1136	Unicorn-62955.exe
2392	Unicorn-54787.exe
2340	Unicorn-4195.exe
1556	Unicorn-24061.exe
1380	Unicorn-41466.exe
624	Unicorn-21600.exe
1240	Unicorn-44673.exe
912	Unicorn-24807.exe
1716	Unicorn-52924.exe
1784	Unicorn-52924.exe
2372	Unicorn-2332.exe
2892	Unicorn-18668.exe
2040	Unicorn-38534.exe
2596	Unicorn-63230.exe
2540	Unicorn-12638.exe
2732	Unicorn-18114.exe
2212	Unicorn-40672.exe
2376	Unicorn-9945.exe
2560	Unicorn-55617.exe
2464	Unicorn-9945.exe
2952	Unicorn-41034.exe
1280	Unicorn-10308.exe
2744	Unicorn-30174.exe
2812	Unicorn-53007.exe
772	Unicorn-2415.exe
1056	Unicorn-57091.exe
1032	Unicorn-26365.exe
1780	Unicorn-57838.exe
596	Unicorn-32587.exe
992	Unicorn-20335.exe
1484	Unicorn-20335.exe
2916	Unicorn-35279.exe
1516	Unicorn-4553.exe
2320	Unicorn-59229.exe
1400	Unicorn-39363.exe
1084	Unicorn-48731.exe
1916	Unicorn-20697.exe
1316	Unicorn-26173.exe
1748	Unicorn-26919.exe
1620	Unicorn-3806.exe
1732	Unicorn-7890.exe
1848	Unicorn-42701.exe
2552	Unicorn-8445.exe
2652	Unicorn-63121.exe
2624	Unicorn-43255.exe
2584	Unicorn-32395.exe

Loads dropped DLL 64 IoCs

Processes:

878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exeUnicorn-53832.exeUnicorn-49639.exeUnicorn-33857.exeWerFault.exeUnicorn-53806.exeUnicorn-36401.exeWerFault.exeWerFault.exeUnicorn-10033.exeUnicorn-8642.exeUnicorn-63318.exeUnicorn-47537.exeWerFault.exeWerFault.exeUnicorn-28591.exeUnicorn-12809.exe

pid	process
2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
3028	Unicorn-53832.exe
3028	Unicorn-53832.exe
2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
2988	Unicorn-49639.exe
2988	Unicorn-49639.exe
3004	Unicorn-33857.exe
3028	Unicorn-53832.exe
3004	Unicorn-33857.exe
3028	Unicorn-53832.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2616	WerFault.exe
2264	Unicorn-53806.exe
2264	Unicorn-53806.exe
3004	Unicorn-33857.exe
3004	Unicorn-33857.exe
2712	Unicorn-36401.exe
2712	Unicorn-36401.exe
2988	Unicorn-49639.exe
2988	Unicorn-49639.exe
1336	WerFault.exe
1336	WerFault.exe
1336	WerFault.exe
1336	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
1704	WerFault.exe
1336	WerFault.exe
1704	WerFault.exe
1696	Unicorn-10033.exe
1696	Unicorn-10033.exe
2264	Unicorn-53806.exe
2264	Unicorn-53806.exe
2628	Unicorn-8642.exe
2712	Unicorn-36401.exe
2788	Unicorn-63318.exe
2628	Unicorn-8642.exe
2712	Unicorn-36401.exe
2788	Unicorn-63318.exe
2240	Unicorn-47537.exe
2240	Unicorn-47537.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1488	WerFault.exe
1696	Unicorn-10033.exe
2188	Unicorn-28591.exe
1696	Unicorn-10033.exe
2188	Unicorn-28591.exe
1664	Unicorn-12809.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2840	2944	WerFault.exe	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
2616	2948	WerFault.exe	Unicorn-33940.exe
1336	2988	WerFault.exe	Unicorn-49639.exe
1704	3004	WerFault.exe	Unicorn-33857.exe
704	2264	WerFault.exe	Unicorn-53806.exe
1488	2712	WerFault.exe	Unicorn-36401.exe
3060	3028	WerFault.exe	Unicorn-53832.exe
1260	1696	WerFault.exe	Unicorn-10033.exe
2144	2788	WerFault.exe	Unicorn-63318.exe
904	2628	WerFault.exe	Unicorn-8642.exe
2140	2240	WerFault.exe	Unicorn-47537.exe
2776	2188	WerFault.exe	Unicorn-28591.exe
2784	1664	WerFault.exe	Unicorn-12809.exe
1584	2092	WerFault.exe	Unicorn-22945.exe
1936	320	WerFault.exe	Unicorn-3079.exe
1668	2428	WerFault.exe	Unicorn-57755.exe
2112	2432	WerFault.exe	Unicorn-53671.exe
2676	1856	WerFault.exe	Unicorn-22669.exe
2196	3016	WerFault.exe	Unicorn-42535.exe
2224	1136	WerFault.exe	Unicorn-62955.exe
2008	2392	WerFault.exe	Unicorn-54787.exe
2292	912	WerFault.exe	Unicorn-24807.exe
2104	2340	WerFault.exe	Unicorn-4195.exe
2248	1380	WerFault.exe	Unicorn-41466.exe
336	1240	WerFault.exe	Unicorn-44673.exe
1116	624	WerFault.exe	Unicorn-21600.exe
404	1556	WerFault.exe	Unicorn-24061.exe
2880	1784	WerFault.exe	Unicorn-52924.exe
2304	1716	WerFault.exe	Unicorn-52924.exe
2012	2372	WerFault.exe	Unicorn-2332.exe
776	2892	WerFault.exe	Unicorn-18668.exe
2684	2040	WerFault.exe	Unicorn-38534.exe
2132	2596	WerFault.exe	Unicorn-63230.exe
1164	2540	WerFault.exe	Unicorn-12638.exe
2168	2732	WerFault.exe	Unicorn-18114.exe
824	2376	WerFault.exe	Unicorn-9945.exe
2756	2560	WerFault.exe	Unicorn-55617.exe
2972	2212	WerFault.exe	Unicorn-40672.exe
384	2464	WerFault.exe	Unicorn-9945.exe
2032	1280	WerFault.exe	Unicorn-10308.exe
3124	2952	WerFault.exe	Unicorn-41034.exe
3148	2744	WerFault.exe	Unicorn-30174.exe
3844	2812	WerFault.exe	Unicorn-53007.exe
3912	1056	WerFault.exe	Unicorn-57091.exe
3932	772	WerFault.exe	Unicorn-2415.exe
4056	1780	WerFault.exe	Unicorn-57838.exe
4092	1032	WerFault.exe	Unicorn-26365.exe
3096	2320	WerFault.exe	Unicorn-59229.exe
3196	596	WerFault.exe	Unicorn-32587.exe
1512	1516	WerFault.exe	Unicorn-4553.exe
3212	2584	WerFault.exe	Unicorn-32395.exe
3312	992	WerFault.exe	Unicorn-20335.exe
3456	2624	WerFault.exe	Unicorn-43255.exe
3560	1748	WerFault.exe	Unicorn-26919.exe
3596	1732	WerFault.exe	Unicorn-7890.exe
3320	2652	WerFault.exe	Unicorn-63121.exe
3940	1316	WerFault.exe	Unicorn-26173.exe
3956	1484	WerFault.exe	Unicorn-20335.exe
4324	1400	WerFault.exe	Unicorn-39363.exe
4372	1084	WerFault.exe	Unicorn-48731.exe
4380	1916	WerFault.exe	Unicorn-20697.exe
4464	2976	WerFault.exe	Unicorn-38761.exe
4524	2704	WerFault.exe	Unicorn-45306.exe
4544	2768	WerFault.exe	Unicorn-54543.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exeUnicorn-53832.exeUnicorn-49639.exeUnicorn-33857.exeUnicorn-53806.exeUnicorn-36401.exeUnicorn-33940.exeUnicorn-10033.exeUnicorn-8642.exeUnicorn-47537.exeUnicorn-63318.exeUnicorn-28591.exeUnicorn-12809.exeUnicorn-3079.exeUnicorn-53671.exeUnicorn-57755.exeUnicorn-22945.exeUnicorn-42535.exeUnicorn-22669.exeUnicorn-62955.exeUnicorn-54787.exeUnicorn-4195.exeUnicorn-44673.exeUnicorn-24061.exeUnicorn-24807.exeUnicorn-41466.exeUnicorn-21600.exeUnicorn-52924.exeUnicorn-52924.exeUnicorn-2332.exeUnicorn-18668.exeUnicorn-38534.exeUnicorn-63230.exeUnicorn-12638.exeUnicorn-18114.exeUnicorn-9945.exeUnicorn-40672.exeUnicorn-41034.exeUnicorn-10308.exeUnicorn-55617.exeUnicorn-9945.exeUnicorn-30174.exeUnicorn-53007.exeUnicorn-2415.exeUnicorn-26365.exeUnicorn-57091.exeUnicorn-57838.exeUnicorn-32587.exeUnicorn-20335.exeUnicorn-20335.exeUnicorn-4553.exeUnicorn-59229.exeUnicorn-39363.exeUnicorn-48731.exeUnicorn-20697.exeUnicorn-26173.exeUnicorn-26919.exeUnicorn-3806.exeUnicorn-7890.exeUnicorn-42701.exeUnicorn-8445.exeUnicorn-63121.exeUnicorn-43255.exeUnicorn-32395.exe

pid	process
2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
3028	Unicorn-53832.exe
2988	Unicorn-49639.exe
3004	Unicorn-33857.exe
2264	Unicorn-53806.exe
2712	Unicorn-36401.exe
2948	Unicorn-33940.exe
1696	Unicorn-10033.exe
2628	Unicorn-8642.exe
2240	Unicorn-47537.exe
2788	Unicorn-63318.exe
2188	Unicorn-28591.exe
1664	Unicorn-12809.exe
320	Unicorn-3079.exe
2432	Unicorn-53671.exe
2428	Unicorn-57755.exe
2092	Unicorn-22945.exe
3016	Unicorn-42535.exe
1856	Unicorn-22669.exe
1136	Unicorn-62955.exe
2392	Unicorn-54787.exe
2340	Unicorn-4195.exe
1240	Unicorn-44673.exe
1556	Unicorn-24061.exe
912	Unicorn-24807.exe
1380	Unicorn-41466.exe
624	Unicorn-21600.exe
1716	Unicorn-52924.exe
1784	Unicorn-52924.exe
2372	Unicorn-2332.exe
2892	Unicorn-18668.exe
2040	Unicorn-38534.exe
2596	Unicorn-63230.exe
2540	Unicorn-12638.exe
2732	Unicorn-18114.exe
2376	Unicorn-9945.exe
2212	Unicorn-40672.exe
2952	Unicorn-41034.exe
1280	Unicorn-10308.exe
2560	Unicorn-55617.exe
2464	Unicorn-9945.exe
2744	Unicorn-30174.exe
2812	Unicorn-53007.exe
772	Unicorn-2415.exe
1032	Unicorn-26365.exe
1056	Unicorn-57091.exe
1780	Unicorn-57838.exe
596	Unicorn-32587.exe
1484	Unicorn-20335.exe
992	Unicorn-20335.exe
1516	Unicorn-4553.exe
2320	Unicorn-59229.exe
1400	Unicorn-39363.exe
1084	Unicorn-48731.exe
1916	Unicorn-20697.exe
1316	Unicorn-26173.exe
1748	Unicorn-26919.exe
1620	Unicorn-3806.exe
1732	Unicorn-7890.exe
1848	Unicorn-42701.exe
2552	Unicorn-8445.exe
2652	Unicorn-63121.exe
2624	Unicorn-43255.exe
2584	Unicorn-32395.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exeUnicorn-53832.exeUnicorn-49639.exeUnicorn-33857.exeUnicorn-33940.exeUnicorn-53806.exeUnicorn-36401.exeUnicorn-10033.exe

description	pid	process	target process
PID 2944 wrote to memory of 3028	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-53832.exe
PID 2944 wrote to memory of 3028	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-53832.exe
PID 2944 wrote to memory of 3028	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-53832.exe
PID 2944 wrote to memory of 3028	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-53832.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-53832.exe	Unicorn-49639.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-53832.exe	Unicorn-49639.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-53832.exe	Unicorn-49639.exe
PID 3028 wrote to memory of 2988	3028	Unicorn-53832.exe	Unicorn-49639.exe
PID 2944 wrote to memory of 3004	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-33857.exe
PID 2944 wrote to memory of 3004	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-33857.exe
PID 2944 wrote to memory of 3004	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-33857.exe
PID 2944 wrote to memory of 3004	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	Unicorn-33857.exe
PID 2944 wrote to memory of 2840	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	WerFault.exe
PID 2944 wrote to memory of 2840	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	WerFault.exe
PID 2944 wrote to memory of 2840	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	WerFault.exe
PID 2944 wrote to memory of 2840	2944	878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe	WerFault.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-49639.exe	Unicorn-36401.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-49639.exe	Unicorn-36401.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-49639.exe	Unicorn-36401.exe
PID 2988 wrote to memory of 2712	2988	Unicorn-49639.exe	Unicorn-36401.exe
PID 3004 wrote to memory of 2264	3004	Unicorn-33857.exe	Unicorn-53806.exe
PID 3004 wrote to memory of 2264	3004	Unicorn-33857.exe	Unicorn-53806.exe
PID 3004 wrote to memory of 2264	3004	Unicorn-33857.exe	Unicorn-53806.exe
PID 3004 wrote to memory of 2264	3004	Unicorn-33857.exe	Unicorn-53806.exe
PID 3028 wrote to memory of 2948	3028	Unicorn-53832.exe	Unicorn-33940.exe
PID 3028 wrote to memory of 2948	3028	Unicorn-53832.exe	Unicorn-33940.exe
PID 3028 wrote to memory of 2948	3028	Unicorn-53832.exe	Unicorn-33940.exe
PID 3028 wrote to memory of 2948	3028	Unicorn-53832.exe	Unicorn-33940.exe
PID 2948 wrote to memory of 2616	2948	Unicorn-33940.exe	WerFault.exe
PID 2948 wrote to memory of 2616	2948	Unicorn-33940.exe	WerFault.exe
PID 2948 wrote to memory of 2616	2948	Unicorn-33940.exe	WerFault.exe
PID 2948 wrote to memory of 2616	2948	Unicorn-33940.exe	WerFault.exe
PID 2264 wrote to memory of 1696	2264	Unicorn-53806.exe	Unicorn-10033.exe
PID 2264 wrote to memory of 1696	2264	Unicorn-53806.exe	Unicorn-10033.exe
PID 2264 wrote to memory of 1696	2264	Unicorn-53806.exe	Unicorn-10033.exe
PID 2264 wrote to memory of 1696	2264	Unicorn-53806.exe	Unicorn-10033.exe
PID 3004 wrote to memory of 2628	3004	Unicorn-33857.exe	Unicorn-8642.exe
PID 3004 wrote to memory of 2628	3004	Unicorn-33857.exe	Unicorn-8642.exe
PID 3004 wrote to memory of 2628	3004	Unicorn-33857.exe	Unicorn-8642.exe
PID 3004 wrote to memory of 2628	3004	Unicorn-33857.exe	Unicorn-8642.exe
PID 2712 wrote to memory of 2788	2712	Unicorn-36401.exe	Unicorn-63318.exe
PID 2712 wrote to memory of 2788	2712	Unicorn-36401.exe	Unicorn-63318.exe
PID 2712 wrote to memory of 2788	2712	Unicorn-36401.exe	Unicorn-63318.exe
PID 2712 wrote to memory of 2788	2712	Unicorn-36401.exe	Unicorn-63318.exe
PID 2988 wrote to memory of 2240	2988	Unicorn-49639.exe	Unicorn-47537.exe
PID 2988 wrote to memory of 2240	2988	Unicorn-49639.exe	Unicorn-47537.exe
PID 2988 wrote to memory of 2240	2988	Unicorn-49639.exe	Unicorn-47537.exe
PID 2988 wrote to memory of 2240	2988	Unicorn-49639.exe	Unicorn-47537.exe
PID 2988 wrote to memory of 1336	2988	Unicorn-49639.exe	WerFault.exe
PID 2988 wrote to memory of 1336	2988	Unicorn-49639.exe	WerFault.exe
PID 2988 wrote to memory of 1336	2988	Unicorn-49639.exe	WerFault.exe
PID 2988 wrote to memory of 1336	2988	Unicorn-49639.exe	WerFault.exe
PID 3004 wrote to memory of 1704	3004	Unicorn-33857.exe	WerFault.exe
PID 3004 wrote to memory of 1704	3004	Unicorn-33857.exe	WerFault.exe
PID 3004 wrote to memory of 1704	3004	Unicorn-33857.exe	WerFault.exe
PID 3004 wrote to memory of 1704	3004	Unicorn-33857.exe	WerFault.exe
PID 1696 wrote to memory of 2188	1696	Unicorn-10033.exe	Unicorn-28591.exe
PID 1696 wrote to memory of 2188	1696	Unicorn-10033.exe	Unicorn-28591.exe
PID 1696 wrote to memory of 2188	1696	Unicorn-10033.exe	Unicorn-28591.exe
PID 1696 wrote to memory of 2188	1696	Unicorn-10033.exe	Unicorn-28591.exe
PID 2264 wrote to memory of 1664	2264	Unicorn-53806.exe	Unicorn-12809.exe
PID 2264 wrote to memory of 1664	2264	Unicorn-53806.exe	Unicorn-12809.exe
PID 2264 wrote to memory of 1664	2264	Unicorn-53806.exe	Unicorn-12809.exe
PID 2264 wrote to memory of 1664	2264	Unicorn-53806.exe	Unicorn-12809.exe

C:\Users\Admin\AppData\Local\Temp\878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe
"C:\Users\Admin\AppData\Local\Temp\878d810b07556a765df1ecc6757325b5bc1e36c307c16cc3ca3337ac29d573a8.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2788

C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44673.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7890.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10064.exe
10⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10866.exe
11⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2714.exe
12⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19762.exe
13⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59518.exe
14⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
13⤵
PID:10704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
12⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 236
11⤵
PID:5848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 236
10⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
9⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-20008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20008.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39668.exe
11⤵
PID:4456

C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38485.exe
12⤵
PID:7304

C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34583.exe
13⤵
PID:9428

C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58231.exe
14⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9428 -s 216
14⤵
PID:13436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7304 -s 216
13⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4456 -s 216
12⤵
PID:8784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
11⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
10⤵
PID:4652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 240
9⤵
- Program crash
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8445.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2552

C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20802.exe
9⤵
PID:1112

C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1725.exe
10⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-581.exe
11⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48023.exe
12⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62979.exe
13⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22413.exe
14⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 236
14⤵
PID:13648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
13⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 236
12⤵
PID:8420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
11⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1112 -s 236
10⤵
PID:4684

C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21823.exe
9⤵
PID:3400

C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40052.exe
10⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36430.exe
11⤵
PID:7732

C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16192.exe
12⤵
PID:10568

C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45486.exe
13⤵
PID:12636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10568 -s 216
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7732 -s 216
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
11⤵
PID:9112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3400 -s 236
10⤵
PID:6768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2552 -s 240
9⤵
PID:4596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 240
8⤵
- Program crash
PID:336

C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2952

C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63121.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32862.exe
9⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7755.exe
10⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40846.exe
11⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2138.exe
12⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35714.exe
13⤵
PID:9680

C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25694.exe
14⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 236
14⤵
PID:7576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
12⤵
PID:7448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
11⤵
PID:5576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 236
10⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57511.exe
9⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8666.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35304.exe
11⤵
PID:5956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25901.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32771.exe
13⤵
PID:12800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
11⤵
PID:8056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 236
10⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
9⤵
- Program crash
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47807.exe
8⤵
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2828.exe
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
11⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60026.exe
12⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42523.exe
13⤵
PID:12720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 216
12⤵
PID:10740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
11⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
10⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11359.exe
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64276.exe
10⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44074.exe
11⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40769.exe
12⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 236
12⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 236
11⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 216
10⤵
PID:7780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2672 -s 240
9⤵
PID:5600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2952 -s 240
8⤵
- Program crash
PID:3124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
7⤵
- Program crash
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24807.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18114.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48731.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8549.exe
9⤵
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48788.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15547.exe
11⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7457.exe
12⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64406.exe
13⤵
PID:10812

C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2253.exe
14⤵
PID:6244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10812 -s 216
14⤵
PID:14124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
13⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
12⤵
PID:9188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
11⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 236
10⤵
PID:4764

C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28922.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41614.exe
10⤵
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1920.exe
11⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4048.exe
12⤵
PID:10056

C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
13⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10056 -s 216
13⤵
PID:13332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 216
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4276 -s 236
11⤵
PID:8740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 216
10⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
9⤵
- Program crash
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58305.exe
8⤵
PID:2312

C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40620.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6912.exe
10⤵
PID:4128

C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11183.exe
11⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62657.exe
12⤵
PID:9872

C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16232.exe
12⤵
PID:9892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
13⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9892 -s 216
13⤵
PID:936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 220
12⤵
PID:10788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4128 -s 216
11⤵
PID:7440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13689.exe
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60384.exe
10⤵
PID:6648

C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
11⤵
PID:10088

C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59243.exe
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10088 -s 216
12⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6648 -s 236
11⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4172 -s 236
10⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2312 -s 240
9⤵
PID:5332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
8⤵
- Program crash
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20697.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1916

C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
8⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61738.exe
9⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57685.exe
10⤵
PID:5564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45169.exe
11⤵
PID:9228

C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21890.exe
12⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9228 -s 216
12⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5564 -s 236
11⤵
PID:9828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
10⤵
PID:7788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22700.exe
8⤵
PID:292

C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64172.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52190.exe
10⤵
PID:7660

C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8324.exe
11⤵
PID:10304

C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1054.exe
12⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10304 -s 236
12⤵
PID:13492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7660 -s 216
11⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 292 -s 216
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1916 -s 220
8⤵
- Program crash
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
7⤵
- Program crash
PID:2292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2788 -s 240
6⤵
- Program crash
PID:2144

C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24061.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30174.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32395.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43120.exe
9⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
10⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9984.exe
11⤵
PID:5380

C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48127.exe
12⤵
PID:8388

C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31433.exe
13⤵
PID:10348

C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6887.exe
14⤵
PID:13792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10348 -s 220
14⤵
PID:13744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8388 -s 236
13⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5380 -s 236
12⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
11⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
10⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 216
9⤵
- Program crash
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
8⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
9⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
10⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60000.exe
11⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37961.exe
12⤵
PID:9840

C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6788.exe
13⤵
PID:12628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9840 -s 216
13⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
12⤵
PID:10648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 236
11⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19719.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41334.exe
10⤵
PID:6284

C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17541.exe
11⤵
PID:9908

C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9908 -s 216
12⤵
PID:13136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6284 -s 216
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:8144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 220
9⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 240
8⤵
- Program crash
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47340.exe
7⤵
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28778.exe
8⤵
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13217.exe
10⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24370.exe
11⤵
PID:7892

C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53908.exe
12⤵
PID:10936

C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
13⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10936 -s 216
13⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7892 -s 236
12⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
11⤵
PID:8320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 236
9⤵
PID:5012

C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51481.exe
8⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20810.exe
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
10⤵
PID:6264

C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
11⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47541.exe
12⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
12⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6264 -s 216
11⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
10⤵
PID:8732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
9⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
7⤵
- Program crash
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10308.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23987.exe
7⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21378.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48547.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
10⤵
PID:5624

C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59647.exe
11⤵
PID:7924

C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
12⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19441.exe
13⤵
PID:13404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10364 -s 216
13⤵
PID:13688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7924 -s 216
12⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5624 -s 216
11⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:4432

C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18951.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32159.exe
9⤵
PID:5764

C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16669.exe
10⤵
PID:7820

C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40862.exe
11⤵
PID:11048

C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58527.exe
12⤵
PID:13480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11048 -s 216
12⤵
PID:13640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7820 -s 216
11⤵
PID:12152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5764 -s 216
10⤵
PID:9488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
8⤵
PID:4168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 216
7⤵
- Program crash
PID:2032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 220
6⤵
- Program crash
PID:1936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1488

C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2240

C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57755.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41466.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1380

C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39363.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45306.exe
8⤵
PID:2704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48980.exe
9⤵
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4857.exe
10⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44707.exe
11⤵
PID:7460

C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
12⤵
PID:10252

C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62315.exe
13⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10252 -s 216
13⤵
PID:13428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7460 -s 216
12⤵
PID:11368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 216
11⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3740 -s 216
10⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2704 -s 236
9⤵
- Program crash
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33198.exe
8⤵
PID:3784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 240
9⤵
PID:4592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 240
8⤵
- Program crash
PID:4324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1380 -s 236
7⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55617.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2560

C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3806.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9618.exe
8⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32452.exe
9⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45314.exe
10⤵
PID:4336

C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
11⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8132.exe
12⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35289.exe
13⤵
PID:12784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
13⤵
PID:13348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
12⤵
PID:10756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4336 -s 216
11⤵
PID:8648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3172 -s 236
10⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
9⤵
PID:4668

C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12586.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21770.exe
9⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30592.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-623.exe
11⤵
PID:10884

C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
12⤵
PID:7504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10884 -s 236
12⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 216
11⤵
PID:11740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 216
10⤵
PID:8260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 220
8⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49068.exe
7⤵
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5809.exe
8⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26840.exe
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19819.exe
10⤵
PID:6516

C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54811.exe
11⤵
PID:9856

C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47650.exe
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9856 -s 216
12⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6516 -s 216
11⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4120 -s 236
10⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 236
9⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1536 -s 236
8⤵
PID:4740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2560 -s 240
7⤵
- Program crash
PID:2756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2428 -s 240
6⤵
- Program crash
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21600.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:624

C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9945.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26173.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43360.exe
8⤵
PID:1568

C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40812.exe
9⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
10⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
11⤵
PID:7044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1479.exe
12⤵
PID:9780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32300.exe
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9780 -s 216
13⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7044 -s 216
12⤵
PID:10300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4436 -s 216
11⤵
PID:6848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 216
10⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1568 -s 216
9⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25030.exe
8⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22756.exe
9⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38101.exe
10⤵
PID:7064

C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5418.exe
11⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6077.exe
12⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
12⤵
PID:13732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7064 -s 216
11⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5072 -s 216
10⤵
PID:8588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
9⤵
PID:6160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
8⤵
- Program crash
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43722.exe
7⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59164.exe
9⤵
PID:6060

C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61977.exe
10⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60706.exe
11⤵
PID:10824

C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58911.exe
12⤵
PID:13700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10824 -s 220
12⤵
PID:9012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 216
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6060 -s 216
10⤵
PID:9368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 236
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
8⤵
PID:5020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 240
7⤵
- Program crash
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26919.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-24694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24694.exe
7⤵
PID:1276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20200.exe
8⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6144.exe
9⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56087.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5101.exe
11⤵
PID:7552

C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
12⤵
PID:11220

C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64173.exe
13⤵
PID:6220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11220 -s 216
13⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7552 -s 216
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 216
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 236
9⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55900.exe
8⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42081.exe
9⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53617.exe
10⤵
PID:8168

C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
11⤵
PID:11172

C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
12⤵
PID:8624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11172 -s 220
12⤵
PID:13572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8168 -s 216
11⤵
PID:11908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
10⤵
PID:9344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
9⤵
PID:6980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1276 -s 240
8⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35144.exe
7⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24235.exe
8⤵
PID:3640

C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34489.exe
9⤵
PID:6100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
10⤵
PID:7676

C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63036.exe
11⤵
PID:11232

C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45315.exe
12⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11232 -s 216
12⤵
PID:8752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7676 -s 216
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6100 -s 216
10⤵
PID:8448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3640 -s 216
9⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
8⤵
PID:5220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 240
7⤵
- Program crash
PID:3560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 624 -s 220
6⤵
- Program crash
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2240 -s 240
5⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1336

C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2948 -s 200
4⤵
- Loads dropped DLL
- Program crash
PID:2616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
3⤵
- Program crash
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3004

C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57091.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54989.exe
9⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11598.exe
10⤵
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38573.exe
11⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27899.exe
12⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19181.exe
13⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51708.exe
14⤵
PID:6228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
12⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3780 -s 216
11⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
10⤵
PID:5248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
9⤵
- Program crash
PID:3912

C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42269.exe
8⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23516.exe
9⤵
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34733.exe
10⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25361.exe
11⤵
PID:5616

C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10747.exe
12⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17344.exe
13⤵
PID:11112

C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57759.exe
14⤵
PID:8204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11112 -s 216
14⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 216
13⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5616 -s 216
12⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 216
11⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 236
10⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59787.exe
10⤵
PID:5312

C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19108.exe
11⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
12⤵
PID:10984

C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53099.exe
13⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10984 -s 216
13⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 236
12⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5312 -s 236
11⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 240
9⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 240
8⤵
- Program crash
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57838.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-53967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53967.exe
8⤵
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27600.exe
9⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21905.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44411.exe
11⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34759.exe
12⤵
PID:7900

C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
13⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-49783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49783.exe
14⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 216
14⤵
PID:13472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7900 -s 216
13⤵
PID:11984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
12⤵
PID:9288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 236
10⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59408.exe
9⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
10⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12776.exe
11⤵
PID:7328

C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30172.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1158.exe
13⤵
PID:13448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
13⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7328 -s 216
12⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
11⤵
PID:9420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
10⤵
PID:6728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
9⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42544.exe
8⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46409.exe
9⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16015.exe
10⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35527.exe
11⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30748.exe
12⤵
PID:11132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30131.exe
13⤵
PID:13612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11132 -s 220
13⤵
PID:8968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5292 -s 216
11⤵
PID:9608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
10⤵
PID:6836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 236
9⤵
PID:5336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 220
8⤵
- Program crash
PID:4056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
7⤵
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2332.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26365.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38207.exe
8⤵
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50542.exe
9⤵
PID:3280

C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
10⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56663.exe
11⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54904.exe
12⤵
PID:8476

C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39985.exe
13⤵
PID:10956

C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30411.exe
14⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10956 -s 216
14⤵
PID:13876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8476 -s 216
13⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
12⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
11⤵
PID:6888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3280 -s 236
10⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23035.exe
9⤵
PID:3776

C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5516.exe
10⤵
PID:5824

C:\Users\Admin\AppData\Local\Temp\Unicorn-43503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43503.exe
11⤵
PID:7756

C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50784.exe
12⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18865.exe
13⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 220
13⤵
PID:13560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7756 -s 216
12⤵
PID:12032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5824 -s 216
11⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3776 -s 216
10⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65487.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20343.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
10⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23275.exe
11⤵
PID:7584

C:\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15782.exe
12⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8449.exe
13⤵
PID:13756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
13⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7584 -s 216
12⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
11⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 236
9⤵
PID:4892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 240
8⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22425.exe
7⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54626.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44463.exe
9⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-856.exe
10⤵
PID:5544

C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32621.exe
11⤵
PID:7712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54484.exe
12⤵
PID:11052

C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62014.exe
13⤵
PID:6124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11052 -s 216
13⤵
PID:13920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7712 -s 236
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5544 -s 216
11⤵
PID:9260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
10⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 236
9⤵
PID:4272

C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28681.exe
8⤵
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50057.exe
9⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39336.exe
10⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
11⤵
PID:11140

C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57183.exe
12⤵
PID:8176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11140 -s 216
12⤵
PID:14288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
10⤵
PID:1740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3440 -s 216
9⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
8⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 240
7⤵
- Program crash
PID:2012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
6⤵
- Program crash
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22669.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52924.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1784

C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53007.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48129.exe
8⤵
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48212.exe
9⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26181.exe
10⤵
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32351.exe
11⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44427.exe
12⤵
PID:8692

C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18963.exe
13⤵
PID:11440

C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19005.exe
14⤵
PID:13508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8692 -s 236
13⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
12⤵
PID:10120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3412 -s 216
11⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
10⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18375.exe
9⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65407.exe
10⤵
PID:5792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5792 -s 220
11⤵
PID:9000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 236
10⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 240
9⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63157.exe
8⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28319.exe
9⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36243.exe
10⤵
PID:5812

C:\Users\Admin\AppData\Local\Temp\Unicorn-38843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38843.exe
11⤵
PID:7952

C:\Users\Admin\AppData\Local\Temp\Unicorn-7805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7805.exe
12⤵
PID:10292

C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33810.exe
13⤵
PID:12888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10292 -s 236
13⤵
PID:13988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7952 -s 216
12⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5812 -s 216
11⤵
PID:9296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
10⤵
PID:6756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
9⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32347.exe
7⤵
PID:1752

C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52296.exe
8⤵
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38241.exe
9⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64639.exe
10⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49917.exe
11⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51806.exe
12⤵
PID:10340

C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
13⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 216
12⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
11⤵
PID:9536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
10⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 236
9⤵
PID:5184

C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10207.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17193.exe
9⤵
PID:5640

C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49533.exe
10⤵
PID:7296

C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29980.exe
11⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42985.exe
12⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11024 -s 216
12⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7296 -s 216
11⤵
PID:11864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5640 -s 216
10⤵
PID:9356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 216
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1752 -s 240
8⤵
PID:4756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1784 -s 240
7⤵
- Program crash
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2415.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:772

C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56297.exe
7⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37714.exe
8⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28127.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-5807.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5807.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47022.exe
12⤵
PID:11636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
12⤵
PID:12508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2039.exe
8⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11546.exe
9⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28729.exe
10⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40478.exe
11⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45424.exe
12⤵
PID:7948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11212 -s 216
12⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
11⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 216
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 240
8⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5596.exe
7⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5568.exe
8⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32543.exe
9⤵
PID:5468

C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1064.exe
10⤵
PID:8504

C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21703.exe
11⤵
PID:11128

C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43177.exe
12⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11128 -s 216
12⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8504 -s 236
11⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5468 -s 236
10⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 236
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 772 -s 220
7⤵
- Program crash
PID:3932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 220
6⤵
- Program crash
PID:2676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
5⤵
- Program crash
PID:1260

C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62955.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38534.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2040

C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
8⤵
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30314.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33638.exe
10⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-17873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17873.exe
11⤵
PID:6664

C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56949.exe
12⤵
PID:10080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41620.exe
13⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10080 -s 216
13⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6664 -s 216
12⤵
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
11⤵
PID:8536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 236
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2660 -s 216
9⤵
PID:4620

C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30868.exe
8⤵
PID:3996

C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24894.exe
9⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53067.exe
10⤵
PID:7216

C:\Users\Admin\AppData\Local\Temp\Unicorn-5802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5802.exe
11⤵
PID:9440

C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55709.exe
12⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9440 -s 216
12⤵
PID:13372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7216 -s 216
11⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
10⤵
PID:8756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3996 -s 236
9⤵
PID:6236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 220
8⤵
- Program crash
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28647.exe
7⤵
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56956.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17302.exe
9⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16119.exe
10⤵
PID:6612

C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58703.exe
11⤵
PID:9916

C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8454.exe
12⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9916 -s 216
12⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6612 -s 216
11⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
10⤵
PID:8656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 236
8⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2040 -s 220
7⤵
- Program crash
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35279.exe
6⤵
- Executes dropped EXE
PID:2916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
6⤵
- Program crash
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18668.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32587.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58627.exe
7⤵
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59286.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59429.exe
9⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
10⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52543.exe
11⤵
PID:9672

C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23426.exe
12⤵
PID:12544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9672 -s 216
12⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5632 -s 216
11⤵
PID:10576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 216
10⤵
PID:8016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 236
9⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31395.exe
8⤵
PID:3472

C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45610.exe
9⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21817.exe
10⤵
PID:9700

C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55605.exe
11⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9700 -s 216
11⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
10⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3472 -s 236
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
8⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43504.exe
7⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47753.exe
8⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4961.exe
9⤵
PID:6536

C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3150.exe
10⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54391.exe
11⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
11⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6536 -s 216
10⤵
PID:10640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
9⤵
PID:7652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
8⤵
PID:6128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 596 -s 240
7⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
6⤵
- Program crash
PID:776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 240
5⤵
- Program crash
PID:2784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54787.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2392

C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63230.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20335.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
8⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44704.exe
9⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57566.exe
10⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52683.exe
11⤵
PID:6932

C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4157.exe
12⤵
PID:9376

C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35590.exe
13⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9376 -s 236
13⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6932 -s 216
12⤵
PID:10848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
11⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
10⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
9⤵
PID:4860

C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-778.exe
8⤵
PID:3732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 220
8⤵
- Program crash
PID:3312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 236
7⤵
- Program crash
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4553.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8310.exe
7⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
8⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64255.exe
9⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17162.exe
10⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1199.exe
11⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26073.exe
12⤵
PID:7972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
12⤵
PID:14192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
11⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
10⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
9⤵
PID:6308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
8⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 216
7⤵
- Program crash
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2392 -s 240
6⤵
- Program crash
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12638.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59229.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54543.exe
7⤵
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22338.exe
8⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
9⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18065.exe
10⤵
PID:7428

C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34775.exe
11⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53571.exe
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
12⤵
PID:13320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7428 -s 216
11⤵
PID:11272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
9⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 236
8⤵
- Program crash
PID:4544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 236
7⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38761.exe
6⤵
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1917.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-55428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55428.exe
8⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22751.exe
9⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11785.exe
10⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50774.exe
11⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
11⤵
PID:12480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
10⤵
PID:10268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
9⤵
PID:7964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 236
8⤵
PID:5936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 236
7⤵
- Program crash
PID:4464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 240
6⤵
- Program crash
PID:1164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
5⤵
- Program crash
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40672.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42701.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27024.exe
7⤵
PID:2424

C:\Users\Admin\AppData\Local\Temp\Unicorn-22146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22146.exe
8⤵
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8365.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13596.exe
10⤵
PID:6992

C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28553.exe
11⤵
PID:9748

C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55901.exe
12⤵
PID:12668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9748 -s 216
12⤵
PID:13512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6992 -s 216
11⤵
PID:11196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
10⤵
PID:8636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3592 -s 236
9⤵
PID:6208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2424 -s 236
8⤵
PID:4816

C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2280.exe
7⤵
PID:3564

C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63440.exe
8⤵
PID:5884

C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54001.exe
9⤵
PID:7252

C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44946.exe
10⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11656.exe
11⤵
PID:13672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
11⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7252 -s 216
10⤵
PID:12164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5884 -s 216
9⤵
PID:9560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3564 -s 216
8⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
7⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-936.exe
6⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41689.exe
7⤵
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6803.exe
8⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11733.exe
9⤵
PID:7800

C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54100.exe
10⤵
PID:10840

C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12367.exe
11⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10840 -s 236
11⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7800 -s 216
10⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 216
9⤵
PID:8208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3428 -s 216
8⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
7⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
6⤵
- Program crash
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43255.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2135.exe
6⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12031.exe
7⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4774.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57670.exe
9⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43690.exe
10⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18656.exe
11⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 216
11⤵
PID:13300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6348 -s 216
10⤵
PID:10724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
8⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15635.exe
7⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1707.exe
8⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29731.exe
9⤵
PID:9716

C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11085.exe
10⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9716 -s 236
10⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 216
9⤵
PID:11040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 216
8⤵
PID:8288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 240
7⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26976.exe
6⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8858.exe
7⤵
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20914.exe
8⤵
PID:6408

C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6933.exe
9⤵
PID:10048

C:\Users\Admin\AppData\Local\Temp\Unicorn-21911.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21911.exe
10⤵
PID:12772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10048 -s 216
10⤵
PID:12812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6408 -s 216
9⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 236
8⤵
PID:7424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
7⤵
PID:6044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
6⤵
- Program crash
PID:3456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
5⤵
- Program crash
PID:2104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
4⤵
- Program crash
PID:904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3004 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
2⤵
- Program crash
PID:2840

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-32647.exe
Filesize
184KB

MD5
489cfcd3f3046fd0491c8c74199896c0

SHA1
517452c50b3f7d5b55e8fd168b4f2b1fad8d1b76

SHA256
6b5c385633551c301b47fb54110aad414e6be3ad861fa1249d31b8e685abc09c

SHA512
e76dd4a2da749ae5d6d0372a837ff77b90b1d49e86ff30f0f093cc267771b92312fadfccf020db367c2a905e4b658d46401ab3b2ac0e1778933e5a1123104d07

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-33940.exe
Filesize
184KB

MD5
c9cfa11c60fc2b5bf8d4e490ce13e95e

SHA1
fea59f91216717cf7d9c7f3924691363ef0509db

SHA256
c6a4099ea2bcfce5bfe0f9f76f892789dad601e0bdf70225866c4d4b123377f7

SHA512
f06cb76b03b97f19bea4df2c46540b4956c84da78d189d8ad637a7270ee8e44c68f3660cf5df61c14c6d35b02f09cb6d58fa4d9e8e6e707821d20db3d053524d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36705.exe
Filesize
184KB

MD5
375b684a5f38408a890ef2d6e20a27cc

SHA1
fa85456324bfbaad651fd1f2c357616abe2eea08

SHA256
b056ea5016b709ba40ec02be82090d710df37adaee13129df38857093d069c76

SHA512
53560c73c75cce73c62d796827964536d411174f563869a0b38e30fea0119bab592d076175ef6fa598be15ae6bc079356fb3ea346dfb9167a9d9bfcb11e1a1e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38843.exe
Filesize
184KB

MD5
9931b8f9164ffa5de2112c97b05f87c3

SHA1
6cb278cc7d33287d54f38b4ed6dff9aef4c24381

SHA256
530e19c181380ac48f68dda2041b6bab717edbacc96e7d64d6c5c6a22166e955

SHA512
10a04a2771223c64e1c5f7a67ba257017ed40d4b0f01395392f4a6e32b770b5a76cb42c6120016b26cc5a4ffcaee8bce62146bd830070e3d1acae15a32ef1130

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-41034.exe
Filesize
184KB

MD5
0b59a46729fbfed8968a55b43b8cfc3d

SHA1
a5f9688d9d476ad06494d6c843b648e54edd616c

SHA256
db6daa63aa78ed2ef522eb1f5034fb14c6cd5f0729040afbdf5590823f67a396

SHA512
5ca295443d3ad148d55d5b857234f513ef1a878ffd76f4866fac0ca8be192423568928291578aaf66b0087957701bb044379e1812a3a3541fbd48eecdc809210

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4828.exe
Filesize
184KB

MD5
1a779190bf2ceefc50c88f17a81462e2

SHA1
3c0f687cc87d9f8b61f27fc9b167c5f7ad395e86

SHA256
fc5b1752e366b98fd5b74d48885e0c0927d17c4fd21b28a135dabcd23bf3cfa9

SHA512
03f0e09641e1d31367bc0bf64ee834dad267a13a44f43d9a869f4eaaad32022d44e33711e05ffc6ad5989380aa8780996d915ff3c239105a14ad66bb68551503

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53778.exe
Filesize
184KB

MD5
c452c30d5fe0bd5a8f57d97b81e24efb

SHA1
d30c8dfb1491ac1c1197cf4a735d54bb1fa0bf93

SHA256
739a5864325f766f1940fdbf981ca69cc24a429dcbce3d8f1910afdfb79f2f2e

SHA512
d01d1a42e4b107b063d1dbfd96010cb0e19334fb306f90d1e98f8f60779fc24290f55cbc9cc3d9b42bf60a082e652fc416db74a51186ecc94cffb7861c62c743

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5807.exe
Filesize
184KB

MD5
dfad0dbde1248d1eab39dc86d8088059

SHA1
fd2650306209f24400b892316327cb1c43216489

SHA256
4c7105749cc5d80ce0556ee6d2ad811af85723c03208b6361416c61cb7c29c4b

SHA512
8c6cedf6b1e73882f195dfee6224ffb68acfbb57bd57d42ea10f7bc993b4137e79bf238316f36b72df122a75604f01a199a6b7a8bfe3b0ac851fbbe362fafd07

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10033.exe
Filesize
184KB

MD5
810d9f2cec685702e6f4cada04369544

SHA1
0e3ce27f74a76db497defe7d9933a318fd297fb3

SHA256
9d0459ac934f335b3a63ee69a3981a297143e9f9a424ead10251005726232a24

SHA512
dd921f66695a6ae5d70e8254fe7a1118acf1f4ff79d4368f8dcff41e287d0dfa2da7d2f8a346b981b132efb3c50e6111309ed07097d83d78dd0a18714bf6bcf3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12809.exe
Filesize
184KB

MD5
731f39a7022a3dc3b50fddcb428e34b2

SHA1
325cd32a4e98f99761a665c7e73b6058c661aea0

SHA256
111f69a155e75145ff1bce37515d55c1bbb783d3355f375f302402c19464a590

SHA512
aba8e3583426e1bfe45bdd9f3f9c631cd3872dce24fe0b4aa5677cd9e4a5948089efa0d51ad01e6705eaf21fe1786981c63420c15a2df61597adb87db2e4cfec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-22945.exe
Filesize
184KB

MD5
8996b390d66dd01331d05ec21f9bd260

SHA1
5953c44348df696a63c2b9ba2ba01767a85db413

SHA256
55be6a0fc49713fddf93b2e599f64ea58c8969ad82740a102c57412613f6e683

SHA512
ecdee6a63c49c960511b0015eda9468d3da491a6c7d3a9cbca1d76654aef4e856894263338a0c20ebb22b4f8c27d7e9db949776dc218dbc4ba0f4f46bd421931

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28591.exe
Filesize
184KB

MD5
b2911abf6efc82efb47b063f22ea433b

SHA1
c5ff9111175c06bd52f96eb585b61e24de25704c

SHA256
8389d79a74f7c1e3cf49bc4405288f918cb22427c8da8ad677e75092c7641134

SHA512
6c9bf66efdb0b8cdb03784d3eb787bdb6f0b7cd13fbe765841a13368f427733e2ae69b5c492576b4fffddcde40a7080d172c611329d4da599019e234d5f02cc3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3079.exe
Filesize
184KB

MD5
3df7fb0e75b1e1774d15ac6d263c34b2

SHA1
babbd0513b2768f091a301129763bd5caaf6b915

SHA256
9c08f48036cd72cb10d25141c85c051ce44dc3017880a150d44768c1f9e58e01

SHA512
47c16fe6245af22f770738ca00afc348208be7ff1c35bc986e32f526978e5ddba2397415aee0214e53d501e626f3fe8f044674708b73b48d65f9b710c5ae4e4b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-33857.exe
Filesize
184KB

MD5
f6c8a48669fefddfebf8c0d3ae59ec7f

SHA1
b147c5058f93c970ab4a3f45a58dc629eef9b542

SHA256
4501cab27e5b5cf76590a14fd9f673a35eac51bb3c88fd0b1f7ed6fb4e8aa478

SHA512
8552f018f94fa629998257b59d7a15ee4632ff750c047853e78c08feaa19a1bf179fb87cc249c7265a5cc748f8f56ebe9534e341cf3ed6819e0559de842d232c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-36401.exe
Filesize
184KB

MD5
522e2232417037692712827eb599075a

SHA1
93813d9f539f9799d79062bebb04df3662d06150

SHA256
be3829694ce3365236cb2797c9d153eb8e99238a76ecdc19f17da4a78ee37d16

SHA512
0a5db8c0180ecaed7dc1c9794469b9df9c8a37bba1dd4da70a1de16ee0f9b405a65085f035346188dcb116bbd111696f88c261ceb79759a7451d2574e93fe024

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47537.exe
Filesize
184KB

MD5
75736feaf6e73f1842f8988f571f6519

SHA1
a8cc371700a97c299f2f3a61c71ad9aa0a0a7d0e

SHA256
e7ddc2049119a31973b08a7eb23dc13a24d9403c6c275c945ad549acbffc8b4c

SHA512
06635c5024d64e04a19a75371211ce4b1a7d8682e03e5af4cf1291932d59e0b280aa6fd31518686b0172955d32af0cbbab14dbccaf2f4d6dbad27e9adf0fe824

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49639.exe
Filesize
184KB

MD5
7a3484f2ba8adfeca3543eed83636ea3

SHA1
5b95559efd5f91717c6004c254200db3eec97892

SHA256
4fe440396f119fd2cd94930521f6f6d0ded889829989f36e52c04c1beb1b62aa

SHA512
78a4df9ae2f98f33b806b848ca27bb1f5868000d1463881b52bd5c039de33487ada3250ea186de1a1bad7bff6418e386567d902e07cfdf83e70c8d6d5f653eca

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53671.exe
Filesize
184KB

MD5
e13dbe8c27f27bb28f81a73c13024db3

SHA1
e1fe29fbf38bf53a31d645881f0ba1ad3b8f31c8

SHA256
9151d2b257aeae0df1af52dcfe00302b910f7a745e40d45acd9e48780680f5de

SHA512
587b91220ac489b77b30402c8fb67136a952a427ac2604fee3cba5abfd376be2963bdd4fe6fe02f8e3d3a424cd5b44b6feb981a5d027c6bc8e3fef00dda55b28

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53806.exe
Filesize
184KB

MD5
d8005fcec321134392d25d06a92f19d4

SHA1
cfa57befeed008e2cef4b370e458f020db118238

SHA256
3731618f62cbfe03b3e9b0986f1ea00466e601748763deaf1da9fffe60c2f2dc

SHA512
c17b38c487c48795a82113e8db73c8ed525f6a5a378312e423740488358144238a79742e00e542a15dcbd0020573137f094469da933ce4af60433056b696d707

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53832.exe
Filesize
184KB

MD5
45d813cc287a9b5f3c6933bdb820a1de

SHA1
1bc883a40df5b7c45de67618936638ac86657588

SHA256
042434fadf19bd3fef92ab4faff2fbf58a780eaab50bb9707a07e4aa1c4ce12e

SHA512
192c701a4d1245fabd0a41a95f99bd1f395b16b9c1bab7147d9b1b34ee52d73638aca40397576f4d56452946c3300f3a580d0a8ca29f6039df179f30a5a5ca57

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-63318.exe
Filesize
184KB

MD5
24eb37e44f8bd01b713165356eefaaa4

SHA1
3477f8338410b1ec67dcc38b5f995d54f61caeb7

SHA256
8dfbf01b60275a46d8b2b82995d3e26199f328f04c139f5ff40da3e9e9443d05

SHA512
863da7662359ed20dcc0d1d27df6e611dc68f9f27f3a6f30e92f148b912300b1fa3b83d783ccc25b7c50b47fdb6f10a3828bb09d8415f3c11594279d9072e189

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8642.exe
Filesize
184KB

MD5
e5427a956211feae0cd097cfabfe0bf0

SHA1
ae6a55735c4cf70b746041011598bb22fbf4bdfc

SHA256
e864b5e4b7994d4689fc8db9dbd558158883a3294eb94ccf22b786c9cdd37eba

SHA512
4010dc2b7870584c6a0ee72aefd4fc5d2e2cd8a66f7cad9b913418841d4490d179d3b5549f89d789d7afc7494170ee2599c265116759aa878c042b0ec86ba467

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads