2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3

Analysis

max time kernel
150s
max time network
120s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
Size

184KB
MD5

c983962fa870f147ae448b97783cbd27
SHA1

a9a4991597cee76b6e5cd1b8c3c1997c2d568c7a
SHA256

2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3
SHA512

98e5ca27824e2a136c7db7fb6037d57059eea2d483484a40c713d7781d27122325aba00361d64df537443fb546b4cb5cedd06d3e43b36ce9c74ca6e4f94fa5dd
SSDEEP

3072:nZ1fK8of3BekdF2avYwLRtgFhlnViFFnp:nZPo4gF26LbgFhlnViFF

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-21105.exeUnicorn-25272.exeUnicorn-5406.exeUnicorn-48982.exeUnicorn-22894.exeUnicorn-14171.exeUnicorn-42843.exeUnicorn-12116.exeUnicorn-18893.exeUnicorn-34675.exeUnicorn-14809.exeUnicorn-61364.exeUnicorn-10772.exeUnicorn-26554.exeUnicorn-33330.exeUnicorn-17016.exeUnicorn-12931.exeUnicorn-27876.exeUnicorn-18168.exeUnicorn-52978.exeUnicorn-33112.exeUnicorn-29028.exeUnicorn-30420.exeUnicorn-6470.exeUnicorn-26336.exeUnicorn-61146.exeUnicorn-61146.exeUnicorn-2386.exeUnicorn-57062.exeUnicorn-18251.exeUnicorn-33195.exeUnicorn-48977.exeUnicorn-5998.exeUnicorn-41363.exeUnicorn-12028.exeUnicorn-18805.exeUnicorn-7944.exeUnicorn-1722.exeUnicorn-63175.exeUnicorn-16667.exeUnicorn-32449.exeUnicorn-63175.exeUnicorn-59091.exeUnicorn-39225.exeUnicorn-8499.exeUnicorn-4690.exeUnicorn-49060.exeUnicorn-64005.exeUnicorn-44976.exeUnicorn-59921.exeUnicorn-40892.exeUnicorn-49615.exeUnicorn-51006.exeUnicorn-8582.exeUnicorn-40700.exeUnicorn-18696.exeUnicorn-38562.exeUnicorn-14612.exeUnicorn-61120.exeUnicorn-34478.exeUnicorn-37170.exeUnicorn-57036.exeUnicorn-30394.exeUnicorn-6444.exe

pid	process
2192	Unicorn-21105.exe
2384	Unicorn-25272.exe
3024	Unicorn-5406.exe
2728	Unicorn-48982.exe
2472	Unicorn-22894.exe
2456	Unicorn-14171.exe
3012	Unicorn-42843.exe
1724	Unicorn-12116.exe
2784	Unicorn-18893.exe
1768	Unicorn-34675.exe
1196	Unicorn-14809.exe
956	Unicorn-61364.exe
2268	Unicorn-10772.exe
1744	Unicorn-26554.exe
1628	Unicorn-33330.exe
676	Unicorn-17016.exe
1300	Unicorn-12931.exe
1480	Unicorn-27876.exe
2412	Unicorn-18168.exe
1976	Unicorn-52978.exe
2132	Unicorn-33112.exe
1136	Unicorn-29028.exe
2848	Unicorn-30420.exe
912	Unicorn-6470.exe
1992	Unicorn-26336.exe
1084	Unicorn-61146.exe
2892	Unicorn-61146.exe
2168	Unicorn-2386.exe
320	Unicorn-57062.exe
1128	Unicorn-18251.exe
3048	Unicorn-33195.exe
2556	Unicorn-48977.exe
2640	Unicorn-5998.exe
2716	Unicorn-41363.exe
3000	Unicorn-12028.exe
2732	Unicorn-18805.exe
2468	Unicorn-7944.exe
2620	Unicorn-1722.exe
1644	Unicorn-63175.exe
1824	Unicorn-16667.exe
1928	Unicorn-32449.exe
1912	Unicorn-63175.exe
1588	Unicorn-59091.exe
2804	Unicorn-39225.exe
1788	Unicorn-8499.exe
2124	Unicorn-4690.exe
748	Unicorn-49060.exe
1152	Unicorn-64005.exe
704	Unicorn-44976.exe
1676	Unicorn-59921.exe
1624	Unicorn-40892.exe
1436	Unicorn-49615.exe
820	Unicorn-51006.exe
2304	Unicorn-8582.exe
3064	Unicorn-40700.exe
2136	Unicorn-18696.exe
1448	Unicorn-38562.exe
3028	Unicorn-14612.exe
2584	Unicorn-61120.exe
1052	Unicorn-34478.exe
2708	Unicorn-37170.exe
2464	Unicorn-57036.exe
2496	Unicorn-30394.exe
2436	Unicorn-6444.exe

Loads dropped DLL 64 IoCs

Processes:

2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exeUnicorn-21105.exeUnicorn-5406.exeUnicorn-25272.exeWerFault.exeUnicorn-22894.exeUnicorn-48982.exeUnicorn-14171.exeWerFault.exeWerFault.exeUnicorn-12116.exeUnicorn-42843.exeUnicorn-14809.exeUnicorn-34675.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
2192	Unicorn-21105.exe
2192	Unicorn-21105.exe
2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
3024	Unicorn-5406.exe
2384	Unicorn-25272.exe
2384	Unicorn-25272.exe
2192	Unicorn-21105.exe
2192	Unicorn-21105.exe
3024	Unicorn-5406.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2472	Unicorn-22894.exe
2472	Unicorn-22894.exe
2728	Unicorn-48982.exe
2728	Unicorn-48982.exe
2384	Unicorn-25272.exe
2384	Unicorn-25272.exe
2456	Unicorn-14171.exe
3024	Unicorn-5406.exe
2456	Unicorn-14171.exe
3024	Unicorn-5406.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2820	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2536	WerFault.exe
2820	WerFault.exe
1724	Unicorn-12116.exe
2728	Unicorn-48982.exe
1724	Unicorn-12116.exe
2728	Unicorn-48982.exe
3012	Unicorn-42843.exe
3012	Unicorn-42843.exe
2472	Unicorn-22894.exe
2472	Unicorn-22894.exe
1196	Unicorn-14809.exe
1196	Unicorn-14809.exe
1768	Unicorn-34675.exe
1768	Unicorn-34675.exe
2456	Unicorn-14171.exe
2456	Unicorn-14171.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
1984	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2116	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe
2104	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2644	2220	WerFault.exe	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
2500	2192	WerFault.exe	Unicorn-21105.exe
2820	3024	WerFault.exe	Unicorn-5406.exe
2536	2384	WerFault.exe	Unicorn-25272.exe
1984	2472	WerFault.exe	Unicorn-22894.exe
2116	2728	WerFault.exe	Unicorn-48982.exe
2104	2456	WerFault.exe	Unicorn-14171.exe
2916	1724	WerFault.exe	Unicorn-12116.exe
2896	3012	WerFault.exe	Unicorn-42843.exe
1108	2784	WerFault.exe	Unicorn-18893.exe
1616	1196	WerFault.exe	Unicorn-14809.exe
2840	1768	WerFault.exe	Unicorn-34675.exe
1092	2268	WerFault.exe	Unicorn-10772.exe
1776	956	WerFault.exe	Unicorn-61364.exe
1524	1628	WerFault.exe	Unicorn-33330.exe
1684	676	WerFault.exe	Unicorn-17016.exe
1540	1300	WerFault.exe	Unicorn-12931.exe
1452	1744	WerFault.exe	Unicorn-26554.exe
1424	1480	WerFault.exe	Unicorn-27876.exe
332	3048	WerFault.exe	Unicorn-33195.exe
1944	2716	WerFault.exe	Unicorn-41363.exe
1932	2412	WerFault.exe	Unicorn-18168.exe
2260	2132	WerFault.exe	Unicorn-33112.exe
780	1136	WerFault.exe	Unicorn-29028.exe
692	1976	WerFault.exe	Unicorn-52978.exe
2272	2848	WerFault.exe	Unicorn-30420.exe
1372	1084	WerFault.exe	Unicorn-61146.exe
2628	1992	WerFault.exe	Unicorn-26336.exe
1400	912	WerFault.exe	Unicorn-6470.exe
616	2168	WerFault.exe	Unicorn-2386.exe
1708	2892	WerFault.exe	Unicorn-61146.exe
892	1128	WerFault.exe	Unicorn-18251.exe
1592	2556	WerFault.exe	Unicorn-48977.exe
2592	2640	WerFault.exe	Unicorn-5998.exe
2140	2732	WerFault.exe	Unicorn-18805.exe
2564	3000	WerFault.exe	Unicorn-12028.exe
1656	2804	WerFault.exe	Unicorn-39225.exe
2492	1824	WerFault.exe	Unicorn-16667.exe
2228	2620	WerFault.exe	Unicorn-1722.exe
1504	1928	WerFault.exe	Unicorn-32449.exe
1648	1788	WerFault.exe	Unicorn-8499.exe
3104	1588	WerFault.exe	Unicorn-59091.exe
3096	1644	WerFault.exe	Unicorn-63175.exe
3120	1912	WerFault.exe	Unicorn-63175.exe
3132	2468	WerFault.exe	Unicorn-7944.exe
3092	2124	WerFault.exe	Unicorn-4690.exe
3320	1152	WerFault.exe	Unicorn-64005.exe
3360	1624	WerFault.exe	Unicorn-40892.exe
3380	1676	WerFault.exe	Unicorn-59921.exe
3644	1436	WerFault.exe	Unicorn-49615.exe
3764	820	WerFault.exe	Unicorn-51006.exe
3792	704	WerFault.exe	Unicorn-44976.exe
3844	2708	WerFault.exe	Unicorn-37170.exe
3552	2944	WerFault.exe	Unicorn-990.exe
3620	2436	WerFault.exe	Unicorn-6444.exe
3228	3028	WerFault.exe	Unicorn-14612.exe
3240	2464	WerFault.exe	Unicorn-57036.exe
3780	1448	WerFault.exe	Unicorn-38562.exe
3388	2304	WerFault.exe	Unicorn-8582.exe
3756	3064	WerFault.exe	Unicorn-40700.exe
3436	748	WerFault.exe	Unicorn-49060.exe
3944	2724	WerFault.exe	Unicorn-50575.exe
4332	2136	WerFault.exe	Unicorn-18696.exe
4556	1348	WerFault.exe	Unicorn-19870.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exeUnicorn-21105.exeUnicorn-25272.exeUnicorn-5406.exeUnicorn-22894.exeUnicorn-48982.exeUnicorn-14171.exeUnicorn-42843.exeUnicorn-12116.exeUnicorn-18893.exeUnicorn-34675.exeUnicorn-14809.exeUnicorn-61364.exeUnicorn-10772.exeUnicorn-26554.exeUnicorn-33330.exeUnicorn-17016.exeUnicorn-12931.exeUnicorn-27876.exeUnicorn-18168.exeUnicorn-52978.exeUnicorn-33112.exeUnicorn-29028.exeUnicorn-30420.exeUnicorn-26336.exeUnicorn-6470.exeUnicorn-61146.exeUnicorn-61146.exeUnicorn-2386.exeUnicorn-57062.exeUnicorn-18251.exeUnicorn-33195.exeUnicorn-48977.exeUnicorn-5998.exeUnicorn-41363.exeUnicorn-12028.exeUnicorn-18805.exeUnicorn-7944.exeUnicorn-1722.exeUnicorn-63175.exeUnicorn-16667.exeUnicorn-39225.exeUnicorn-32449.exeUnicorn-59091.exeUnicorn-63175.exeUnicorn-8499.exeUnicorn-4690.exeUnicorn-49060.exeUnicorn-64005.exeUnicorn-44976.exeUnicorn-59921.exeUnicorn-40892.exeUnicorn-49615.exeUnicorn-51006.exeUnicorn-8582.exeUnicorn-40700.exeUnicorn-18696.exeUnicorn-14612.exeUnicorn-38562.exeUnicorn-61120.exeUnicorn-34478.exeUnicorn-37170.exeUnicorn-30394.exeUnicorn-57036.exe

pid	process
2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
2192	Unicorn-21105.exe
2384	Unicorn-25272.exe
3024	Unicorn-5406.exe
2472	Unicorn-22894.exe
2728	Unicorn-48982.exe
2456	Unicorn-14171.exe
3012	Unicorn-42843.exe
1724	Unicorn-12116.exe
2784	Unicorn-18893.exe
1768	Unicorn-34675.exe
1196	Unicorn-14809.exe
956	Unicorn-61364.exe
2268	Unicorn-10772.exe
1744	Unicorn-26554.exe
1628	Unicorn-33330.exe
676	Unicorn-17016.exe
1300	Unicorn-12931.exe
1480	Unicorn-27876.exe
2412	Unicorn-18168.exe
1976	Unicorn-52978.exe
2132	Unicorn-33112.exe
1136	Unicorn-29028.exe
2848	Unicorn-30420.exe
1992	Unicorn-26336.exe
912	Unicorn-6470.exe
1084	Unicorn-61146.exe
2892	Unicorn-61146.exe
2168	Unicorn-2386.exe
320	Unicorn-57062.exe
1128	Unicorn-18251.exe
3048	Unicorn-33195.exe
2556	Unicorn-48977.exe
2640	Unicorn-5998.exe
2716	Unicorn-41363.exe
3000	Unicorn-12028.exe
2732	Unicorn-18805.exe
2468	Unicorn-7944.exe
2620	Unicorn-1722.exe
1644	Unicorn-63175.exe
1824	Unicorn-16667.exe
2804	Unicorn-39225.exe
1928	Unicorn-32449.exe
1588	Unicorn-59091.exe
1912	Unicorn-63175.exe
1788	Unicorn-8499.exe
2124	Unicorn-4690.exe
748	Unicorn-49060.exe
1152	Unicorn-64005.exe
704	Unicorn-44976.exe
1676	Unicorn-59921.exe
1624	Unicorn-40892.exe
1436	Unicorn-49615.exe
820	Unicorn-51006.exe
2304	Unicorn-8582.exe
3064	Unicorn-40700.exe
2136	Unicorn-18696.exe
3028	Unicorn-14612.exe
1448	Unicorn-38562.exe
2584	Unicorn-61120.exe
1052	Unicorn-34478.exe
2708	Unicorn-37170.exe
2496	Unicorn-30394.exe
2464	Unicorn-57036.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exeUnicorn-21105.exeUnicorn-25272.exeUnicorn-5406.exeUnicorn-22894.exeUnicorn-48982.exeUnicorn-14171.exeUnicorn-12116.exe

description	pid	process	target process
PID 2220 wrote to memory of 2192	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-21105.exe
PID 2220 wrote to memory of 2192	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-21105.exe
PID 2220 wrote to memory of 2192	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-21105.exe
PID 2220 wrote to memory of 2192	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-21105.exe
PID 2192 wrote to memory of 2384	2192	Unicorn-21105.exe	Unicorn-25272.exe
PID 2192 wrote to memory of 2384	2192	Unicorn-21105.exe	Unicorn-25272.exe
PID 2192 wrote to memory of 2384	2192	Unicorn-21105.exe	Unicorn-25272.exe
PID 2192 wrote to memory of 2384	2192	Unicorn-21105.exe	Unicorn-25272.exe
PID 2220 wrote to memory of 3024	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-5406.exe
PID 2220 wrote to memory of 3024	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-5406.exe
PID 2220 wrote to memory of 3024	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-5406.exe
PID 2220 wrote to memory of 3024	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	Unicorn-5406.exe
PID 2220 wrote to memory of 2644	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	WerFault.exe
PID 2220 wrote to memory of 2644	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	WerFault.exe
PID 2220 wrote to memory of 2644	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	WerFault.exe
PID 2220 wrote to memory of 2644	2220	2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe	WerFault.exe
PID 2384 wrote to memory of 2728	2384	Unicorn-25272.exe	Unicorn-48982.exe
PID 2384 wrote to memory of 2728	2384	Unicorn-25272.exe	Unicorn-48982.exe
PID 2384 wrote to memory of 2728	2384	Unicorn-25272.exe	Unicorn-48982.exe
PID 2384 wrote to memory of 2728	2384	Unicorn-25272.exe	Unicorn-48982.exe
PID 2192 wrote to memory of 2472	2192	Unicorn-21105.exe	Unicorn-22894.exe
PID 2192 wrote to memory of 2472	2192	Unicorn-21105.exe	Unicorn-22894.exe
PID 2192 wrote to memory of 2472	2192	Unicorn-21105.exe	Unicorn-22894.exe
PID 2192 wrote to memory of 2472	2192	Unicorn-21105.exe	Unicorn-22894.exe
PID 3024 wrote to memory of 2456	3024	Unicorn-5406.exe	Unicorn-14171.exe
PID 3024 wrote to memory of 2456	3024	Unicorn-5406.exe	Unicorn-14171.exe
PID 3024 wrote to memory of 2456	3024	Unicorn-5406.exe	Unicorn-14171.exe
PID 3024 wrote to memory of 2456	3024	Unicorn-5406.exe	Unicorn-14171.exe
PID 2192 wrote to memory of 2500	2192	Unicorn-21105.exe	WerFault.exe
PID 2192 wrote to memory of 2500	2192	Unicorn-21105.exe	WerFault.exe
PID 2192 wrote to memory of 2500	2192	Unicorn-21105.exe	WerFault.exe
PID 2192 wrote to memory of 2500	2192	Unicorn-21105.exe	WerFault.exe
PID 2472 wrote to memory of 3012	2472	Unicorn-22894.exe	Unicorn-42843.exe
PID 2472 wrote to memory of 3012	2472	Unicorn-22894.exe	Unicorn-42843.exe
PID 2472 wrote to memory of 3012	2472	Unicorn-22894.exe	Unicorn-42843.exe
PID 2472 wrote to memory of 3012	2472	Unicorn-22894.exe	Unicorn-42843.exe
PID 2728 wrote to memory of 1724	2728	Unicorn-48982.exe	Unicorn-12116.exe
PID 2728 wrote to memory of 1724	2728	Unicorn-48982.exe	Unicorn-12116.exe
PID 2728 wrote to memory of 1724	2728	Unicorn-48982.exe	Unicorn-12116.exe
PID 2728 wrote to memory of 1724	2728	Unicorn-48982.exe	Unicorn-12116.exe
PID 2384 wrote to memory of 2784	2384	Unicorn-25272.exe	Unicorn-18893.exe
PID 2384 wrote to memory of 2784	2384	Unicorn-25272.exe	Unicorn-18893.exe
PID 2384 wrote to memory of 2784	2384	Unicorn-25272.exe	Unicorn-18893.exe
PID 2384 wrote to memory of 2784	2384	Unicorn-25272.exe	Unicorn-18893.exe
PID 2456 wrote to memory of 1768	2456	Unicorn-14171.exe	Unicorn-34675.exe
PID 2456 wrote to memory of 1768	2456	Unicorn-14171.exe	Unicorn-34675.exe
PID 2456 wrote to memory of 1768	2456	Unicorn-14171.exe	Unicorn-34675.exe
PID 2456 wrote to memory of 1768	2456	Unicorn-14171.exe	Unicorn-34675.exe
PID 3024 wrote to memory of 1196	3024	Unicorn-5406.exe	Unicorn-14809.exe
PID 3024 wrote to memory of 1196	3024	Unicorn-5406.exe	Unicorn-14809.exe
PID 3024 wrote to memory of 1196	3024	Unicorn-5406.exe	Unicorn-14809.exe
PID 3024 wrote to memory of 1196	3024	Unicorn-5406.exe	Unicorn-14809.exe
PID 3024 wrote to memory of 2820	3024	Unicorn-5406.exe	WerFault.exe
PID 3024 wrote to memory of 2820	3024	Unicorn-5406.exe	WerFault.exe
PID 3024 wrote to memory of 2820	3024	Unicorn-5406.exe	WerFault.exe
PID 3024 wrote to memory of 2820	3024	Unicorn-5406.exe	WerFault.exe
PID 2384 wrote to memory of 2536	2384	Unicorn-25272.exe	WerFault.exe
PID 2384 wrote to memory of 2536	2384	Unicorn-25272.exe	WerFault.exe
PID 2384 wrote to memory of 2536	2384	Unicorn-25272.exe	WerFault.exe
PID 2384 wrote to memory of 2536	2384	Unicorn-25272.exe	WerFault.exe
PID 1724 wrote to memory of 956	1724	Unicorn-12116.exe	Unicorn-61364.exe
PID 1724 wrote to memory of 956	1724	Unicorn-12116.exe	Unicorn-61364.exe
PID 1724 wrote to memory of 956	1724	Unicorn-12116.exe	Unicorn-61364.exe
PID 1724 wrote to memory of 956	1724	Unicorn-12116.exe	Unicorn-61364.exe

C:\Users\Admin\AppData\Local\Temp\2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe
"C:\Users\Admin\AppData\Local\Temp\2bac4aa45c173b9da8267af3bfc6e3ad36359bf8b0ff1032cb34c96190e29dd3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384

C:\Users\Admin\AppData\Local\Temp\Unicorn-48982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48982.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2728

C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:956

C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52978.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1976

C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4690.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29600.exe
9⤵
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25563.exe
10⤵
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31868.exe
11⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3227.exe
12⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15111.exe
13⤵
PID:7696

C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65057.exe
14⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7696 -s 216
14⤵
PID:11428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4840 -s 216
13⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
12⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 236
11⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
10⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52236.exe
11⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
12⤵
PID:8328

C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35544.exe
13⤵
PID:11788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8328 -s 236
13⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
12⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 216
11⤵
PID:6704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2256 -s 240
10⤵
PID:4256

C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
9⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60456.exe
10⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
11⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19772.exe
12⤵
PID:8336

C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25971.exe
13⤵
PID:11468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8336 -s 216
13⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
12⤵
PID:9236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
11⤵
PID:6796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 236
10⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2124 -s 240
9⤵
- Program crash
PID:3092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1976 -s 216
8⤵
- Program crash
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41363.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 240
8⤵
- Program crash
PID:1944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 956 -s 240
7⤵
- Program crash
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29028.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1136

C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40892.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15209.exe
9⤵
PID:1224

C:\Users\Admin\AppData\Local\Temp\Unicorn-24193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24193.exe
10⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
11⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
12⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41619.exe
13⤵
PID:9172

C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25919.exe
14⤵
PID:12200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9172 -s 216
14⤵
PID:4520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
13⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 216
12⤵
PID:6396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
11⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39604.exe
10⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
11⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61847.exe
12⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
13⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
13⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
12⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 216
11⤵
PID:7232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1224 -s 240
10⤵
PID:5144

C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30969.exe
9⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56756.exe
10⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45184.exe
11⤵
PID:5572

C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55241.exe
12⤵
PID:9128

C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13474.exe
13⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9128 -s 216
13⤵
PID:12324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5572 -s 216
12⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 216
11⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 236
10⤵
PID:4548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 240
9⤵
- Program crash
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50575.exe
8⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9802.exe
9⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
10⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44753.exe
11⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-6751.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6751.exe
12⤵
PID:8172

C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59665.exe
13⤵
PID:11252

C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10527.exe
14⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8172 -s 236
13⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 236
12⤵
PID:8348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
11⤵
PID:6976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 216
10⤵
PID:5008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
9⤵
- Program crash
PID:3944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 240
8⤵
- Program crash
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49615.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7617.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36445.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-36912.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36912.exe
10⤵
PID:4016

C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18350.exe
11⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42003.exe
12⤵
PID:8696

C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6567.exe
13⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8696 -s 216
13⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 236
12⤵
PID:9508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4016 -s 216
11⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10824.exe
9⤵
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59574.exe
10⤵
PID:5516

C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38905.exe
11⤵
PID:9072

C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58783.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9072 -s 216
12⤵
PID:1188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5516 -s 216
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 216
10⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 240
9⤵
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43221.exe
8⤵
PID:3444

C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12407.exe
9⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34878.exe
10⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25091.exe
11⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51876.exe
12⤵
PID:11336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
12⤵
PID:12340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
11⤵
PID:10168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
10⤵
PID:6388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3444 -s 236
9⤵
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 240
8⤵
- Program crash
PID:3644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1136 -s 240
7⤵
- Program crash
PID:780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
6⤵
- Program crash
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18168.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18251.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49060.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:748

C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19870.exe
9⤵
PID:1348

C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64841.exe
10⤵
PID:3704

C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
11⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-570.exe
12⤵
PID:6656

C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
13⤵
PID:10148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26101.exe
14⤵
PID:13148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10148 -s 216
14⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6656 -s 216
13⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4588 -s 216
12⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3704 -s 216
11⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1348 -s 236
10⤵
- Program crash
PID:4556

C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-627.exe
9⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31733.exe
10⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39294.exe
11⤵
PID:6480

C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
12⤵
PID:10460

C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8669.exe
13⤵
PID:1044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6480 -s 216
12⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 236
11⤵
PID:8724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 236
10⤵
PID:6404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 748 -s 240
9⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44052.exe
8⤵
PID:2696

C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24385.exe
9⤵
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-26065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26065.exe
10⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57384.exe
11⤵
PID:7372

C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49084.exe
12⤵
PID:10708

C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3646.exe
13⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7372 -s 236
12⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
11⤵
PID:8796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4084 -s 216
10⤵
PID:6512

C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
10⤵
PID:6720

C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
11⤵
PID:10024

C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15519.exe
12⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10024 -s 216
12⤵
PID:7908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6720 -s 216
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
10⤵
PID:8052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2696 -s 220
9⤵
PID:5784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1128 -s 240
8⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64005.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45936.exe
8⤵
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7088.exe
9⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30114.exe
10⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22086.exe
11⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12454.exe
12⤵
PID:8916

C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37211.exe
13⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8916 -s 216
13⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 236
12⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 236
11⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 216
10⤵
PID:4664

C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28722.exe
9⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4151.exe
10⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63601.exe
11⤵
PID:8944

C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8944 -s 216
12⤵
PID:940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
11⤵
PID:10040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
9⤵
PID:4632

C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39137.exe
8⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39050.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57436.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
11⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17175.exe
12⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 236
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 216
10⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
9⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
8⤵
- Program crash
PID:3320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
7⤵
- Program crash
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33195.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3048 -s 240
7⤵
- Program crash
PID:332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
6⤵
- Program crash
PID:1092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2728 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33112.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48977.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44976.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10357.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39242.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5111.exe
10⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43456.exe
11⤵
PID:8240

C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57818.exe
12⤵
PID:12004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8240 -s 216
12⤵
PID:13196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
11⤵
PID:10412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:5436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 236
8⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
7⤵
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11940.exe
8⤵
PID:3724

C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
9⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63305.exe
10⤵
PID:7684

C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-267.exe
11⤵
PID:10784

C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38841.exe
12⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7684 -s 236
11⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4388 -s 236
10⤵
PID:9084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3724 -s 236
9⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49802.exe
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12869.exe
9⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62239.exe
10⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
11⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 220
11⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
10⤵
PID:10384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 216
9⤵
PID:8152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
8⤵
PID:5932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 240
7⤵
- Program crash
PID:1592

C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59921.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4903.exe
7⤵
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-16025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16025.exe
8⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63554.exe
9⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49268.exe
10⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30737.exe
11⤵
PID:9032

C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56645.exe
12⤵
PID:12140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9032 -s 216
12⤵
PID:1116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
11⤵
PID:10152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 216
10⤵
PID:7156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
9⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60025.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20488.exe
9⤵
PID:5720

C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6616.exe
10⤵
PID:8396

C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54891.exe
11⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8396 -s 216
11⤵
PID:12356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5720 -s 216
10⤵
PID:9340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
9⤵
PID:7208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2444 -s 240
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55474.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24660.exe
8⤵
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6097.exe
9⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14784.exe
10⤵
PID:8312

C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12981.exe
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8312 -s 216
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 216
10⤵
PID:10184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3464 -s 216
9⤵
PID:7248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 236
8⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1676 -s 240
7⤵
- Program crash
PID:3380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 240
6⤵
- Program crash
PID:2260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 236
5⤵
- Program crash
PID:1108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2384 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2536

C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:3012

C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1744

C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59091.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30394.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38152.exe
9⤵
PID:1664

C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3964.exe
10⤵
PID:4008

C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53907.exe
11⤵
PID:5116

C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1193.exe
12⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43573.exe
13⤵
PID:9612

C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35639.exe
14⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 216
13⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5116 -s 216
12⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4008 -s 216
11⤵
PID:6152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1664 -s 236
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
9⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-721.exe
11⤵
PID:8200

C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19365.exe
12⤵
PID:11296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8200 -s 216
12⤵
PID:12236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
11⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 216
10⤵
PID:6576

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
9⤵
PID:4120

C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35691.exe
8⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55749.exe
9⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61904.exe
10⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20130.exe
11⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11227.exe
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 216
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6108 -s 216
11⤵
PID:9868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 236
10⤵
PID:7512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 236
9⤵
PID:5384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
- Program crash
PID:3104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 236
7⤵
- Program crash
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8499.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1788

C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34478.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
8⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20301.exe
9⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31266.exe
10⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43212.exe
11⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27922.exe
12⤵
PID:10068

C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
13⤵
PID:6460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10068 -s 216
13⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
11⤵
PID:6024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
10⤵
PID:5848

C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43771.exe
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52641.exe
10⤵
PID:6832

C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11585.exe
11⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29910.exe
12⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6832 -s 216
11⤵
PID:11088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 236
10⤵
PID:8136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
8⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1582.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60228.exe
10⤵
PID:7348

C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63111.exe
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7348 -s 216
11⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 216
10⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
9⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 220
8⤵
PID:4956

C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56304.exe
7⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40721.exe
8⤵
PID:3316

C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35900.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61935.exe
10⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22634.exe
11⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12006.exe
12⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
11⤵
PID:11876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3316 -s 216
9⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 236
8⤵
PID:4196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1788 -s 240
7⤵
- Program crash
PID:1648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1744 -s 240
6⤵
- Program crash
PID:1452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 236
5⤵
- Program crash
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33330.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-30420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30420.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12028.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3000

C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
7⤵
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39953.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50342.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57005.exe
10⤵
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49538.exe
11⤵
PID:7448

C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35737.exe
12⤵
PID:10544

C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47284.exe
13⤵
PID:1712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7448 -s 216
12⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4744 -s 236
11⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:7076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 236
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24254.exe
8⤵
PID:3260

C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65173.exe
9⤵
PID:4672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 200
10⤵
PID:7812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3260 -s 216
9⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
8⤵
PID:4488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3000 -s 236
7⤵
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8582.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42428.exe
7⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34691.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6953.exe
9⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4188 -s 200
10⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58655.exe
8⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15885.exe
9⤵
PID:6732

C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64294.exe
10⤵
PID:9880

C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18836.exe
11⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9880 -s 216
11⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6732 -s 216
10⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
9⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 220
8⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8603.exe
7⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35433.exe
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20052.exe
9⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
10⤵
PID:10128

C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35940.exe
11⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10128 -s 216
11⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
10⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
9⤵
PID:8464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
8⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2304 -s 240
7⤵
- Program crash
PID:3388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 240
6⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18805.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51006.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54680.exe
7⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38391.exe
8⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53248.exe
9⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31370.exe
10⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42880.exe
11⤵
PID:8952

C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51684.exe
12⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 216
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5940 -s 216
11⤵
PID:9960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 236
10⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 236
9⤵
PID:5300

C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25598.exe
8⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34769.exe
9⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7275.exe
10⤵
PID:8364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21254.exe
11⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8364 -s 236
11⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
10⤵
PID:10448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
9⤵
PID:7600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 240
8⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14441.exe
7⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10269.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14265.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24899.exe
10⤵
PID:8532

C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14927.exe
11⤵
PID:11564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8532 -s 216
11⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
10⤵
PID:9692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 216
9⤵
PID:7356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
8⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
7⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13325.exe
6⤵
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13694.exe
7⤵
PID:3668

C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30882.exe
8⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4426.exe
9⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46362.exe
10⤵
PID:9308

C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26106.exe
11⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9308 -s 216
11⤵
PID:6540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
10⤵
PID:10616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 216
9⤵
PID:7656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3668 -s 236
8⤵
PID:5636

C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15868.exe
7⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60041.exe
8⤵
PID:6376

C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57496.exe
9⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47185.exe
10⤵
PID:12848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
10⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6376 -s 216
9⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 216
8⤵
PID:7940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
7⤵
PID:5184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 220
6⤵
- Program crash
PID:2140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 240
5⤵
- Program crash
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2456

C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12931.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1300

C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61146.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1084

C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1722.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 220
8⤵
- Program crash
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18696.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47389.exe
8⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61141.exe
9⤵
PID:3456

C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38941.exe
10⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45734.exe
11⤵
PID:7128

C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33459.exe
12⤵
PID:9712

C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2966.exe
13⤵
PID:7296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9712 -s 216
13⤵
PID:8792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7128 -s 216
12⤵
PID:1508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4900 -s 216
11⤵
PID:7524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3456 -s 216
10⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
9⤵
PID:4924

C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37191.exe
8⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60321.exe
9⤵
PID:4708

C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57083.exe
10⤵
PID:7420

C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3007.exe
11⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48187.exe
12⤵
PID:8764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7420 -s 216
11⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4708 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
9⤵
PID:6504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
8⤵
- Program crash
PID:4332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1084 -s 240
7⤵
- Program crash
PID:1372

C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16667.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1824

C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56797.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20109.exe
8⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16300.exe
9⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
10⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21391.exe
11⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8705.exe
12⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
12⤵
PID:12436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 216
10⤵
PID:7472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 236
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64493.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57711.exe
9⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6891.exe
10⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43345.exe
11⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
11⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
9⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
8⤵
PID:5752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1824 -s 236
7⤵
- Program crash
PID:2492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1300 -s 220
6⤵
- Program crash
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2386.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57036.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
8⤵
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-466322012842124.9024.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-466322012842124.9024.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-466883093625778.9952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-466883093625778.9952.exe
10⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-464955319888799.3344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-464955319888799.3344.exe
11⤵
PID:7508

C:\Users\Admin\AppData\Local\Temp\Unicorn-467286806807707.648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-467286806807707.648.exe
12⤵
PID:11476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7508 -s 216
12⤵
PID:11808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:7068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 216
9⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16771.exe
8⤵
PID:3376

C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16383.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50394.exe
10⤵
PID:6600

C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
11⤵
PID:9600

C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
12⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9600 -s 220
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6600 -s 216
11⤵
PID:10492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3376 -s 216
9⤵
PID:3540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2464 -s 220
8⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18355.exe
8⤵
PID:3848

C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64021.exe
9⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44172.exe
10⤵
PID:6848

C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39598.exe
11⤵
PID:9976

C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48000.exe
12⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9976 -s 216
12⤵
PID:13184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6848 -s 216
11⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
10⤵
PID:8352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3848 -s 216
9⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
PID:4716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
7⤵
- Program crash
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6444.exe
6⤵
- Executes dropped EXE
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36206.exe
7⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44997.exe
8⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33596.exe
9⤵
PID:4220

C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42143.exe
10⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-319.exe
11⤵
PID:9736

C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12229.exe
12⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9736 -s 216
12⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
11⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4220 -s 216
10⤵
PID:7976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
9⤵
PID:5508

C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27928.exe
8⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61639.exe
9⤵
PID:6624

C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41435.exe
10⤵
PID:9996

C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45945.exe
11⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9996 -s 216
11⤵
PID:9060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6624 -s 216
10⤵
PID:10960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 216
9⤵
PID:8488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21047.exe
7⤵
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46232.exe
8⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
9⤵
PID:6924

C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28559.exe
10⤵
PID:10244

C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57102.exe
11⤵
PID:12592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10244 -s 220
11⤵
PID:8772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6924 -s 216
10⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
9⤵
PID:4060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3800 -s 216
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 240
7⤵
- Program crash
PID:3620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 240
6⤵
- Program crash
PID:616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1768 -s 240
5⤵
- Program crash
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27876.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1480

C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57062.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32449.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1928

C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38562.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1448

C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12578.exe
8⤵
PID:3040

C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46943.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46.exe
10⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56040.exe
11⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-50288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50288.exe
12⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31171.exe
13⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 220
13⤵
PID:8716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
11⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:5988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3040 -s 236
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55666.exe
8⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43601.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7799.exe
10⤵
PID:7036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52042.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10667.exe
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
12⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7036 -s 216
11⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
9⤵
PID:6168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1448 -s 240
8⤵
- Program crash
PID:3780

C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27523.exe
7⤵
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5090.exe
9⤵
PID:4648

C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3523.exe
10⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
11⤵
PID:10136

C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13656.exe
12⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
11⤵
PID:10944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4648 -s 216
10⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 236
9⤵
PID:6432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2528 -s 216
8⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1928 -s 240
7⤵
- Program crash
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14612.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
7⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55661.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13097.exe
10⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4543.exe
11⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64990.exe
12⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
11⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3836 -s 236
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
8⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18717.exe
7⤵
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24551.exe
8⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42226.exe
9⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57963.exe
10⤵
PID:9744

C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29945.exe
11⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9744 -s 220
11⤵
PID:1428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 216
10⤵
PID:10780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 216
9⤵
PID:7192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3808 -s 236
8⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
7⤵
- Program crash
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39225.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40700.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16663.exe
7⤵
PID:1760

C:\Users\Admin\AppData\Local\Temp\Unicorn-42667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42667.exe
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37680.exe
9⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23669.exe
10⤵
PID:6472

C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59826.exe
11⤵
PID:9652

C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36926.exe
12⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9652 -s 216
12⤵
PID:7628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 216
11⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 236
10⤵
PID:7988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3680 -s 216
9⤵
PID:5460

C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30066.exe
8⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24053.exe
9⤵
PID:6712

C:\Users\Admin\AppData\Local\Temp\Unicorn-23262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23262.exe
10⤵
PID:9920

C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
11⤵
PID:13256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9920 -s 216
11⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6712 -s 216
10⤵
PID:11064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 216
9⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1760 -s 240
8⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57612.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59937.exe
8⤵
PID:4392

C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38526.exe
9⤵
PID:7136

C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16931.exe
10⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64419.exe
11⤵
PID:13064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 220
11⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7136 -s 216
10⤵
PID:10856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4392 -s 216
9⤵
PID:8456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 236
8⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 240
7⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31607.exe
6⤵
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28469.exe
7⤵
PID:4064

C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61473.exe
8⤵
PID:4972

C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
9⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10272.exe
10⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
10⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4972 -s 216
9⤵
PID:8912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4064 -s 216
8⤵
PID:6556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 236
7⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2804 -s 240
6⤵
- Program crash
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1480 -s 240
5⤵
- Program crash
PID:1424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2456 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1196

C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17016.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26336.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1992

C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7944.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26310.exe
7⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61779.exe
8⤵
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35328.exe
9⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49652.exe
10⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44826.exe
11⤵
PID:9096

C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9281.exe
12⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9096 -s 220
12⤵
PID:12496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
11⤵
PID:9752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 236
10⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2572 -s 236
9⤵
PID:5360

C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
8⤵
PID:3416

C:\Users\Admin\AppData\Local\Temp\Unicorn-20934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20934.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41754.exe
10⤵
PID:8184

C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42499.exe
11⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8184 -s 216
11⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:8264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3416 -s 216
9⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 220
8⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37829.exe
7⤵
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
8⤵
PID:3528

C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26689.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4893.exe
10⤵
PID:6988

C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60101.exe
11⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50221.exe
12⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
12⤵
PID:8780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6988 -s 216
11⤵
PID:10524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 216
9⤵
PID:5704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 216
8⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
7⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
6⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-326.exe
7⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-467751336726547.6608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-467751336726547.6608.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-467375867249557.504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-467375867249557.504.exe
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-466658298473480.192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-466658298473480.192.exe
10⤵
PID:6788

C:\Users\Admin\AppData\Local\Temp\Unicorn-467038317179830.272.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-467038317179830.272.exe
11⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-467290380220497.92.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-467290380220497.92.exe
12⤵
PID:7796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
12⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6788 -s 216
11⤵
PID:10816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
10⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22801.exe
7⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19206.exe
8⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44089.exe
9⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27538.exe
10⤵
PID:9804

C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55784.exe
11⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9804 -s 216
11⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 236
10⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4292 -s 236
9⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 236
8⤵
PID:5616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:3552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1992 -s 240
6⤵
- Program crash
PID:2628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 236
5⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6470.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:912

C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63175.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61120.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2584

C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26969.exe
7⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49081.exe
8⤵
PID:3876

C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-731.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62563.exe
10⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26962.exe
11⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8145.exe
12⤵
PID:13044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
12⤵
PID:6824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
11⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3876 -s 216
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21706.exe
8⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54587.exe
9⤵
PID:6880

C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13531.exe
10⤵
PID:10192

C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8612.exe
11⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10192 -s 220
11⤵
PID:8712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6880 -s 216
10⤵
PID:11220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4524 -s 216
9⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
8⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14825.exe
7⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24141.exe
8⤵
PID:4920

C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35724.exe
9⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52229.exe
10⤵
PID:10916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
10⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4920 -s 216
9⤵
PID:8296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
8⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2584 -s 240
7⤵
PID:4748

C:\Users\Admin\AppData\Local\Temp\Unicorn-18286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18286.exe
6⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22247.exe
7⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39626.exe
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5578.exe
9⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45820.exe
10⤵
PID:9948

C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46054.exe
11⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9948 -s 216
11⤵
PID:13124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
10⤵
PID:11080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4376 -s 216
9⤵
PID:8068

C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32012.exe
7⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1494.exe
8⤵
PID:6800

C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54564.exe
9⤵
PID:10120

C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25634.exe
10⤵
PID:12600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10120 -s 216
10⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6800 -s 216
9⤵
PID:11128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4496 -s 216
8⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 220
7⤵
PID:5872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
6⤵
- Program crash
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37170.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55557.exe
6⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42859.exe
7⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
8⤵
PID:4400

C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11603.exe
9⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46391.exe
10⤵
PID:11540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
10⤵
PID:11884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4400 -s 220
9⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
8⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 236
7⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 236
6⤵
- Program crash
PID:3844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 240
5⤵
- Program crash
PID:1400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1196 -s 240
4⤵
- Program crash
PID:1616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 240
2⤵
- Program crash
PID:2644

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-10490.exe
Filesize
184KB

MD5
eb5245445e95c737ea13cfedaca4ae11

SHA1
a474ad62a7eebe2278779f7027213d1a0031e119

SHA256
8c6cd25bfad389dfce285eab79f8e11b6a0a5fc2963171e1846feae7e5410937

SHA512
91c2bb89ef8528df755faed6159bfebd68f15021393f5682029bf3cea23136afcf440cfecaeea217001b9c40f6bcde7c765acfffec5e375315cec239660bec8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-18893.exe
Filesize
184KB

MD5
018b0bfd1422994ae6eb84be3815c636

SHA1
8c2bf8358ce7b9dcbbe5488c40fb5697326f3aba

SHA256
f40628a590045b9240038e49a6736364adeac3fa4f702a74fde8088103b18057

SHA512
050ae97f70fd771edac8e2075d7486b540fcb05671f7cde39441549fa715d534dc45467189a43bc4998c4954ef6b0324807b6348fb25a8a42900e7f21fd639c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22894.exe
Filesize
184KB

MD5
bf1305610cc771c8c2388dbfe479893b

SHA1
1b72361b75eed7070a5fc8e198b18f1f68d6010b

SHA256
f9fb8e89cdae7c22df24b5587288f35d25016c5508642d14662a748d8227cc3c

SHA512
2e1d3f9a13449426034f4eb2ef5f0e11a9885d4a56ee781f07317aa87d06cb35d9fd0495d1e50d201c56626e7dad24de0e364151cc72da61cf408d538ae95486

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36912.exe
Filesize
184KB

MD5
cc23b94b7e67c6260016c908867056f1

SHA1
9e62be00cf5f22f5752109a9d2f844117425b8c5

SHA256
02c4fe17c9efcac808e036d0dab5db50619cf6e45245b240e722b567d638ad2e

SHA512
6eb05bc543b2c2bdf1a4582c43d37358596a78de307a263020076d30616c7edbd8ea4f1ae4a136c0ba252af0b539abe37fe15c356e8af6f36175d93a80a2189e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40507.exe
Filesize
184KB

MD5
50eb374b181fa61033e0ef59d77ad8f6

SHA1
f44beb68cc49f9c188adffa9c6ff51ca8ffbf3e1

SHA256
b4b3a11cc0d13516bb201394d5dc6a02f24ab28a5cf5e7c8f76a7a797c47a371

SHA512
ce0c757c3c9a1c3229feb844735b49250ad1ef770c818a18c8e36aeb3f9ede61c3314de9aa498693bcf54fe5bc0e926eb65f51bdb48fe76e00ef3a4c44d84048

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40590.exe
Filesize
184KB

MD5
bfc6e8e0c60fa873e18876541c356fac

SHA1
90777aa954c887d8d1e833e2fbeb9799caa3bd09

SHA256
1275537af586a7f37848781ae09b6f1fc2116468ccf3c8d746912032364d84e6

SHA512
29a3af6c5760438b233b1bbd1d03135df6f5b98bccd98709c261ea9cd034091184e3e8b43bfb64571deea928677f64480472f91400c4c2d236f30c006546f6ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48982.exe
Filesize
184KB

MD5
bd4cb95e38d3fef7815a62ff3977a3f6

SHA1
df82137da68896ab23048b881877ee5ed37d418a

SHA256
df46494ea0fdc95eeeb84d0dae82380ba4f325e0a20eb98a35240e56044be0df

SHA512
6bd2e679c2987944cd0650a7d906b6e89c93f0dd762021c92036ffba9c30a7af9333d685d012da5613cb4d19b7cedbf2a3be87b5855863db733c06af574dba7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5666.exe
Filesize
184KB

MD5
9d64ee5a23c7618f25e4bc4568f7b2a0

SHA1
d1100484a0f2f7086cc4ee841b75f62a7a42b616

SHA256
f48affd06645aeac74724cf2abb750c561e84834568af474a39c955534678817

SHA512
3c55dfa50eb97b5d2518452cb4d4725631e92a419fb1719cd1c2d4fdafc99262b5279f38fada7cb6d1ee2d6cec2f2d2eaf87feb4cf3542986244fd54fb33d52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5998.exe
Filesize
184KB

MD5
2e8675b53dfe8cdc775f4415af90bbc7

SHA1
d7dd3992da25fc36d8198a30f638ffb9a29e2819

SHA256
b5c3b873cb94ad2a4bd57943fde4fb5bac0c8d75c391985ba75fbcea4b087712

SHA512
654e2c35f207b101071b0698a8a3c2e6661efe80b0407bc99b0c1e671b5601d1a7fcc212291c6309234d32c46787b97dba26ff4eb489b5b44b93c7a52af9f448

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6029.exe
Filesize
184KB

MD5
0e75a1401398d9fd8cd48b8c04c9e7c4

SHA1
01b662ccc1952735cd708c6c2e0ac8a52c72c2de

SHA256
8ef0b969af6e78a62296eaa736a251aa0d88159ab39ba17b86a998701ca48113

SHA512
5477bfba456a1db549650171819f386471c89baf578ae3487204caab6c82c2fbcffc435486cb514aef97c12a2a751460f3e8f5c8707a9ee036a37ed52c8c8b98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10772.exe
Filesize
184KB

MD5
f6c72e91491dae47bb868c3b7fb727fa

SHA1
4d013dab41fd0aa58953cc682cdba5120c966001

SHA256
aee0c5b403659d388e6df3f2bdbe1bfad215e7659bbaaf53bc98b491c935d9e1

SHA512
05d39f64c0e35806d13983a9f152c64e3529a57b6865dfeaab98707bbeb164e7250c62aa2e9be68b80c582bf0ed46118923a1cebdcdf70fbb505b62474ce7450

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
Filesize
184KB

MD5
4d9952baeb042b0d2975e9a59ec6c70b

SHA1
3ee0d1cc703c8167c153a4edb5b79c95dbabb298

SHA256
e8fffbc503c206a4cea56b851f2e1d963e0a4100cbb3a27abf515b7498bbabee

SHA512
1d36cc3ef11230de8e2c82b9724df01c210a24493bbe55d96676058c885296b328153419ba8a8a685f7b7ce4cb0930a800c529b856485562820a7791c2994769

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14171.exe
Filesize
184KB

MD5
6c766c6f8776b44b97c4a8cc9d3ff9e5

SHA1
301aa50caf9aaf7ed5abebd8afe1b5097fe0b663

SHA256
f70783fcc9466511da784a0ebc0b5d47bf4c95ad1f28d34dce4d75c01d135f16

SHA512
be0cf1e092144d33d05d86e0d2ab34173e99816f72b796bb8dddb1c2b5d08e1c0b3f3b89bfe069f8c37ba764389d99648bc65700e1f93589b4272206f6b23819

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14809.exe
Filesize
184KB

MD5
ebcab6dc6a90ee1f6afd321383819cd9

SHA1
8eea761964b007d7c39b81b56ded8f93c33ba977

SHA256
91d59b9ecbbc269ebe2269d840b9ac869421f1bc3300391bd0aa5190af06b3fa

SHA512
366773f28c130322df787c3d9215180da262f404c241c2b03acfc9196ea4b809d5b483a525bd0de8c50520b7f0d35b2969e7c245cc2101bd6467845aa84c6c35

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21105.exe
Filesize
184KB

MD5
e9ddd79f05c3e7fdcc27a11ab5f58314

SHA1
a29a6a373feb6ea523b8b92aca1bfde68c6bbce4

SHA256
c53d3bfc58bfc2a2f5cd5554b005564999dd8d1f86c26a1dc0e6ea722bf3bfc7

SHA512
f897d1d7c28e8cddfa4f8a9b43650f2658cf6ecc0769f56d1ce9e9ee0865fe3bbea2551555de0b67f9c47566655d535bd1240b214d493b61b281e60c9e155ae5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25272.exe
Filesize
184KB

MD5
b725444c56e3a7c9f11acf2fdd173f07

SHA1
447f39513c6d9e7114352e7020597196c7d42533

SHA256
014575c91bc0f0be09b5e4c49bcc73bc571ae3b830ac4ada38e5266a967dd50c

SHA512
5e43a1a19e13a9a264735f1e68884018732d6438398603d2d108fec515320b8630cf72a46b82ab21d3c356c63bbce7f9dd6290bca20a07be959b429d95f0ddb8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-26554.exe
Filesize
184KB

MD5
db89e399fda64b244ebe067d12339ef3

SHA1
d88c57780004f4adf4e91d2d491978657309854d

SHA256
ba41a4e6189431de4e9f0371044f4e0ba8ee0b749325df511757090eae576292

SHA512
e935650cdc29d5c4437a76ec637e2ca5536ea2cf44f1a65adde50fdbfcb4ceb91c44f64b42d5b60e7171552f08c9576c8d7be788b02ca3019816be110115bd7c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-34675.exe
Filesize
184KB

MD5
962177d84db2d20d8b98f056dfec3eaf

SHA1
37d3d242759f8016bbc6e67b2a8be46ed291fac1

SHA256
7e18de41e5123dc55bdb594e6fbc940d417fd41aef64d5cc37491137aadc5ae7

SHA512
a117cb3bd4dbd3597def7da683a8eba433c0bd0dbd3c9a44ef10df2b950e1772f5dd064ac238f5319a3938a9bcf3b2f9e0bbe74adb33dfb483ccd95ae09710c4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42843.exe
Filesize
184KB

MD5
bd2abc1a42ea61c76122172aba805616

SHA1
1e7f887a4a58488cf797757448a49b05f0289026

SHA256
af6cc7856bb465b1b8918dce154a3425253daa7ec02406e5569d14fb9af6894b

SHA512
d56179fd8808381890175ff730cd046b8a16be89ca6fab0944a5de75f5bdb36b785fe1e57e603938d03af762b030a98be4f554b73a23e951dddce436fd813aa6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5406.exe
Filesize
184KB

MD5
872251327d79a91b9091f374df6aed62

SHA1
91b5174483a4f978209cf2960d47b7f59a5fee92

SHA256
1919477e172fc9592b5d7c27be8783ddc5dff61b385a9a0430e02ad585aad7cc

SHA512
df5f4798e2177916e6e052ce0dcc4ade8172470ed54d68e388c6c2030ccdb21b84cb188ba7f2f04e0b5727b858492a0ddba6abe227fea4799a96300b6ed19b9d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-61364.exe
Filesize
184KB

MD5
2920c42772ad75ca6dc47b76eda347a4

SHA1
ec78933597ff9d2a1a0fe17d1b0b62a8d456d384

SHA256
cf1b404bc007a772eebebbdfbb45de2d46005cf03cb86b2290e12ea96fd823e5

SHA512
569634685ae55ca04794d98a2d7c1cf213e9628b8976f6d5ee10792afae3c5be645af94a04751e886dd8528e4880a1db67d970d2ba2a26831ea5b3e5c3917d4c

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads