3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb

Analysis

max time kernel
150s
max time network
118s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
22-05-2024 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
Size

184KB
MD5

4fe02f0beb0c80a9168004efeb5929ac
SHA1

972c4b63ec9616ce497f96169b073f8a3228ad60
SHA256

3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb
SHA512

7fa66283c8b9248894bd0f9f81156132dabd2fe1ec5009a7a22f5d0879e35f2c536384ccb90cc497d1b44da82feed9e3d93d0036c00b2c6870e617f768f845d4
SSDEEP

1536:/2bZ6jZ533b8otx1Q4hclawMlT9yvZc8Gmddj+LR2VTetnhl5hj5nizpvu:e4H3b8oTK4hndlRWeo+LRqsnhlnViFW

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-55397.exeUnicorn-49450.exeUnicorn-64395.exeUnicorn-29990.exeUnicorn-58256.exeUnicorn-47120.exeUnicorn-9616.exeUnicorn-55288.exeUnicorn-13700.exeUnicorn-28174.exeUnicorn-49341.exeUnicorn-3669.exeUnicorn-11837.exeUnicorn-26782.exeUnicorn-46648.exeUnicorn-19020.exeUnicorn-7322.exeUnicorn-2683.exeUnicorn-21712.exeUnicorn-41578.exeUnicorn-10851.exeUnicorn-25796.exeUnicorn-45662.exeUnicorn-60607.exeUnicorn-14935.exeUnicorn-41661.exeUnicorn-21795.exeUnicorn-15018.exeUnicorn-25325.exeUnicorn-5459.exeUnicorn-5480.exeUnicorn-17733.exeUnicorn-5.exeUnicorn-28039.exeUnicorn-42983.exeUnicorn-62849.exeUnicorn-32123.exeUnicorn-1396.exeUnicorn-47068.exeUnicorn-49014.exeUnicorn-1396.exeUnicorn-4987.exeUnicorn-50659.exeUnicorn-9071.exeUnicorn-13155.exeUnicorn-58827.exeUnicorn-24038.exeUnicorn-24038.exeUnicorn-38982.exeUnicorn-32206.exeUnicorn-47151.exeUnicorn-46596.exeUnicorn-15870.exeUnicorn-61541.exeUnicorn-25984.exeUnicorn-49097.exeUnicorn-5563.exeUnicorn-52626.exeUnicorn-54572.exeUnicorn-3980.exeUnicorn-38790.exeUnicorn-58656.exeUnicorn-27930.exeUnicorn-42874.exe

pid	process
2160	Unicorn-55397.exe
2176	Unicorn-49450.exe
2640	Unicorn-64395.exe
2760	Unicorn-29990.exe
2808	Unicorn-58256.exe
2276	Unicorn-47120.exe
2852	Unicorn-9616.exe
2968	Unicorn-55288.exe
2656	Unicorn-13700.exe
616	Unicorn-28174.exe
2340	Unicorn-49341.exe
852	Unicorn-3669.exe
1660	Unicorn-11837.exe
2920	Unicorn-26782.exe
1544	Unicorn-46648.exe
308	Unicorn-19020.exe
2152	Unicorn-7322.exe
1528	Unicorn-2683.exe
2412	Unicorn-21712.exe
444	Unicorn-41578.exe
1808	Unicorn-10851.exe
1796	Unicorn-25796.exe
1576	Unicorn-45662.exe
608	Unicorn-60607.exe
1044	Unicorn-14935.exe
1004	Unicorn-41661.exe
1524	Unicorn-21795.exe
1316	Unicorn-15018.exe
2088	Unicorn-25325.exe
1596	Unicorn-5459.exe
1068	Unicorn-5480.exe
2596	Unicorn-17733.exe
2632	Unicorn-5.exe
2272	Unicorn-28039.exe
2616	Unicorn-42983.exe
2452	Unicorn-62849.exe
2588	Unicorn-32123.exe
2140	Unicorn-1396.exe
544	Unicorn-47068.exe
2336	Unicorn-49014.exe
2684	Unicorn-1396.exe
1540	Unicorn-4987.exe
1008	Unicorn-50659.exe
2768	Unicorn-9071.exe
1600	Unicorn-13155.exe
2408	Unicorn-58827.exe
2116	Unicorn-24038.exe
2916	Unicorn-24038.exe
2432	Unicorn-38982.exe
1032	Unicorn-32206.exe
652	Unicorn-47151.exe
1144	Unicorn-46596.exe
2396	Unicorn-15870.exe
1552	Unicorn-61541.exe
1000	Unicorn-25984.exe
3060	Unicorn-49097.exe
928	Unicorn-5563.exe
892	Unicorn-52626.exe
2376	Unicorn-54572.exe
1612	Unicorn-3980.exe
2796	Unicorn-38790.exe
1764	Unicorn-58656.exe
2032	Unicorn-27930.exe
2608	Unicorn-42874.exe

Loads dropped DLL 64 IoCs

Processes:

3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exeUnicorn-55397.exeUnicorn-49450.exeWerFault.exeUnicorn-64395.exeUnicorn-29990.exeUnicorn-58256.exeWerFault.exeWerFault.exeUnicorn-47120.exeUnicorn-9616.exeUnicorn-13700.exeUnicorn-55288.exeWerFault.exeWerFault.exeUnicorn-28174.exeUnicorn-49341.exeUnicorn-3669.exe

pid	process
2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
2160	Unicorn-55397.exe
2160	Unicorn-55397.exe
2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
2176	Unicorn-49450.exe
2160	Unicorn-55397.exe
2176	Unicorn-49450.exe
2160	Unicorn-55397.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2524	WerFault.exe
2640	Unicorn-64395.exe
2640	Unicorn-64395.exe
2760	Unicorn-29990.exe
2760	Unicorn-29990.exe
2176	Unicorn-49450.exe
2176	Unicorn-49450.exe
2808	Unicorn-58256.exe
2808	Unicorn-58256.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2036	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2664	WerFault.exe
2036	WerFault.exe
2664	WerFault.exe
2276	Unicorn-47120.exe
2276	Unicorn-47120.exe
2760	Unicorn-29990.exe
2760	Unicorn-29990.exe
2852	Unicorn-9616.exe
2852	Unicorn-9616.exe
2656	Unicorn-13700.exe
2656	Unicorn-13700.exe
2808	Unicorn-58256.exe
2808	Unicorn-58256.exe
2968	Unicorn-55288.exe
2968	Unicorn-55288.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
596	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
560	WerFault.exe
616	Unicorn-28174.exe
616	Unicorn-28174.exe
2276	Unicorn-47120.exe
2276	Unicorn-47120.exe
2340	Unicorn-49341.exe
2340	Unicorn-49341.exe
2852	Unicorn-9616.exe
852	Unicorn-3669.exe
2852	Unicorn-9616.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2744	2084	WerFault.exe	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
2524	2160	WerFault.exe	Unicorn-55397.exe
2664	2640	WerFault.exe	Unicorn-64395.exe
2036	2176	WerFault.exe	Unicorn-49450.exe
596	2760	WerFault.exe	Unicorn-29990.exe
560	2808	WerFault.exe	Unicorn-58256.exe
1800	2276	WerFault.exe	Unicorn-47120.exe
2252	2852	WerFault.exe	Unicorn-9616.exe
2120	2656	WerFault.exe	Unicorn-13700.exe
1812	2968	WerFault.exe	Unicorn-55288.exe
764	616	WerFault.exe	Unicorn-28174.exe
2992	2340	WerFault.exe	Unicorn-49341.exe
2508	852	WerFault.exe	Unicorn-3669.exe
2848	1660	WerFault.exe	Unicorn-11837.exe
1648	1544	WerFault.exe	Unicorn-46648.exe
1412	2920	WerFault.exe	Unicorn-26782.exe
2464	308	WerFault.exe	Unicorn-19020.exe
3052	2152	WerFault.exe	Unicorn-7322.exe
2964	1528	WerFault.exe	Unicorn-2683.exe
2028	2412	WerFault.exe	Unicorn-21712.exe
1444	444	WerFault.exe	Unicorn-41578.exe
2660	1808	WerFault.exe	Unicorn-10851.exe
2544	1796	WerFault.exe	Unicorn-25796.exe
1700	1576	WerFault.exe	Unicorn-45662.exe
2904	1044	WerFault.exe	Unicorn-14935.exe
628	608	WerFault.exe	Unicorn-60607.exe
2568	1004	WerFault.exe	Unicorn-41661.exe
2860	1524	WerFault.exe	Unicorn-21795.exe
1340	1316	WerFault.exe	Unicorn-15018.exe
2104	2088	WerFault.exe	Unicorn-25325.exe
1096	1596	WerFault.exe	Unicorn-5459.exe
1620	1068	WerFault.exe	Unicorn-5480.exe
2668	2596	WerFault.exe	Unicorn-17733.exe
1984	2632	WerFault.exe	Unicorn-5.exe
2012	2272	WerFault.exe	Unicorn-28039.exe
2876	2616	WerFault.exe	Unicorn-42983.exe
2208	2452	WerFault.exe	Unicorn-62849.exe
2724	2336	WerFault.exe	Unicorn-49014.exe
2476	2588	WerFault.exe	Unicorn-32123.exe
3096	544	WerFault.exe	Unicorn-47068.exe
3112	2140	WerFault.exe	Unicorn-1396.exe
3144	2684	WerFault.exe	Unicorn-1396.exe
3964	1540	WerFault.exe	Unicorn-4987.exe
3572	1008	WerFault.exe	Unicorn-50659.exe
3596	2768	WerFault.exe	Unicorn-9071.exe
3632	2916	WerFault.exe	Unicorn-24038.exe
3644	1600	WerFault.exe	Unicorn-13155.exe
3808	1612	WerFault.exe	Unicorn-3980.exe
3844	928	WerFault.exe	Unicorn-5563.exe
3904	2556	WerFault.exe	Unicorn-62740.exe
3872	2116	WerFault.exe	Unicorn-24038.exe
3972	1580	WerFault.exe	Unicorn-42874.exe
3936	3060	WerFault.exe	Unicorn-49097.exe
4244	2396	WerFault.exe	Unicorn-15870.exe
4276	2032	WerFault.exe	Unicorn-27930.exe
4312	1764	WerFault.exe	Unicorn-58656.exe
4300	1552	WerFault.exe	Unicorn-61541.exe
4384	2796	WerFault.exe	Unicorn-38790.exe
4520	1032	WerFault.exe	Unicorn-32206.exe
4540	892	WerFault.exe	Unicorn-52626.exe
4636	1144	WerFault.exe	Unicorn-46596.exe
4696	2712	WerFault.exe	Unicorn-47582.exe
4704	1000	WerFault.exe	Unicorn-25984.exe
4744	968	WerFault.exe	Unicorn-59279.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exeUnicorn-55397.exeUnicorn-49450.exeUnicorn-64395.exeUnicorn-29990.exeUnicorn-58256.exeUnicorn-47120.exeUnicorn-9616.exeUnicorn-55288.exeUnicorn-13700.exeUnicorn-28174.exeUnicorn-49341.exeUnicorn-3669.exeUnicorn-11837.exeUnicorn-46648.exeUnicorn-26782.exeUnicorn-19020.exeUnicorn-7322.exeUnicorn-2683.exeUnicorn-21712.exeUnicorn-41578.exeUnicorn-10851.exeUnicorn-25796.exeUnicorn-60607.exeUnicorn-45662.exeUnicorn-14935.exeUnicorn-41661.exeUnicorn-21795.exeUnicorn-15018.exeUnicorn-25325.exeUnicorn-5459.exeUnicorn-5480.exeUnicorn-17733.exeUnicorn-5.exeUnicorn-28039.exeUnicorn-42983.exeUnicorn-62849.exeUnicorn-32123.exeUnicorn-49014.exeUnicorn-1396.exeUnicorn-1396.exeUnicorn-47068.exeUnicorn-4987.exeUnicorn-50659.exeUnicorn-9071.exeUnicorn-13155.exeUnicorn-58827.exeUnicorn-24038.exeUnicorn-24038.exeUnicorn-38982.exeUnicorn-32206.exeUnicorn-47151.exeUnicorn-46596.exeUnicorn-15870.exeUnicorn-61541.exeUnicorn-25984.exeUnicorn-49097.exeUnicorn-5563.exeUnicorn-52626.exeUnicorn-54572.exeUnicorn-3980.exeUnicorn-38790.exeUnicorn-58656.exeUnicorn-27930.exe

pid	process
2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
2160	Unicorn-55397.exe
2176	Unicorn-49450.exe
2640	Unicorn-64395.exe
2760	Unicorn-29990.exe
2808	Unicorn-58256.exe
2276	Unicorn-47120.exe
2852	Unicorn-9616.exe
2968	Unicorn-55288.exe
2656	Unicorn-13700.exe
616	Unicorn-28174.exe
2340	Unicorn-49341.exe
852	Unicorn-3669.exe
1660	Unicorn-11837.exe
1544	Unicorn-46648.exe
2920	Unicorn-26782.exe
308	Unicorn-19020.exe
2152	Unicorn-7322.exe
1528	Unicorn-2683.exe
2412	Unicorn-21712.exe
444	Unicorn-41578.exe
1808	Unicorn-10851.exe
1796	Unicorn-25796.exe
608	Unicorn-60607.exe
1576	Unicorn-45662.exe
1044	Unicorn-14935.exe
1004	Unicorn-41661.exe
1524	Unicorn-21795.exe
1316	Unicorn-15018.exe
2088	Unicorn-25325.exe
1596	Unicorn-5459.exe
1068	Unicorn-5480.exe
2596	Unicorn-17733.exe
2632	Unicorn-5.exe
2272	Unicorn-28039.exe
2616	Unicorn-42983.exe
2452	Unicorn-62849.exe
2588	Unicorn-32123.exe
2336	Unicorn-49014.exe
2140	Unicorn-1396.exe
2684	Unicorn-1396.exe
544	Unicorn-47068.exe
1540	Unicorn-4987.exe
1008	Unicorn-50659.exe
2768	Unicorn-9071.exe
1600	Unicorn-13155.exe
2408	Unicorn-58827.exe
2916	Unicorn-24038.exe
2116	Unicorn-24038.exe
2432	Unicorn-38982.exe
1032	Unicorn-32206.exe
652	Unicorn-47151.exe
1144	Unicorn-46596.exe
2396	Unicorn-15870.exe
1552	Unicorn-61541.exe
1000	Unicorn-25984.exe
3060	Unicorn-49097.exe
928	Unicorn-5563.exe
892	Unicorn-52626.exe
2376	Unicorn-54572.exe
1612	Unicorn-3980.exe
2796	Unicorn-38790.exe
1764	Unicorn-58656.exe
2032	Unicorn-27930.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exeUnicorn-55397.exeUnicorn-49450.exeUnicorn-64395.exeUnicorn-29990.exeUnicorn-58256.exeUnicorn-47120.exeUnicorn-9616.exe

description	pid	process	target process
PID 2084 wrote to memory of 2160	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-55397.exe
PID 2084 wrote to memory of 2160	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-55397.exe
PID 2084 wrote to memory of 2160	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-55397.exe
PID 2084 wrote to memory of 2160	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-55397.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-55397.exe	Unicorn-49450.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-55397.exe	Unicorn-49450.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-55397.exe	Unicorn-49450.exe
PID 2160 wrote to memory of 2176	2160	Unicorn-55397.exe	Unicorn-49450.exe
PID 2084 wrote to memory of 2640	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-64395.exe
PID 2084 wrote to memory of 2640	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-64395.exe
PID 2084 wrote to memory of 2640	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-64395.exe
PID 2084 wrote to memory of 2640	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	Unicorn-64395.exe
PID 2084 wrote to memory of 2744	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	WerFault.exe
PID 2084 wrote to memory of 2744	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	WerFault.exe
PID 2084 wrote to memory of 2744	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	WerFault.exe
PID 2084 wrote to memory of 2744	2084	3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe	WerFault.exe
PID 2176 wrote to memory of 2760	2176	Unicorn-49450.exe	Unicorn-29990.exe
PID 2176 wrote to memory of 2760	2176	Unicorn-49450.exe	Unicorn-29990.exe
PID 2176 wrote to memory of 2760	2176	Unicorn-49450.exe	Unicorn-29990.exe
PID 2176 wrote to memory of 2760	2176	Unicorn-49450.exe	Unicorn-29990.exe
PID 2160 wrote to memory of 2808	2160	Unicorn-55397.exe	Unicorn-58256.exe
PID 2160 wrote to memory of 2808	2160	Unicorn-55397.exe	Unicorn-58256.exe
PID 2160 wrote to memory of 2808	2160	Unicorn-55397.exe	Unicorn-58256.exe
PID 2160 wrote to memory of 2808	2160	Unicorn-55397.exe	Unicorn-58256.exe
PID 2160 wrote to memory of 2524	2160	Unicorn-55397.exe	WerFault.exe
PID 2160 wrote to memory of 2524	2160	Unicorn-55397.exe	WerFault.exe
PID 2160 wrote to memory of 2524	2160	Unicorn-55397.exe	WerFault.exe
PID 2160 wrote to memory of 2524	2160	Unicorn-55397.exe	WerFault.exe
PID 2640 wrote to memory of 2276	2640	Unicorn-64395.exe	Unicorn-47120.exe
PID 2640 wrote to memory of 2276	2640	Unicorn-64395.exe	Unicorn-47120.exe
PID 2640 wrote to memory of 2276	2640	Unicorn-64395.exe	Unicorn-47120.exe
PID 2640 wrote to memory of 2276	2640	Unicorn-64395.exe	Unicorn-47120.exe
PID 2760 wrote to memory of 2852	2760	Unicorn-29990.exe	Unicorn-9616.exe
PID 2760 wrote to memory of 2852	2760	Unicorn-29990.exe	Unicorn-9616.exe
PID 2760 wrote to memory of 2852	2760	Unicorn-29990.exe	Unicorn-9616.exe
PID 2760 wrote to memory of 2852	2760	Unicorn-29990.exe	Unicorn-9616.exe
PID 2176 wrote to memory of 2968	2176	Unicorn-49450.exe	Unicorn-55288.exe
PID 2176 wrote to memory of 2968	2176	Unicorn-49450.exe	Unicorn-55288.exe
PID 2176 wrote to memory of 2968	2176	Unicorn-49450.exe	Unicorn-55288.exe
PID 2176 wrote to memory of 2968	2176	Unicorn-49450.exe	Unicorn-55288.exe
PID 2808 wrote to memory of 2656	2808	Unicorn-58256.exe	Unicorn-13700.exe
PID 2808 wrote to memory of 2656	2808	Unicorn-58256.exe	Unicorn-13700.exe
PID 2808 wrote to memory of 2656	2808	Unicorn-58256.exe	Unicorn-13700.exe
PID 2808 wrote to memory of 2656	2808	Unicorn-58256.exe	Unicorn-13700.exe
PID 2176 wrote to memory of 2036	2176	Unicorn-49450.exe	WerFault.exe
PID 2176 wrote to memory of 2036	2176	Unicorn-49450.exe	WerFault.exe
PID 2176 wrote to memory of 2036	2176	Unicorn-49450.exe	WerFault.exe
PID 2176 wrote to memory of 2036	2176	Unicorn-49450.exe	WerFault.exe
PID 2640 wrote to memory of 2664	2640	Unicorn-64395.exe	WerFault.exe
PID 2640 wrote to memory of 2664	2640	Unicorn-64395.exe	WerFault.exe
PID 2640 wrote to memory of 2664	2640	Unicorn-64395.exe	WerFault.exe
PID 2640 wrote to memory of 2664	2640	Unicorn-64395.exe	WerFault.exe
PID 2276 wrote to memory of 616	2276	Unicorn-47120.exe	Unicorn-28174.exe
PID 2276 wrote to memory of 616	2276	Unicorn-47120.exe	Unicorn-28174.exe
PID 2276 wrote to memory of 616	2276	Unicorn-47120.exe	Unicorn-28174.exe
PID 2276 wrote to memory of 616	2276	Unicorn-47120.exe	Unicorn-28174.exe
PID 2760 wrote to memory of 2340	2760	Unicorn-29990.exe	Unicorn-49341.exe
PID 2760 wrote to memory of 2340	2760	Unicorn-29990.exe	Unicorn-49341.exe
PID 2760 wrote to memory of 2340	2760	Unicorn-29990.exe	Unicorn-49341.exe
PID 2760 wrote to memory of 2340	2760	Unicorn-29990.exe	Unicorn-49341.exe
PID 2852 wrote to memory of 852	2852	Unicorn-9616.exe	Unicorn-3669.exe
PID 2852 wrote to memory of 852	2852	Unicorn-9616.exe	Unicorn-3669.exe
PID 2852 wrote to memory of 852	2852	Unicorn-9616.exe	Unicorn-3669.exe
PID 2852 wrote to memory of 852	2852	Unicorn-9616.exe	Unicorn-3669.exe

C:\Users\Admin\AppData\Local\Temp\3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe
"C:\Users\Admin\AppData\Local\Temp\3bf009e8bbc9a85809143a0a0669d70f427b24d2d073524689e159e344f595eb.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2084

C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2160

C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2176

C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:852

C:\Users\Admin\AppData\Local\Temp\Unicorn-41578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41578.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17733.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57333.exe
10⤵
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32035.exe
11⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
12⤵
PID:5028

C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-203.exe
13⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37282.exe
14⤵
PID:11824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 236
14⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5028 -s 216
13⤵
PID:10076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
12⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
11⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20337.exe
10⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
11⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35014.exe
12⤵
PID:8896

C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
13⤵
PID:11716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8896 -s 236
13⤵
PID:12656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5080 -s 216
12⤵
PID:10092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 236
11⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1144 -s 240
10⤵
- Program crash
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30176.exe
9⤵
PID:908

C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3254.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
11⤵
PID:5512

C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18194.exe
11⤵
PID:5596

C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
12⤵
PID:8276

C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31068.exe
13⤵
PID:13268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8276 -s 216
13⤵
PID:14108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5596 -s 216
12⤵
PID:10784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 240
11⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 908 -s 236
10⤵
PID:4128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2596 -s 240
9⤵
- Program crash
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61541.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
9⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27951.exe
10⤵
PID:4004

C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14494.exe
11⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4204.exe
12⤵
PID:8256

C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2964.exe
13⤵
PID:12136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8256 -s 236
13⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5084 -s 236
12⤵
PID:9436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4004 -s 236
11⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 236
10⤵
PID:4752

C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51064.exe
9⤵
PID:3208

C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42414.exe
11⤵
PID:8404

C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
12⤵
PID:12240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8404 -s 236
12⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:9676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3208 -s 236
10⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1552 -s 220
9⤵
- Program crash
PID:4300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 444 -s 240
8⤵
- Program crash
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15870.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13285.exe
9⤵
PID:3036

C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60815.exe
10⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1583.exe
11⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3908.exe
12⤵
PID:6540

C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61651.exe
13⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38442.exe
14⤵
PID:13096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 216
14⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6540 -s 216
13⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
12⤵
PID:7712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 236
11⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20612.exe
10⤵
PID:3716

C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7416.exe
11⤵
PID:6508

C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33748.exe
12⤵
PID:10208

C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56065.exe
13⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10208 -s 236
13⤵
PID:13904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6508 -s 216
12⤵
PID:11416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3716 -s 216
11⤵
PID:7668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 240
10⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18391.exe
9⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19949.exe
10⤵
PID:5008

C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38631.exe
11⤵
PID:6208

C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27085.exe
12⤵
PID:12056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6208 -s 216
12⤵
PID:12792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5008 -s 216
11⤵
PID:8948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 236
10⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 220
9⤵
- Program crash
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53804.exe
8⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7530.exe
9⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45330.exe
10⤵
PID:4404

C:\Users\Admin\AppData\Local\Temp\Unicorn-50644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50644.exe
11⤵
PID:7540

C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47038.exe
12⤵
PID:11808

C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15105.exe
13⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7540 -s 216
12⤵
PID:11592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4404 -s 216
11⤵
PID:8760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 236
10⤵
PID:6348

C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4852.exe
9⤵
PID:4444

C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-867.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12227.exe
11⤵
PID:11780

C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10367.exe
12⤵
PID:13956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11780 -s 216
12⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
11⤵
PID:11964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4444 -s 216
10⤵
PID:8720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
9⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 240
8⤵
- Program crash
PID:1984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 852 -s 240
7⤵
- Program crash
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21712.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1068

C:\Users\Admin\AppData\Local\Temp\Unicorn-32206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32206.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1032

C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38859.exe
9⤵
PID:2448

C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39134.exe
10⤵
PID:4024

C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7442.exe
11⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9331.exe
12⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3239.exe
13⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 216
13⤵
PID:13036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 236
12⤵
PID:9764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4024 -s 216
11⤵
PID:6292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2448 -s 236
10⤵
PID:4124

C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30150.exe
9⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43275.exe
10⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
11⤵
PID:8824

C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60416.exe
12⤵
PID:11956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8824 -s 216
12⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4452 -s 216
11⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
10⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1032 -s 220
9⤵
- Program crash
PID:4520

C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25215.exe
8⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44287.exe
9⤵
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25725.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
11⤵
PID:8460

C:\Users\Admin\AppData\Local\Temp\Unicorn-19384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19384.exe
12⤵
PID:12232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8460 -s 216
12⤵
PID:13040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:10204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3568 -s 216
10⤵
PID:6880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 216
9⤵
PID:4220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1068 -s 240
8⤵
- Program crash
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47151.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61417.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23867.exe
9⤵
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28501.exe
10⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41044.exe
11⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23961.exe
12⤵
PID:12248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 216
12⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4476 -s 216
11⤵
PID:9712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3496 -s 236
10⤵
PID:6748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
9⤵
PID:4900

C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10031.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56394.exe
10⤵
PID:8468

C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
11⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8468 -s 216
11⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 236
10⤵
PID:10112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 240
8⤵
PID:4632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2412 -s 240
7⤵
- Program crash
PID:2028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 240
6⤵
- Program crash
PID:2252

C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2683.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1528

C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25325.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17370.exe
9⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34173.exe
10⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48454.exe
11⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28989.exe
12⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61132.exe
13⤵
PID:10260

C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21442.exe
14⤵
PID:14184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10260 -s 216
14⤵
PID:14208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 236
13⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4100 -s 236
12⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
11⤵
PID:6036

C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32672.exe
10⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10706.exe
11⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20292.exe
12⤵
PID:11224

C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40170.exe
13⤵
PID:13880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11224 -s 236
13⤵
PID:14160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
12⤵
PID:11844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 216
11⤵
PID:8308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 240
10⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24613.exe
9⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8573.exe
10⤵
PID:4352

C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43571.exe
11⤵
PID:7060

C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36820.exe
12⤵
PID:11080

C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7051.exe
13⤵
PID:14224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11080 -s 216
13⤵
PID:13328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7060 -s 216
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4352 -s 236
11⤵
PID:8280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
10⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
9⤵
- Program crash
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42620.exe
8⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
9⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20629.exe
10⤵
PID:6676

C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24293.exe
11⤵
PID:10640

C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21696.exe
12⤵
PID:13852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10640 -s 216
12⤵
PID:14144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6676 -s 216
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 216
10⤵
PID:8200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 216
9⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 240
8⤵
- Program crash
PID:2104

C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38982.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1033.exe
8⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55470.exe
9⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52175.exe
10⤵
PID:5712

C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54256.exe
11⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44464.exe
12⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 216
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5712 -s 216
11⤵
PID:10232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 216
10⤵
PID:7172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
9⤵
PID:5048

C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59232.exe
8⤵
PID:3852

C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14925.exe
9⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41511.exe
10⤵
PID:8888

C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31335.exe
11⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8888 -s 220
11⤵
PID:13360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 236
10⤵
PID:9988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3852 -s 216
9⤵
PID:7252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1528 -s 240
7⤵
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5459.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24038.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57634.exe
8⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16877.exe
9⤵
PID:3332

C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46700.exe
10⤵
PID:3484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17640.exe
11⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
12⤵
PID:9260

C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57710.exe
13⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9260 -s 216
13⤵
PID:14040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 216
12⤵
PID:10844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3484 -s 216
11⤵
PID:7588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3332 -s 236
10⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
9⤵
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60618.exe
10⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20297.exe
11⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51488.exe
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 216
12⤵
PID:14096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
11⤵
PID:10792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3760 -s 216
10⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 240
9⤵
PID:5880

C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31821.exe
8⤵
PID:3360

C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
9⤵
PID:3960

C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7717.exe
10⤵
PID:5912

C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
11⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
12⤵
PID:5476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 216
12⤵
PID:14308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5912 -s 216
11⤵
PID:10872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3960 -s 216
10⤵
PID:7936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3360 -s 236
9⤵
PID:5516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
8⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9180.exe
7⤵
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27759.exe
8⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20058.exe
9⤵
PID:4088

C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-680.exe
10⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45704.exe
11⤵
PID:9108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32212.exe
12⤵
PID:11504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9108 -s 220
12⤵
PID:12836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
11⤵
PID:9496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4088 -s 216
10⤵
PID:6896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 236
9⤵
PID:4212

C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35002.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-535.exe
9⤵
PID:6120

C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27313.exe
10⤵
PID:8512

C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48499.exe
11⤵
PID:12432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8512 -s 220
11⤵
PID:13664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6120 -s 216
10⤵
PID:10404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
9⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 220
8⤵
PID:5144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
7⤵
- Program crash
PID:1096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
6⤵
- Program crash
PID:2992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2760 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:596

C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46648.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45662.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32123.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54572.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2376

C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
9⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15205.exe
10⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
11⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50447.exe
12⤵
PID:8700

C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8700 -s 236
13⤵
PID:13720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
12⤵
PID:10472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
11⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
10⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
9⤵
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15418.exe
10⤵
PID:5684

C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58340.exe
11⤵
PID:8572

C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52440.exe
12⤵
PID:12228

C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
13⤵
PID:8604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8572 -s 220
12⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5684 -s 216
11⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3524 -s 216
10⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2376 -s 220
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31245.exe
8⤵
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-239.exe
9⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62133.exe
10⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64178.exe
11⤵
PID:9164

C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
12⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9164 -s 216
12⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
11⤵
PID:9284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
10⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 236
9⤵
PID:5052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 220
8⤵
- Program crash
PID:2476

C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38790.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51111.exe
8⤵
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15699.exe
9⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14686.exe
10⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37152.exe
11⤵
PID:8812

C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-909.exe
12⤵
PID:12148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8812 -s 216
12⤵
PID:13172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4284 -s 216
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 236
10⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1740 -s 236
9⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
8⤵
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6518.exe
9⤵
PID:4952

C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49020.exe
10⤵
PID:8620

C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2663.exe
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8620 -s 216
11⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4952 -s 216
10⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 236
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
8⤵
- Program crash
PID:4384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 240
7⤵
- Program crash
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47068.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:544

C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58656.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59279.exe
8⤵
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56731.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44837.exe
10⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-56804.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56804.exe
11⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-333.exe
12⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 216
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
11⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 216
9⤵
- Program crash
PID:4744

C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16253.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51059.exe
9⤵
PID:4416

C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18246.exe
10⤵
PID:9208

C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58854.exe
11⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9208 -s 220
11⤵
PID:12780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4416 -s 216
10⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
9⤵
PID:6700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 240
8⤵
- Program crash
PID:4312

C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
7⤵
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11614.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55527.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8371.exe
10⤵
PID:8924

C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39612.exe
11⤵
PID:11652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8924 -s 216
11⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:10084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 236
9⤵
PID:7148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2484 -s 216
8⤵
PID:4828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 544 -s 240
7⤵
- Program crash
PID:3096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
6⤵
- Program crash
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60607.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62740.exe
7⤵
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
8⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19783.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
10⤵
PID:5104

C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61656.exe
11⤵
PID:9008

C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21330.exe
12⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9008 -s 220
12⤵
PID:12860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5104 -s 216
11⤵
PID:10180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 236
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
9⤵
PID:4860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2556 -s 236
8⤵
- Program crash
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51666.exe
7⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45117.exe
8⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42995.exe
9⤵
PID:6884

C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15439.exe
10⤵
PID:10832

C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29226.exe
11⤵
PID:14064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10832 -s 216
11⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6884 -s 216
10⤵
PID:11708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
9⤵
PID:8224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2752 -s 236
8⤵
PID:5768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
7⤵
- Program crash
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
6⤵
- Executes dropped EXE
PID:2608

C:\Users\Admin\AppData\Local\Temp\Unicorn-5994.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5994.exe
7⤵
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29897.exe
8⤵
PID:3600

C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12740.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34822.exe
10⤵
PID:8544

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
11⤵
PID:11288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8544 -s 236
11⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
10⤵
PID:9832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3600 -s 236
9⤵
PID:6784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 236
8⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14115.exe
7⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35839.exe
8⤵
PID:5800

C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51817.exe
9⤵
PID:8628

C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35047.exe
10⤵
PID:12316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8628 -s 220
10⤵
PID:13696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5800 -s 236
9⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
8⤵
PID:7180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 240
7⤵
PID:4372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 220
6⤵
- Program crash
PID:628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
5⤵
- Program crash
PID:1812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2176 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2036

C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10851.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1808

C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28039.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25984.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1000

C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12216.exe
9⤵
PID:1308

C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
10⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6622.exe
11⤵
PID:7164

C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65408.exe
12⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13273.exe
13⤵
PID:14148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11168 -s 216
13⤵
PID:14264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7164 -s 216
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
11⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1308 -s 216
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
9⤵
PID:3520

C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15262.exe
10⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53488.exe
11⤵
PID:8980

C:\Users\Admin\AppData\Local\Temp\Unicorn-64500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64500.exe
12⤵
PID:11988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8980 -s 216
12⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4552 -s 216
11⤵
PID:10172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3520 -s 236
10⤵
PID:6412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1000 -s 240
9⤵
- Program crash
PID:4704

C:\Users\Admin\AppData\Local\Temp\Unicorn-519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-519.exe
8⤵
PID:1652

C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4323.exe
9⤵
PID:3980

C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47598.exe
10⤵
PID:6052

C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
11⤵
PID:9148

C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48307.exe
12⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9148 -s 220
12⤵
PID:13424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 216
11⤵
PID:10308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3980 -s 216
10⤵
PID:7332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1652 -s 236
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
8⤵
- Program crash
PID:2012

C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49097.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42943.exe
8⤵
PID:2024

C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62761.exe
9⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43192.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39653.exe
11⤵
PID:7992

C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42653.exe
12⤵
PID:11924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4.exe
13⤵
PID:9176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7992 -s 216
12⤵
PID:12520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
10⤵
PID:6420

C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38593.exe
9⤵
PID:4608

C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1106.exe
10⤵
PID:7416

C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41091.exe
11⤵
PID:11996

C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28977.exe
12⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7416 -s 236
11⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4608 -s 216
10⤵
PID:8852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2024 -s 240
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 216
8⤵
- Program crash
PID:3936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1808 -s 240
7⤵
- Program crash
PID:2660

C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-5563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5563.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44650.exe
8⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42040.exe
9⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
10⤵
PID:5224

C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62870.exe
11⤵
PID:9184

C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1869.exe
12⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9184 -s 220
12⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5224 -s 216
11⤵
PID:10328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 236
9⤵
PID:4588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 236
8⤵
- Program crash
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
7⤵
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1884.exe
8⤵
PID:3392

C:\Users\Admin\AppData\Local\Temp\Unicorn-43514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43514.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29451.exe
10⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54913.exe
11⤵
PID:12348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 220
11⤵
PID:13636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 216
10⤵
PID:10344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3392 -s 216
9⤵
PID:7308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
PID:4188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 240
7⤵
- Program crash
PID:2876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1660 -s 240
6⤵
- Program crash
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25796.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62849.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52626.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49165.exe
8⤵
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28527.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-872.exe
10⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33644.exe
11⤵
PID:9036

C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48164.exe
12⤵
PID:12052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9036 -s 216
12⤵
PID:5244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
11⤵
PID:10188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 216
9⤵
PID:5040

C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44541.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22855.exe
9⤵
PID:4676

C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55626.exe
10⤵
PID:8836

C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15299.exe
11⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8836 -s 216
11⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4676 -s 216
10⤵
PID:10068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 236
9⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 892 -s 240
8⤵
- Program crash
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2657.exe
7⤵
PID:1248

C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
8⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23094.exe
9⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45787.exe
10⤵
PID:8568

C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44656.exe
11⤵
PID:11980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8568 -s 220
11⤵
PID:13352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
10⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 216
9⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1248 -s 216
8⤵
PID:4604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 240
7⤵
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3980.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56264.exe
7⤵
PID:2612

C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19975.exe
8⤵
PID:3624

C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48646.exe
9⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
10⤵
PID:5700

C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56176.exe
11⤵
PID:9272

C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38503.exe
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9272 -s 216
12⤵
PID:7324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5700 -s 216
11⤵
PID:10852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3480 -s 216
10⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3624 -s 236
9⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63591.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17209.exe
9⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
10⤵
PID:9092

C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50027.exe
11⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9092 -s 216
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5232 -s 216
10⤵
PID:9392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
9⤵
PID:6764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2612 -s 240
8⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39003.exe
7⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60898.exe
8⤵
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34251.exe
9⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43094.exe
10⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9469.exe
11⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 236
11⤵
PID:6740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 216
10⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3476 -s 216
9⤵
PID:7528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 236
8⤵
PID:6140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 240
7⤵
- Program crash
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 240
6⤵
- Program crash
PID:2544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
5⤵
- Program crash
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26782.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14935.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1044

C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1396.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2140

C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27930.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50042.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13752.exe
9⤵
PID:3864

C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36970.exe
10⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50307.exe
11⤵
PID:8176

C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-250.exe
12⤵
PID:11968

C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42983.exe
13⤵
PID:8252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8176 -s 216
12⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
11⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3864 -s 236
10⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36865.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34723.exe
9⤵
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13825.exe
10⤵
PID:8360

C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
11⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8360 -s 216
11⤵
PID:12924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4148 -s 216
10⤵
PID:9616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
9⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
8⤵
- Program crash
PID:4276

C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47582.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48563.exe
8⤵
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2434.exe
9⤵
PID:4796

C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7987.exe
10⤵
PID:8592

C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4609.exe
11⤵
PID:11732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8592 -s 236
11⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4796 -s 216
10⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3892 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
8⤵
- Program crash
PID:4696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2140 -s 240
7⤵
- Program crash
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42874.exe
6⤵
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28313.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27650.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41137.exe
9⤵
PID:4228

C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49404.exe
10⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8952 -s 212
11⤵
PID:12672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4228 -s 216
10⤵
PID:10160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
9⤵
PID:7104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 236
8⤵
PID:4240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 236
7⤵
- Program crash
PID:3972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1044 -s 240
6⤵
- Program crash
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49014.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58381.exe
6⤵
PID:1696

C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10846.exe
7⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
8⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6757.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57847.exe
10⤵
PID:8808

C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24428.exe
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8808 -s 216
11⤵
PID:700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
9⤵
PID:7228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 236
8⤵
PID:4112

C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
7⤵
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26384.exe
8⤵
PID:5376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 200
9⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3104 -s 216
8⤵
PID:7768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1696 -s 240
7⤵
PID:5344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 236
6⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 240
5⤵
- Program crash
PID:1412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2808 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2160 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:616

C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19020.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:308

C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41661.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4987.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1540

C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36830.exe
8⤵
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62185.exe
9⤵
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13259.exe
10⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5195.exe
11⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
12⤵
PID:9236

C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43512.exe
13⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9236 -s 216
13⤵
PID:14024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
12⤵
PID:10820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
11⤵
PID:7684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 236
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-28204.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28204.exe
9⤵
PID:3580

C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52834.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42746.exe
11⤵
PID:9504

C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35728.exe
12⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9504 -s 216
12⤵
PID:14272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:11212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 216
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 240
9⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-11593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11593.exe
8⤵
PID:1304

C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54292.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
10⤵
PID:5704

C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6975.exe
11⤵
PID:8348

C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20378.exe
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8348 -s 236
12⤵
PID:13984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5704 -s 216
11⤵
PID:10800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
10⤵
PID:7596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1304 -s 236
9⤵
PID:5736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1540 -s 240
8⤵
- Program crash
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51775.exe
7⤵
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31459.exe
8⤵
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3145.exe
9⤵
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23670.exe
10⤵
PID:6016

C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1521.exe
11⤵
PID:9372

C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41758.exe
12⤵
PID:12768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9372 -s 216
12⤵
PID:14292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6016 -s 220
11⤵
PID:11056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3240 -s 236
10⤵
PID:7692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2216 -s 236
9⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52901.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64702.exe
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62974.exe
10⤵
PID:9340

C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2287.exe
11⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9340 -s 216
11⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 220
10⤵
PID:11020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 240
8⤵
PID:5952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
7⤵
- Program crash
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50659.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1008

C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8817.exe
7⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
8⤵
PID:916

C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43986.exe
9⤵
PID:3328

C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38444.exe
10⤵
PID:5864

C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16104.exe
11⤵
PID:9536

C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31644.exe
12⤵
PID:12376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9536 -s 216
12⤵
PID:14248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5864 -s 216
11⤵
PID:10436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3328 -s 216
10⤵
PID:7904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 916 -s 236
9⤵
PID:5496

C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30918.exe
8⤵
PID:3656

C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39020.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22134.exe
10⤵
PID:9724

C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64124.exe
11⤵
PID:13132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9724 -s 216
11⤵
PID:13392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
10⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3656 -s 216
9⤵
PID:8060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 240
8⤵
PID:5988

C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
7⤵
PID:3136

C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35818.exe
8⤵
PID:3612

C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
10⤵
PID:9592

C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17062.exe
11⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9592 -s 216
11⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
10⤵
PID:10656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3612 -s 216
9⤵
PID:7980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3136 -s 236
8⤵
PID:5920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1008 -s 240
7⤵
- Program crash
PID:3572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 308 -s 240
6⤵
- Program crash
PID:2464

C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21795.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9071.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-59964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59964.exe
7⤵
PID:1876

C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25237.exe
8⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1007.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56918.exe
10⤵
PID:5284

C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34578.exe
11⤵
PID:9624

C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31452.exe
12⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9624 -s 216
12⤵
PID:14320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5284 -s 216
11⤵
PID:10772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 216
10⤵
PID:8032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 236
9⤵
PID:5940

C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15952.exe
8⤵
PID:3636

C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21641.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15361.exe
10⤵
PID:8384

C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21906.exe
11⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8384 -s 216
11⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3636 -s 216
9⤵
PID:6692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1876 -s 240
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11401.exe
7⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9175.exe
8⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
9⤵
PID:6136

C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44692.exe
10⤵
PID:9648

C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2479.exe
11⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9648 -s 216
11⤵
PID:14052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6136 -s 216
10⤵
PID:10840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
9⤵
PID:8024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
8⤵
PID:5968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
7⤵
- Program crash
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52351.exe
6⤵
PID:1152

C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39435.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56238.exe
8⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
9⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41428.exe
10⤵
PID:8688

C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55948.exe
11⤵
PID:11384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8688 -s 216
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
10⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 236
9⤵
PID:6928

C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35853.exe
8⤵
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55818.exe
9⤵
PID:8724

C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2232.exe
10⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8724 -s 216
10⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4164 -s 216
9⤵
PID:9972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 220
8⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42594.exe
7⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38060.exe
8⤵
PID:5692

C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49954.exe
9⤵
PID:9248

C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16870.exe
10⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9248 -s 216
10⤵
PID:14004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5692 -s 216
9⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 236
8⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1152 -s 240
7⤵
PID:5760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
6⤵
- Program crash
PID:2860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 616 -s 240
5⤵
- Program crash
PID:764

C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7322.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15018.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1316

C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13155.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2403.exe
7⤵
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62569.exe
8⤵
PID:3424

C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52154.exe
9⤵
PID:3560

C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13939.exe
10⤵
PID:5592

C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1905.exe
11⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19008.exe
12⤵
PID:13080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 220
12⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5592 -s 216
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3560 -s 216
10⤵
PID:7832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3424 -s 236
9⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
8⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21916.exe
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14266.exe
10⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29122.exe
11⤵
PID:13056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
11⤵
PID:14016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5536 -s 216
10⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
9⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
8⤵
PID:5632

C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54956.exe
7⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24142.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20546.exe
9⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61028.exe
10⤵
PID:9772

C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37482.exe
11⤵
PID:13192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9772 -s 216
11⤵
PID:13404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 236
10⤵
PID:11104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 216
9⤵
PID:8084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 236
8⤵
PID:5984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 240
7⤵
- Program crash
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52159.exe
6⤵
PID:2008

C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40395.exe
7⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3721.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27863.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21776.exe
10⤵
PID:8220

C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40297.exe
11⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 12196 -s 240
12⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8220 -s 216
11⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5480 -s 236
10⤵
PID:9736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 236
8⤵
PID:4896

C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18666.exe
7⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22684.exe
8⤵
PID:5620

C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26218.exe
9⤵
PID:9756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9756 -s 200
10⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5620 -s 216
9⤵
PID:11072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
8⤵
PID:8092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2008 -s 240
7⤵
PID:6060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1316 -s 240
6⤵
- Program crash
PID:1340

C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58827.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52180.exe
6⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17645.exe
7⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4619.exe
8⤵
PID:5976

C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45979.exe
9⤵
PID:9116

C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26374.exe
10⤵
PID:11792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9116 -s 216
10⤵
PID:13160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5976 -s 216
9⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
8⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 216
7⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8661.exe
6⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41713.exe
7⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58148.exe
8⤵
PID:9076

C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
9⤵
PID:12100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9076 -s 216
9⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
8⤵
PID:9316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 236
7⤵
PID:6684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
6⤵
PID:4768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
5⤵
- Program crash
PID:3052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2276 -s 240
4⤵
- Program crash
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
3⤵
- Loads dropped DLL
- Program crash
PID:2664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2084 -s 240
2⤵
- Program crash
PID:2744

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-13700.exe
Filesize
184KB

MD5
5d439e242cebcb72171be34c973875ec

SHA1
ef373f77dd207c29626f1a6b1aa15e15f9177123

SHA256
d6fb1f681c6ae5c425a22808ab0d76d0a4f0964bbbd8d923f9c6f561581bb4d0

SHA512
870b2c049020d19e04e6bda31279d5d45a01837f484e0281c8827c43a7d042ea3945714e78b35d1f64799f7ef5830a40fc55601874de15e325c957130ed3cb1e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-29990.exe
Filesize
184KB

MD5
b19719c512693bb957096638b843f03d

SHA1
2de8ead4c6b63f0795221c20f696dbe9238584ed

SHA256
9dda01025c92ccca93b11123eb924142b29e9111ca5ffc8f83290a7efa062f8c

SHA512
393ffa8dc50c471c3e142eb9701f9fc23f3291199269fe72b7c8258ca74e4f020d715d340003abd7621c0300f88835531b07c06f706a85a42b4f312ec1aa0de8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36669.exe
Filesize
184KB

MD5
e0a28fa19928378be02e88b787db2bb9

SHA1
478ca34e8dd79a00dc8f5ca23736782676bfa64b

SHA256
ffbc66396c7bd42b4e73632adf2b66e2c60f5d26d8eba93388613ec0c588b868

SHA512
8c45defc0c867f4c22c77ab70b84f796dc7b8db42c345bdad43e5fa14fcee7d8820509bbd547192e76db58044bd07dae197b7db30c8cd8708bf9dcb9fed32f9c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36721.exe
Filesize
184KB

MD5
1838fb60bf0f55fb5d82270c2a95d335

SHA1
da2a33f0dec75df308288b14d7f916c19be6468d

SHA256
078b7ae90814175ba619e086e5c04e4bff33343bc0c17b6e6c79509be3921e9e

SHA512
4f749cb9f657efd8f2d8ff0e310863ead7e223559484eedea7c96cb560cca714a4a9973a1f5ddb3041e3ccce069fd041292311391310889753aaa3431e94be91

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40456.exe
Filesize
184KB

MD5
11337ef84754a2c994f4d4d34581a52f

SHA1
4a348306320d57cfaea57ffd57b40d0770671141

SHA256
d113dc4cea765f0a5ba76c14a045aa0edccdf1cf958d2f5ffef3ebc67314e2d9

SHA512
bf5dbd743be297c4cde9d03dd7f6fbb1862bf035485bdb3b2fcd437f53c0cc0343a40a5151718acccc6725a28ec4154d883c0d122f36552192fc7a5804296896

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40757.exe
Filesize
184KB

MD5
ad9dafaa8e6cc7498e159d69486b9e94

SHA1
7cd94cc98ffffeaf11434728fa6a61afc2d1e4a8

SHA256
ee2ea3d6d3ceb90aaa8181b69135623b2ecd625c0f1b5f4140ce2213bb81e99a

SHA512
14cf824796e847addf5a7a2d77e913cacae43c0106119fc55226c17b2f4862d45461572b11db585dd591758675ee2cc01b288b19666df24eb42464de3095694c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5480.exe
Filesize
184KB

MD5
ef778966009afc00a197653f24bff613

SHA1
7aab95a842c69b0822bcf05354efb3fe7be481f1

SHA256
ac7249d827d9d7438edf30c6ee9ac15b9994b75466ecc5c1a253f99051e0e57a

SHA512
0ad10334aba03cdd9fef46b03e72ce04bbdbc273134c687b3d18e2779b8ce358a2ba4408f9d2df060b8e98c0d0d88e6c585a45d809805379b40fc29d48073114

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5563.exe
Filesize
184KB

MD5
dc8563a6157852e08318f82de531a70e

SHA1
7e0619f45bbe8efbb0d776ba1e4a94bb02eebb7f

SHA256
c3c6095474aea0120110bbb868e5ee56708948aedb8b69436586e980bfc7b2a6

SHA512
c65bd7147e3b2e65996aca611ba383cd2fdcac787f658fd13b1e6fc05dfde545120841fbcd85728dc2d502afdb806716165dd0e861778391eb2d6ef7eba01577

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6030.exe
Filesize
184KB

MD5
284fca851ce39bcc1bda9ea5cc74722f

SHA1
32cf023af04a627a7def14ad86207da1d78dcf70

SHA256
e8ac021e149ed621a3ac63999768d7ef9f31a0c4b809f9a5eaa48f7cc3bf6714

SHA512
58ca0db78412f573538b2b167f2ae611eff097e3f11aac3d70e08706c9ee95bf969eb61a290df2120f6340d6d2db43ea2dabeddb416aec57547c2f9f09d8b65e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6096.exe
Filesize
184KB

MD5
f1ac352fc4cb97af2a3f279d455e9a3d

SHA1
c02768865e0c0668ebd48c153f6b802b94036cc7

SHA256
68f3042bb24e196f708603ae9d9f6b278ff940422214a62b01f34ebf3a4cdb63

SHA512
54d48e25695f826e13823d6f6f598babb6794b630abdedcb6e5cc1fe0671e495d3f77e673f68afad2bab426d0ee480b3eb010a8459a11c2afe34ee8930e42ad6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6418.exe
Filesize
184KB

MD5
bd312ceba87e7fa605c705b992da095d

SHA1
32bf859ab048216d1fd773311bcf8a57489615e4

SHA256
0b0136f7b0066ff3dc1e46ad6ae26d750147396e9b87a25e01585e9b4baa4b20

SHA512
5dc0f4bbe6906aeceb53c96f563404f6bb8bcf671788091274f4d05057fe914ac4afc12ddcf3b493b4d08a75eb31c3169580c266785cba57b08e20ec230bdcea

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6565.exe
Filesize
184KB

MD5
c7b6a26c57ddfe1a937c5fc62a07b2d5

SHA1
1eca257b0a022915e8bc3e3fa5c0372bc0b655ff

SHA256
cb48278b45fcd2095f7572beb9edfc6f8890ed43434a9206ee1badeb0072afa2

SHA512
a3e294b8f90e3be54e1f2b68afd95d74e132b984bddd8733a4bfe27e9e409179ea30b6c6017bc750e5f918665b420319eab9b987df4b86a7e10dcfe311c62582

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11837.exe
Filesize
184KB

MD5
5a7f9c2fec284b97178a21c99047807f

SHA1
f282de56ac4195a63e678e0d435398f16bf4d9b9

SHA256
183f3ca0fbf7dfa2bb72ae73e739fd0c12759d087b75c809156c96231e18d211

SHA512
81b6be3d8b80f726f3499fdf896ee4f9ee4765575b31984f806c6184ad69ea2213ad6920074f96370170661eb4eb095096e3b508f77429569f1b37a9d54b84cf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28174.exe
Filesize
184KB

MD5
f688641bc4cdd3f21eb0c762c5ee07a4

SHA1
22560ac42816f662f6083dca26e71f66cf993209

SHA256
2bfa407b4eb554a08548e3bc811b89f6eff9afc078c243c6a103baa3d150787a

SHA512
7d27ff5a4fc6f799eab4f6914bd55c1897348e5578f584f1e6ccfa92f137f4370b5d29261c021ed58d44fd444e7c7c1bbc65f184a25abed206740412c6fbddd5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3669.exe
Filesize
184KB

MD5
d40e35c421da086de1f132e716929d96

SHA1
08eeda9b03c6173996f9c83edf8164d9b9086698

SHA256
dded9a84868b41d581ea59ef3b2a535a478436a64fe153e6b794c41dab09e005

SHA512
5df1fd88364b4a2294be0ef80d55f1feea435be27871a369d195403196a0c2494b416e22e6081d4e1cad68c0e41c4d3b3c5a409bbe4291fc911950a9e7f1c36b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-47120.exe
Filesize
184KB

MD5
372b2f29a1a8734fc91142f43a4918d7

SHA1
ac21d0afd8f2514aca73339ec4e980f1bb46099b

SHA256
124ecfaee37903f289a667f024c4e83e5cf1c48bcb72d7d4248a788a69c89c67

SHA512
373c176eccef5ee806789315db9e8acd5089dccd79bcfb7c39cd89b3cb848ffadc1b7abfac50a839c69800f7daa0461c219164e23659b3072e9546c89b521dd5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49341.exe
Filesize
184KB

MD5
533974540aabc27df166be6becef4373

SHA1
c72e79953aef2974b68829a869181f5e8f289395

SHA256
9e8b6e1ee07dc516ea8ddb8543629a0dad6d516c881c0aac15572a4608a2dc46

SHA512
1c01c4941e9d4e2bf199c768cf95944c4cdefc953fe1fd8e08880dbb6e500cda6c4e08581cd8f18aa746c70400481b19375ed51ed1af94d4c8db54fe18992037

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49450.exe
Filesize
184KB

MD5
4156f90521c47c18f07f4fdc3d066b9c

SHA1
dad0af1dcf18dd6039df2583fdcfe3a06b117aff

SHA256
4449004771f94011c03b2c30312b0d0b94323d9c20136dea6a2d70ca7c605b17

SHA512
55dd061ebb1760d2d3c68a7855fcf53ee6bdb934467bb7ef70aa1f53cefb73904506847e537348585b62c94821e94e9ce1fbb3a53e5b976f9080de7fa93f795c

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55288.exe
Filesize
184KB

MD5
d175d33c53a32a45122b3f7e2ea03297

SHA1
1ccb2dc181680071464da62b263df7cd30c55bd6

SHA256
195269b0824582cc5c3e27fd77fcbf90134e2d3f75fa7b93b84bba60467cf61d

SHA512
94d7fa01ca14a9399ba2481b75f3eee39623876c77f530c99cc74ae69f55ac60571fdd2a37640e13f551dad9d9a7fbe5ac29ea80ecbc2d75f7a5dcd7c8142d21

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55397.exe
Filesize
184KB

MD5
601ca6bf0fd641cb7cd91ad4e622af56

SHA1
7d4b52bf3f5817ab0d9200d0d6b8dc1e655462d3

SHA256
b0fb083e5667e9d4a4db3a5fc2ee0b6207e67717af3c71b849cf2a48b995e834

SHA512
24e7c43d5a77c79c301235d9fb2a93f15c5085019f5a95637e7b95109f75e10262625ac5f7df587423819303c02cbdf657899c422357e7313a6d9c9fa40980a1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-58256.exe
Filesize
184KB

MD5
4dae1088b2e42f292cd179a51a89bcc2

SHA1
627e3d6593917ace4bd597265fc6f3f9abd84dac

SHA256
2448dc48a568fbff77516ea5a77007f49c7a75f4bffa0ca4b6c031e64fba32b3

SHA512
c4ec8281a97c181ad8c4c2c45b6fde9a3ab98da478a3d9bfd4b01363bad5418da32cd1fed9c5ed94c4215637afcafb6fdb990e82150d36ee4354e66dccc784f8

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64395.exe
Filesize
184KB

MD5
ddf4cfa4d71bfd567aeb90bc1fda1776

SHA1
d95c82396f6f1ab88a466e250dd626956b8f4b8f

SHA256
723c6def820acae70c0134458ef9b62882a5693ac8e5362b278ab96d3863d80f

SHA512
8c87eac9bd7a44b8b9d988c05b8862ac4c51059100f3e2d650a57f773776029e2bd0df8c7adaeea656686b5bb6b09939a02524bac50085c5f7403bf533a174b7

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-9616.exe
Filesize
184KB

MD5
7720ec0aec2af748f4e8b9aff2779717

SHA1
64c74668bc2643f2b55a3a3597a345e05f419190

SHA256
cdc62f1d92cfde792c5ed5e0816b9a70cc667f8e78d28da157a955235480a487

SHA512
df5524ab268401fc5af45bced2ad939cba10c17302477eea5daaf42e953c095a3b066705a8a3116f6e61fd06e6fc041f1188568e0d96257ffaf70e2bdf55c53e

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads