abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
Size

184KB
MD5

d335b1bbd26942fe1aa3cb22fdf0225b
SHA1

21649f6905786f2330814b726320f5939e9326f7
SHA256

abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db
SHA512

520873dee2ed62ba0908041558327f79bf518aee424829e15ee69d78d7d1c8c8d52b9f3bc601bcf66d77b91555d3821ef0b12845ed62a34c0c376ae3f81a9210
SSDEEP

3072:rBd29golYpaHd4jY/A+LpcpBIKYYzS/Ub+sKO5qmUDThlnVOFLnT:rBloh94jmLCpBIyKJ7hlnVOFL

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-14907.exeUnicorn-27490.exeUnicorn-49918.exeUnicorn-20189.exeUnicorn-20189.exeUnicorn-48647.exeUnicorn-64662.exeUnicorn-11932.exeUnicorn-32566.exeUnicorn-45145.exeUnicorn-9820.exeUnicorn-3923.exeUnicorn-18999.exeUnicorn-49595.exeUnicorn-33908.exeUnicorn-14042.exeUnicorn-1811.exeUnicorn-53513.exeUnicorn-7841.exeUnicorn-13913.exeUnicorn-42563.exeUnicorn-29949.exeUnicorn-49191.exeUnicorn-3519.exeUnicorn-38522.exeUnicorn-16902.exeUnicorn-21501.exeUnicorn-54557.exeUnicorn-49959.exeUnicorn-54557.exeUnicorn-4287.exeUnicorn-34883.exeUnicorn-50904.exeUnicorn-46690.exeUnicorn-33883.exeUnicorn-38145.exeUnicorn-58011.exeUnicorn-32822.exeUnicorn-58971.exeUnicorn-46589.exeUnicorn-31286.exeUnicorn-31478.exeUnicorn-11612.exeUnicorn-32054.exeUnicorn-50777.exeUnicorn-15452.exeUnicorn-31103.exeUnicorn-50969.exeUnicorn-48701.exeUnicorn-38510.exeUnicorn-38510.exeUnicorn-34295.exeUnicorn-6413.exeUnicorn-49947.exeUnicorn-54929.exeUnicorn-2199.exeUnicorn-22065.exeUnicorn-17850.exeUnicorn-37716.exeUnicorn-52625.exeUnicorn-50487.exeUnicorn-15546.exeUnicorn-2739.exeUnicorn-64062.exe

pid	process
2136	Unicorn-14907.exe
2840	Unicorn-27490.exe
2576	Unicorn-49918.exe
1648	Unicorn-20189.exe
2832	Unicorn-20189.exe
2768	Unicorn-48647.exe
2148	Unicorn-64662.exe
820	Unicorn-11932.exe
2916	Unicorn-32566.exe
2568	Unicorn-45145.exe
2900	Unicorn-9820.exe
2324	Unicorn-3923.exe
1704	Unicorn-18999.exe
2308	Unicorn-49595.exe
2316	Unicorn-33908.exe
592	Unicorn-14042.exe
1004	Unicorn-1811.exe
652	Unicorn-53513.exe
604	Unicorn-7841.exe
1312	Unicorn-13913.exe
2156	Unicorn-42563.exe
1280	Unicorn-29949.exe
1168	Unicorn-49191.exe
1636	Unicorn-3519.exe
1980	Unicorn-38522.exe
600	Unicorn-16902.exe
2396	Unicorn-21501.exe
2292	Unicorn-54557.exe
320	Unicorn-49959.exe
2388	Unicorn-54557.exe
712	Unicorn-4287.exe
1776	Unicorn-34883.exe
2656	Unicorn-50904.exe
2744	Unicorn-46690.exe
2828	Unicorn-33883.exe
2688	Unicorn-38145.exe
2468	Unicorn-58011.exe
2356	Unicorn-32822.exe
1656	Unicorn-58971.exe
2880	Unicorn-46589.exe
2684	Unicorn-31286.exe
2712	Unicorn-31478.exe
2180	Unicorn-11612.exe
1092	Unicorn-32054.exe
2912	Unicorn-50777.exe
940	Unicorn-15452.exe
2192	Unicorn-31103.exe
1228	Unicorn-50969.exe
2320	Unicorn-48701.exe
112	Unicorn-38510.exe
1048	Unicorn-38510.exe
708	Unicorn-34295.exe
1580	Unicorn-6413.exe
1132	Unicorn-49947.exe
1460	Unicorn-54929.exe
2972	Unicorn-2199.exe
1376	Unicorn-22065.exe
2208	Unicorn-17850.exe
1560	Unicorn-37716.exe
1500	Unicorn-52625.exe
2668	Unicorn-50487.exe
2628	Unicorn-15546.exe
2772	Unicorn-2739.exe
2488	Unicorn-64062.exe

Loads dropped DLL 64 IoCs

Processes:

abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exeUnicorn-14907.exeUnicorn-49918.exeUnicorn-27490.exeWerFault.exeUnicorn-20189.exeUnicorn-48647.exeUnicorn-20189.exeWerFault.exeWerFault.exeUnicorn-64662.exeUnicorn-11932.exeUnicorn-32566.exeUnicorn-45145.exeUnicorn-9820.exeWerFault.exeWerFault.exeUnicorn-3923.exe

pid	process
1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
2136	Unicorn-14907.exe
2136	Unicorn-14907.exe
1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
2576	Unicorn-49918.exe
2840	Unicorn-27490.exe
2576	Unicorn-49918.exe
2840	Unicorn-27490.exe
2136	Unicorn-14907.exe
2136	Unicorn-14907.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
2532	WerFault.exe
1648	Unicorn-20189.exe
1648	Unicorn-20189.exe
2576	Unicorn-49918.exe
2576	Unicorn-49918.exe
2768	Unicorn-48647.exe
2768	Unicorn-48647.exe
2832	Unicorn-20189.exe
2840	Unicorn-27490.exe
2832	Unicorn-20189.exe
2840	Unicorn-27490.exe
2928	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2928	WerFault.exe
2856	WerFault.exe
2856	WerFault.exe
2928	WerFault.exe
2856	WerFault.exe
2148	Unicorn-64662.exe
820	Unicorn-11932.exe
1648	Unicorn-20189.exe
820	Unicorn-11932.exe
2148	Unicorn-64662.exe
1648	Unicorn-20189.exe
2916	Unicorn-32566.exe
2916	Unicorn-32566.exe
2768	Unicorn-48647.exe
2768	Unicorn-48647.exe
2568	Unicorn-45145.exe
2568	Unicorn-45145.exe
2900	Unicorn-9820.exe
2900	Unicorn-9820.exe
2832	Unicorn-20189.exe
2832	Unicorn-20189.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
668	WerFault.exe
1136	WerFault.exe
1136	WerFault.exe
1136	WerFault.exe
1136	WerFault.exe
1136	WerFault.exe
2324	Unicorn-3923.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2660	1688	WerFault.exe	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
2532	2136	WerFault.exe	Unicorn-14907.exe
2928	2840	WerFault.exe	Unicorn-27490.exe
2856	2576	WerFault.exe	Unicorn-49918.exe
668	1648	WerFault.exe	Unicorn-20189.exe
1136	2768	WerFault.exe	Unicorn-48647.exe
1736	2148	WerFault.exe	Unicorn-64662.exe
2284	820	WerFault.exe	Unicorn-11932.exe
2444	2916	WerFault.exe	Unicorn-32566.exe
2528	2568	WerFault.exe	Unicorn-45145.exe
2144	2900	WerFault.exe	Unicorn-9820.exe
488	2324	WerFault.exe	Unicorn-3923.exe
1236	2308	WerFault.exe	Unicorn-49595.exe
1436	2316	WerFault.exe	Unicorn-33908.exe
1464	1704	WerFault.exe	Unicorn-18999.exe
2440	652	WerFault.exe	Unicorn-53513.exe
2272	1004	WerFault.exe	Unicorn-1811.exe
1540	592	WerFault.exe	Unicorn-14042.exe
2276	604	WerFault.exe	Unicorn-7841.exe
1768	1312	WerFault.exe	Unicorn-13913.exe
2036	2156	WerFault.exe	Unicorn-42563.exe
1628	1280	WerFault.exe	Unicorn-29949.exe
2412	1168	WerFault.exe	Unicorn-49191.exe
2672	1980	WerFault.exe	Unicorn-38522.exe
2516	1636	WerFault.exe	Unicorn-3519.exe
2480	600	WerFault.exe	Unicorn-16902.exe
2484	2292	WerFault.exe	Unicorn-54557.exe
2544	2388	WerFault.exe	Unicorn-54557.exe
2512	2396	WerFault.exe	Unicorn-21501.exe
2648	320	WerFault.exe	Unicorn-49959.exe
2792	1776	WerFault.exe	Unicorn-34883.exe
2808	712	WerFault.exe	Unicorn-4287.exe
3384	2656	WerFault.exe	Unicorn-50904.exe
3412	2356	WerFault.exe	Unicorn-32822.exe
3428	2828	WerFault.exe	Unicorn-33883.exe
3452	1656	WerFault.exe	Unicorn-58971.exe
3484	940	WerFault.exe	Unicorn-15452.exe
3492	2192	WerFault.exe	Unicorn-31103.exe
3508	2320	WerFault.exe	Unicorn-48701.exe
3532	1092	WerFault.exe	Unicorn-32054.exe
3584	2468	WerFault.exe	Unicorn-58011.exe
3608	2180	WerFault.exe	Unicorn-11612.exe
3624	2880	WerFault.exe	Unicorn-46589.exe
3632	2712	WerFault.exe	Unicorn-31478.exe
3684	2744	WerFault.exe	Unicorn-46690.exe
3700	2684	WerFault.exe	Unicorn-31286.exe
3804	1228	WerFault.exe	Unicorn-50969.exe
3828	2912	WerFault.exe	Unicorn-50777.exe
3744	2812	WerFault.exe	Unicorn-477.exe
3592	1048	WerFault.exe	Unicorn-38510.exe
3524	2152	WerFault.exe	Unicorn-56055.exe
3836	1840	WerFault.exe	Unicorn-37908.exe
3960	1468	WerFault.exe	Unicorn-14145.exe
3760	2956	WerFault.exe	Unicorn-22423.exe
4120	2776	WerFault.exe	Unicorn-16314.exe
4140	708	WerFault.exe	Unicorn-34295.exe
4148	2044	WerFault.exe	Unicorn-56055.exe
4164	112	WerFault.exe	Unicorn-38510.exe
4172	1376	WerFault.exe	Unicorn-22065.exe
4244	1988	WerFault.exe	Unicorn-24072.exe
4252	1460	WerFault.exe	Unicorn-54929.exe
4340	2668	WerFault.exe	Unicorn-50487.exe
4356	2720	WerFault.exe	Unicorn-2365.exe
4372	2960	WerFault.exe	Unicorn-7539.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exeUnicorn-14907.exeUnicorn-27490.exeUnicorn-49918.exeUnicorn-20189.exeUnicorn-20189.exeUnicorn-48647.exeUnicorn-64662.exeUnicorn-11932.exeUnicorn-32566.exeUnicorn-45145.exeUnicorn-9820.exeUnicorn-3923.exeUnicorn-18999.exeUnicorn-49595.exeUnicorn-33908.exeUnicorn-14042.exeUnicorn-7841.exeUnicorn-1811.exeUnicorn-53513.exeUnicorn-13913.exeUnicorn-42563.exeUnicorn-29949.exeUnicorn-49191.exeUnicorn-3519.exeUnicorn-38522.exeUnicorn-16902.exeUnicorn-49959.exeUnicorn-54557.exeUnicorn-34883.exeUnicorn-54557.exeUnicorn-21501.exeUnicorn-4287.exeUnicorn-50904.exeUnicorn-46690.exeUnicorn-33883.exeUnicorn-58011.exeUnicorn-38145.exeUnicorn-32822.exeUnicorn-58971.exeUnicorn-46589.exeUnicorn-31286.exeUnicorn-11612.exeUnicorn-31478.exeUnicorn-32054.exeUnicorn-50777.exeUnicorn-15452.exeUnicorn-31103.exeUnicorn-50969.exeUnicorn-48701.exeUnicorn-38510.exeUnicorn-38510.exeUnicorn-34295.exeUnicorn-6413.exeUnicorn-49947.exeUnicorn-22065.exeUnicorn-54929.exeUnicorn-17850.exeUnicorn-2199.exeUnicorn-37716.exeUnicorn-64062.exeUnicorn-50487.exeUnicorn-52625.exeUnicorn-15546.exe

pid	process
1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
2136	Unicorn-14907.exe
2840	Unicorn-27490.exe
2576	Unicorn-49918.exe
1648	Unicorn-20189.exe
2832	Unicorn-20189.exe
2768	Unicorn-48647.exe
2148	Unicorn-64662.exe
820	Unicorn-11932.exe
2916	Unicorn-32566.exe
2568	Unicorn-45145.exe
2900	Unicorn-9820.exe
2324	Unicorn-3923.exe
1704	Unicorn-18999.exe
2308	Unicorn-49595.exe
2316	Unicorn-33908.exe
592	Unicorn-14042.exe
604	Unicorn-7841.exe
1004	Unicorn-1811.exe
652	Unicorn-53513.exe
1312	Unicorn-13913.exe
2156	Unicorn-42563.exe
1280	Unicorn-29949.exe
1168	Unicorn-49191.exe
1636	Unicorn-3519.exe
1980	Unicorn-38522.exe
600	Unicorn-16902.exe
320	Unicorn-49959.exe
2388	Unicorn-54557.exe
1776	Unicorn-34883.exe
2292	Unicorn-54557.exe
2396	Unicorn-21501.exe
712	Unicorn-4287.exe
2656	Unicorn-50904.exe
2744	Unicorn-46690.exe
2828	Unicorn-33883.exe
2468	Unicorn-58011.exe
2688	Unicorn-38145.exe
2356	Unicorn-32822.exe
1656	Unicorn-58971.exe
2880	Unicorn-46589.exe
2684	Unicorn-31286.exe
2180	Unicorn-11612.exe
2712	Unicorn-31478.exe
1092	Unicorn-32054.exe
2912	Unicorn-50777.exe
940	Unicorn-15452.exe
2192	Unicorn-31103.exe
1228	Unicorn-50969.exe
2320	Unicorn-48701.exe
112	Unicorn-38510.exe
1048	Unicorn-38510.exe
708	Unicorn-34295.exe
1580	Unicorn-6413.exe
1132	Unicorn-49947.exe
1376	Unicorn-22065.exe
1460	Unicorn-54929.exe
2208	Unicorn-17850.exe
2972	Unicorn-2199.exe
1560	Unicorn-37716.exe
2488	Unicorn-64062.exe
2668	Unicorn-50487.exe
1500	Unicorn-52625.exe
2628	Unicorn-15546.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exeUnicorn-14907.exeUnicorn-49918.exeUnicorn-27490.exeUnicorn-20189.exeUnicorn-48647.exeUnicorn-20189.exeUnicorn-11932.exe

description	pid	process	target process
PID 1688 wrote to memory of 2136	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-14907.exe
PID 1688 wrote to memory of 2136	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-14907.exe
PID 1688 wrote to memory of 2136	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-14907.exe
PID 1688 wrote to memory of 2136	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-14907.exe
PID 2136 wrote to memory of 2840	2136	Unicorn-14907.exe	Unicorn-27490.exe
PID 2136 wrote to memory of 2840	2136	Unicorn-14907.exe	Unicorn-27490.exe
PID 2136 wrote to memory of 2840	2136	Unicorn-14907.exe	Unicorn-27490.exe
PID 2136 wrote to memory of 2840	2136	Unicorn-14907.exe	Unicorn-27490.exe
PID 1688 wrote to memory of 2576	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-49918.exe
PID 1688 wrote to memory of 2576	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-49918.exe
PID 1688 wrote to memory of 2576	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-49918.exe
PID 1688 wrote to memory of 2576	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	Unicorn-49918.exe
PID 1688 wrote to memory of 2660	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	WerFault.exe
PID 1688 wrote to memory of 2660	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	WerFault.exe
PID 1688 wrote to memory of 2660	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	WerFault.exe
PID 1688 wrote to memory of 2660	1688	abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe	WerFault.exe
PID 2576 wrote to memory of 1648	2576	Unicorn-49918.exe	Unicorn-20189.exe
PID 2576 wrote to memory of 1648	2576	Unicorn-49918.exe	Unicorn-20189.exe
PID 2576 wrote to memory of 1648	2576	Unicorn-49918.exe	Unicorn-20189.exe
PID 2576 wrote to memory of 1648	2576	Unicorn-49918.exe	Unicorn-20189.exe
PID 2840 wrote to memory of 2832	2840	Unicorn-27490.exe	Unicorn-20189.exe
PID 2840 wrote to memory of 2832	2840	Unicorn-27490.exe	Unicorn-20189.exe
PID 2840 wrote to memory of 2832	2840	Unicorn-27490.exe	Unicorn-20189.exe
PID 2840 wrote to memory of 2832	2840	Unicorn-27490.exe	Unicorn-20189.exe
PID 2136 wrote to memory of 2768	2136	Unicorn-14907.exe	Unicorn-48647.exe
PID 2136 wrote to memory of 2768	2136	Unicorn-14907.exe	Unicorn-48647.exe
PID 2136 wrote to memory of 2768	2136	Unicorn-14907.exe	Unicorn-48647.exe
PID 2136 wrote to memory of 2768	2136	Unicorn-14907.exe	Unicorn-48647.exe
PID 2136 wrote to memory of 2532	2136	Unicorn-14907.exe	WerFault.exe
PID 2136 wrote to memory of 2532	2136	Unicorn-14907.exe	WerFault.exe
PID 2136 wrote to memory of 2532	2136	Unicorn-14907.exe	WerFault.exe
PID 2136 wrote to memory of 2532	2136	Unicorn-14907.exe	WerFault.exe
PID 1648 wrote to memory of 2148	1648	Unicorn-20189.exe	Unicorn-64662.exe
PID 1648 wrote to memory of 2148	1648	Unicorn-20189.exe	Unicorn-64662.exe
PID 1648 wrote to memory of 2148	1648	Unicorn-20189.exe	Unicorn-64662.exe
PID 1648 wrote to memory of 2148	1648	Unicorn-20189.exe	Unicorn-64662.exe
PID 2576 wrote to memory of 820	2576	Unicorn-49918.exe	Unicorn-11932.exe
PID 2576 wrote to memory of 820	2576	Unicorn-49918.exe	Unicorn-11932.exe
PID 2576 wrote to memory of 820	2576	Unicorn-49918.exe	Unicorn-11932.exe
PID 2576 wrote to memory of 820	2576	Unicorn-49918.exe	Unicorn-11932.exe
PID 2768 wrote to memory of 2916	2768	Unicorn-48647.exe	Unicorn-32566.exe
PID 2768 wrote to memory of 2916	2768	Unicorn-48647.exe	Unicorn-32566.exe
PID 2768 wrote to memory of 2916	2768	Unicorn-48647.exe	Unicorn-32566.exe
PID 2768 wrote to memory of 2916	2768	Unicorn-48647.exe	Unicorn-32566.exe
PID 2832 wrote to memory of 2568	2832	Unicorn-20189.exe	Unicorn-45145.exe
PID 2832 wrote to memory of 2568	2832	Unicorn-20189.exe	Unicorn-45145.exe
PID 2832 wrote to memory of 2568	2832	Unicorn-20189.exe	Unicorn-45145.exe
PID 2832 wrote to memory of 2568	2832	Unicorn-20189.exe	Unicorn-45145.exe
PID 2840 wrote to memory of 2900	2840	Unicorn-27490.exe	Unicorn-9820.exe
PID 2840 wrote to memory of 2900	2840	Unicorn-27490.exe	Unicorn-9820.exe
PID 2840 wrote to memory of 2900	2840	Unicorn-27490.exe	Unicorn-9820.exe
PID 2840 wrote to memory of 2900	2840	Unicorn-27490.exe	Unicorn-9820.exe
PID 2576 wrote to memory of 2856	2576	Unicorn-49918.exe	WerFault.exe
PID 2576 wrote to memory of 2856	2576	Unicorn-49918.exe	WerFault.exe
PID 2576 wrote to memory of 2856	2576	Unicorn-49918.exe	WerFault.exe
PID 2576 wrote to memory of 2856	2576	Unicorn-49918.exe	WerFault.exe
PID 2840 wrote to memory of 2928	2840	Unicorn-27490.exe	WerFault.exe
PID 2840 wrote to memory of 2928	2840	Unicorn-27490.exe	WerFault.exe
PID 2840 wrote to memory of 2928	2840	Unicorn-27490.exe	WerFault.exe
PID 2840 wrote to memory of 2928	2840	Unicorn-27490.exe	WerFault.exe
PID 820 wrote to memory of 2324	820	Unicorn-11932.exe	Unicorn-3923.exe
PID 820 wrote to memory of 2324	820	Unicorn-11932.exe	Unicorn-3923.exe
PID 820 wrote to memory of 2324	820	Unicorn-11932.exe	Unicorn-3923.exe
PID 820 wrote to memory of 2324	820	Unicorn-11932.exe	Unicorn-3923.exe

C:\Users\Admin\AppData\Local\Temp\abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe
"C:\Users\Admin\AppData\Local\Temp\abd1ecbdefbe435f00e1cc66e16018eef8253fb0c90d59b1485b5fefea1541db.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2136

C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840

C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2832

C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1811.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1004

C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32054.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1092

C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22423.exe
9⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56894.exe
10⤵
PID:1056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33553.exe
11⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
12⤵
PID:4992

C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24840.exe
13⤵
PID:7784

C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22739.exe
14⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7784 -s 216
14⤵
PID:11912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4992 -s 216
13⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
12⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1056 -s 216
11⤵
PID:4948

C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64149.exe
10⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17013.exe
11⤵
PID:4984

C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27746.exe
12⤵
PID:7636

C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17869.exe
13⤵
PID:11196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
14⤵
PID:2000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7636 -s 216
13⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4984 -s 220
12⤵
PID:8284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
11⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 240
10⤵
- Program crash
PID:3760

C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52488.exe
9⤵
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50574.exe
10⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22680.exe
11⤵
PID:5096

C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39723.exe
12⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7556 -s 220
13⤵
PID:11940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5096 -s 216
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
11⤵
PID:6628

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3092 -s 236
10⤵
PID:4896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1092 -s 240
9⤵
- Program crash
PID:3532

C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26376.exe
8⤵
PID:1456

C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
9⤵
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34897.exe
10⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
11⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41935.exe
12⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17466.exe
13⤵
PID:11216

C:\Users\Admin\AppData\Local\Temp\Unicorn-58419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58419.exe
14⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11216 -s 216
14⤵
PID:8432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
13⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 236
12⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
11⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1944 -s 236
10⤵
PID:5232

C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32820.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39094.exe
10⤵
PID:5688

C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54051.exe
11⤵
PID:8576

C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39198.exe
12⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8576 -s 216
12⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5688 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1456 -s 220
9⤵
PID:4600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2292 -s 240
8⤵
- Program crash
PID:2484

C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15452.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:940

C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14145.exe
8⤵
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
9⤵
PID:1080

C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58192.exe
10⤵
PID:3368

C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38174.exe
11⤵
PID:6148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50654.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17244.exe
13⤵
PID:13204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 216
13⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6148 -s 216
12⤵
PID:10904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3368 -s 216
11⤵
PID:7932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1080 -s 236
10⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
9⤵
- Program crash
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 940 -s 236
8⤵
- Program crash
PID:3484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1004 -s 240
7⤵
- Program crash
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49959.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:320

C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2365.exe
7⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48225.exe
8⤵
PID:2996

C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7123.exe
9⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7765.exe
10⤵
PID:5444

C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59335.exe
11⤵
PID:7788

C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47061.exe
12⤵
PID:10592

C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38963.exe
13⤵
PID:9128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7788 -s 216
12⤵
PID:11936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5444 -s 216
11⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 216
10⤵
PID:7008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2996 -s 236
9⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45068.exe
8⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28248.exe
9⤵
PID:5156

C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
10⤵
PID:8136

C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58144.exe
11⤵
PID:11480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8136 -s 216
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5156 -s 216
10⤵
PID:9208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
9⤵
PID:6864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 220
8⤵
- Program crash
PID:4356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 320 -s 216
7⤵
- Program crash
PID:2648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
6⤵
- Program crash
PID:2528

C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53513.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:652

C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21501.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31581.exe
7⤵
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34686.exe
8⤵
PID:1444

C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10221.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48606.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39187.exe
11⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
12⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 220
12⤵
PID:12408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 236
11⤵
PID:10496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
10⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1444 -s 216
9⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-21850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21850.exe
8⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64921.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
10⤵
PID:8588

C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8588 -s 216
11⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:9940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 216
9⤵
PID:6988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2716 -s 220
8⤵
PID:4444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 216
7⤵
- Program crash
PID:2512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 652 -s 236
6⤵
- Program crash
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7841.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:604

C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4287.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 712 -s 240
7⤵
- Program crash
PID:2808

C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48701.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2320

C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37908.exe
7⤵
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
8⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33605.exe
9⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53645.exe
10⤵
PID:5136

C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3231.exe
11⤵
PID:8508

C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55015.exe
12⤵
PID:11748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8508 -s 216
12⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5136 -s 216
11⤵
PID:9876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 236
9⤵
PID:4232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 216
8⤵
- Program crash
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61032.exe
7⤵
PID:952

C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19246.exe
8⤵
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21895.exe
9⤵
PID:6280

C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61910.exe
10⤵
PID:9352

C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
11⤵
PID:13076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9352 -s 216
11⤵
PID:7344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6280 -s 220
10⤵
PID:11012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3792 -s 216
9⤵
PID:8020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 952 -s 236
8⤵
PID:6096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2320 -s 240
7⤵
- Program crash
PID:3508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 604 -s 240
6⤵
- Program crash
PID:2276

C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34883.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50969.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1228

C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
7⤵
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6816.exe
8⤵
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65125.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49109.exe
10⤵
PID:4916

C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58690.exe
11⤵
PID:8156

C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46620.exe
12⤵
PID:11168

C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64853.exe
13⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8156 -s 236
12⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4916 -s 216
11⤵
PID:1908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
10⤵
PID:6400

C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14744.exe
9⤵
PID:5004

C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12592.exe
10⤵
PID:7532

C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58867.exe
11⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7532 -s 236
11⤵
PID:12264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5004 -s 216
10⤵
PID:8664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3108 -s 220
9⤵
PID:6432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46028.exe
8⤵
PID:4044

C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
9⤵
PID:5056

C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42987.exe
10⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28928.exe
11⤵
PID:11616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
11⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5056 -s 216
10⤵
PID:8812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4044 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
8⤵
- Program crash
PID:4148

C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50734.exe
7⤵
PID:3148

C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11155.exe
8⤵
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33593.exe
9⤵
PID:5196

C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44028.exe
10⤵
PID:9200

C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25114.exe
11⤵
PID:11812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9200 -s 204
11⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5196 -s 216
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3516 -s 216
9⤵
PID:6872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3148 -s 216
8⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1228 -s 220
7⤵
- Program crash
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24072.exe
6⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65438.exe
7⤵
PID:1052

C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40180.exe
8⤵
PID:4080

C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41564.exe
9⤵
PID:5844

C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
10⤵
PID:8464

C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
11⤵
PID:11240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5844 -s 204
10⤵
PID:9708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4080 -s 236
9⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1052 -s 236
8⤵
PID:4940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24154.exe
7⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
8⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
9⤵
PID:7544

C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17890.exe
10⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 216
10⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4828 -s 220
9⤵
PID:9196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
8⤵
PID:6752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 240
7⤵
- Program crash
PID:4244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 220
6⤵
- Program crash
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 240
5⤵
- Program crash
PID:2144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2840 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2928

C:\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2916

C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33908.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29949.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1280

C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58011.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2468

C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54929.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1460

C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27395.exe
9⤵
PID:1016

C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
10⤵
PID:3324

C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51735.exe
11⤵
PID:5220

C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25863.exe
12⤵
PID:8996

C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2008.exe
13⤵
PID:11744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8996 -s 216
13⤵
PID:6088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5220 -s 216
12⤵
PID:9324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3324 -s 216
11⤵
PID:7212

C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6488.exe
10⤵
PID:3956

C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
11⤵
PID:7812

C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14791.exe
12⤵
PID:10616

C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34656.exe
12⤵
PID:11760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7812 -s 220
12⤵
PID:12740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3956 -s 204
11⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1016 -s 240
10⤵
PID:6484

C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2525.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
10⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
11⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
12⤵
PID:240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
12⤵
PID:12328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4548 -s 216
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
10⤵
PID:6732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1460 -s 220
9⤵
- Program crash
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12516.exe
8⤵
PID:2436

C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17710.exe
9⤵
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6997.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32858.exe
11⤵
PID:8644

C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24507.exe
12⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8644 -s 216
12⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 220
11⤵
PID:9816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3164 -s 216
10⤵
PID:6176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2436 -s 236
9⤵
PID:4888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2468 -s 240
8⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2199.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2972

C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-477.exe
8⤵
PID:2812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
9⤵
- Program crash
PID:3744

C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23796.exe
8⤵
PID:1708

C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4361.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15229.exe
10⤵
PID:8972

C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
11⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8972 -s 216
11⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 220
10⤵
PID:10080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1708 -s 216
9⤵
PID:6920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2972 -s 240
8⤵
PID:4752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 240
7⤵
- Program crash
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38145.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37716.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
8⤵
PID:1076

C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57092.exe
9⤵
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61914.exe
10⤵
PID:7616

C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29220.exe
11⤵
PID:11256

C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64354.exe
12⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7616 -s 236
11⤵
PID:11352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
10⤵
PID:9052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1076 -s 236
9⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23033.exe
9⤵
PID:5480

C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
10⤵
PID:8440

C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22062.exe
11⤵
PID:3020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8440 -s 216
11⤵
PID:5240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:7020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1560 -s 220
8⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28359.exe
7⤵
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11731.exe
8⤵
PID:4020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 220
9⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 216
8⤵
PID:4976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2316 -s 240
6⤵
- Program crash
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49191.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1168

C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32822.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22065.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1376

C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22787.exe
8⤵
PID:384

C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52878.exe
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
10⤵
PID:4736

C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11653.exe
11⤵
PID:8272

C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
12⤵
PID:11452

C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21070.exe
13⤵
PID:8828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8272 -s 220
12⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4736 -s 216
11⤵
PID:9424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4012 -s 216
10⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 384 -s 236
9⤵
PID:4852

C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31636.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-14461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14461.exe
10⤵
PID:8912

C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20501.exe
11⤵
PID:11392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8912 -s 216
11⤵
PID:12524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:10132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:7320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1376 -s 220
8⤵
- Program crash
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6569.exe
7⤵
PID:960

C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49619.exe
8⤵
PID:3976

C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7194.exe
9⤵
PID:4564

C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
10⤵
PID:8116

C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2659.exe
11⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8116 -s 220
11⤵
PID:12944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4564 -s 204
10⤵
PID:9304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3976 -s 216
9⤵
PID:6560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 960 -s 236
8⤵
PID:4532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 240
7⤵
- Program crash
PID:3412

C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17850.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
7⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42707.exe
8⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38523.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65269.exe
9⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41247.exe
10⤵
PID:8548

C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
10⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 220
9⤵
PID:7328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
8⤵
PID:4680

C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7382.exe
7⤵
PID:3224

C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
8⤵
PID:6216

C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
9⤵
PID:9852

C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24763.exe
10⤵
PID:12752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9852 -s 216
10⤵
PID:12336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6216 -s 216
9⤵
PID:10956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3224 -s 220
8⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2208 -s 220
7⤵
PID:5888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1168 -s 240
6⤵
- Program crash
PID:2412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2916 -s 240
5⤵
- Program crash
PID:2444

C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14042.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:592

C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54557.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50777.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7539.exe
7⤵
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15168.exe
8⤵
PID:3064

C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48322.exe
9⤵
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5658.exe
10⤵
PID:4640

C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6282.exe
11⤵
PID:8160

C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
12⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8160 -s 216
12⤵
PID:11492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4640 -s 216
11⤵
PID:2848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3948 -s 216
10⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8382.exe
9⤵
PID:5140

C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
10⤵
PID:8400

C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47604.exe
11⤵
PID:11124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8400 -s 216
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5140 -s 216
10⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3064 -s 220
9⤵
PID:6856

C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11435.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31289.exe
9⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
10⤵
PID:7844

C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7844 -s 216
11⤵
PID:12732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
10⤵
PID:9276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 216
9⤵
PID:6972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 220
8⤵
- Program crash
PID:4372

C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
7⤵
PID:2372

C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15842.exe
8⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23199.exe
9⤵
PID:6020

C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35847.exe
10⤵
PID:8860

C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
11⤵
PID:10748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8860 -s 216
11⤵
PID:12192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6020 -s 220
10⤵
PID:10036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 236
9⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2372 -s 236
8⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
7⤵
- Program crash
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3325.exe
6⤵
PID:472

C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14592.exe
7⤵
PID:2644

C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40595.exe
8⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
9⤵
PID:6192

C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-576.exe
10⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52853.exe
11⤵
PID:13000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 216
11⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 216
10⤵
PID:10896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3308 -s 216
9⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2644 -s 236
8⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38326.exe
7⤵
PID:3340

C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24225.exe
8⤵
PID:6184

C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60924.exe
9⤵
PID:10200

C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44151.exe
10⤵
PID:12608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10200 -s 216
10⤵
PID:7672

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6184 -s 216
9⤵
PID:11004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3340 -s 216
8⤵
PID:7900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 472 -s 220
7⤵
PID:6068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
6⤵
- Program crash
PID:2544

C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31103.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2192

C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56055.exe
6⤵
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16705.exe
7⤵
PID:2640

C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
8⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29540.exe
9⤵
PID:4812

C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48171.exe
10⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
11⤵
PID:11404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 216
11⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4812 -s 216
10⤵
PID:8736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 236
9⤵
PID:6372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2640 -s 236
8⤵
PID:4500

C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1523.exe
7⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45193.exe
8⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35607.exe
9⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2835.exe
10⤵
PID:9120

C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28724.exe
11⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9120 -s 240
11⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 220
10⤵
PID:10548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
9⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3888 -s 236
8⤵
PID:5500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 240
7⤵
- Program crash
PID:3524

C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7529.exe
6⤵
PID:936

C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4201.exe
7⤵
PID:3084

C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19425.exe
8⤵
PID:5180

C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3840.exe
9⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31169.exe
10⤵
PID:12644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 236
10⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5180 -s 216
9⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3084 -s 216
8⤵
PID:7880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 936 -s 236
7⤵
PID:5648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2192 -s 240
6⤵
- Program crash
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 592 -s 240
5⤵
- Program crash
PID:1540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2136 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38522.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58971.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Users\Admin\AppData\Local\Temp\Unicorn-50487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50487.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
9⤵
PID:848

C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35665.exe
10⤵
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17781.exe
11⤵
PID:5100

C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
12⤵
PID:7948

C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-271.exe
13⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49586.exe
14⤵
PID:8496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7948 -s 216
13⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5100 -s 216
12⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4048 -s 236
11⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 848 -s 236
10⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30708.exe
9⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4148.exe
10⤵
PID:5668

C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30614.exe
11⤵
PID:8500

C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31469.exe
12⤵
PID:12112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8500 -s 236
12⤵
PID:6584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5668 -s 220
11⤵
PID:10304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
10⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
9⤵
- Program crash
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
8⤵
PID:2416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1656 -s 240
8⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15546.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
8⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30481.exe
9⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
10⤵
PID:5992

C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24628.exe
11⤵
PID:7248

C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48960.exe
12⤵
PID:11188

C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6661.exe
12⤵
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26457.exe
13⤵
PID:8216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7248 -s 240
12⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5992 -s 236
11⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 216
10⤵
PID:6368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 216
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-11191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11191.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22471.exe
9⤵
PID:6204

C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11038.exe
10⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27259.exe
11⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
11⤵
PID:5864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6204 -s 216
10⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3616 -s 216
9⤵
PID:7924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 220
8⤵
PID:6112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 240
7⤵
- Program crash
PID:2672

C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46589.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52625.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15360.exe
8⤵
PID:1904

C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61321.exe
8⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21741.exe
9⤵
PID:6076

C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
10⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47656.exe
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 220
11⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6076 -s 204
10⤵
PID:9808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 216
9⤵
PID:6276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 220
8⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13284.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16067.exe
8⤵
PID:4040

C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25537.exe
9⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44731.exe
10⤵
PID:10436

C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65527.exe
11⤵
PID:8984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 216
10⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 216
9⤵
PID:9172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 216
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
7⤵
- Program crash
PID:3624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1704 -s 240
6⤵
- Program crash
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-16902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16902.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31478.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51255.exe
7⤵
PID:644

C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33150.exe
8⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3241.exe
9⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14748.exe
10⤵
PID:5680

C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26941.exe
11⤵
PID:9328

C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53621.exe
12⤵
PID:13068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9328 -s 216
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5680 -s 236
11⤵
PID:10768

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
10⤵
PID:7696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
9⤵
PID:5536

C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29753.exe
8⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22239.exe
9⤵
PID:5612

C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12450.exe
10⤵
PID:8288

C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48412.exe
11⤵
PID:11836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8288 -s 204
11⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5612 -s 216
10⤵
PID:10208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 644 -s 220
8⤵
PID:4540

C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17485.exe
7⤵
PID:3076

C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42894.exe
8⤵
PID:3884

C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24399.exe
10⤵
PID:7768

C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39774.exe
11⤵
PID:12116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7768 -s 216
11⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 204
10⤵
PID:9384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3884 -s 216
9⤵
PID:7088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3076 -s 216
8⤵
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 240
7⤵
- Program crash
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16314.exe
6⤵
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64670.exe
7⤵
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52686.exe
8⤵
PID:3924

C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
9⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15400.exe
10⤵
PID:8392

C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22177.exe
11⤵
PID:12060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8392 -s 216
11⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 204
10⤵
PID:9688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3924 -s 216
9⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 236
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33012.exe
7⤵
PID:3988

C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26354.exe
8⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20559.exe
9⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36000.exe
10⤵
PID:11712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
10⤵
PID:12712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 204
9⤵
PID:9312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3988 -s 216
8⤵
PID:6496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
7⤵
- Program crash
PID:4120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 240
6⤵
- Program crash
PID:2480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
5⤵
- Program crash
PID:1736

C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3519.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1636

C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31286.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2684

C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2739.exe
7⤵
- Executes dropped EXE
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14400.exe
8⤵
PID:2004

C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
9⤵
PID:3284

C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60920.exe
10⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10117.exe
11⤵
PID:8316

C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32504.exe
12⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8316 -s 220
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
11⤵
PID:9444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3284 -s 216
10⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2004 -s 216
9⤵
PID:4872

C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41227.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23801.exe
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49417.exe
10⤵
PID:8524

C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49716.exe
11⤵
PID:10588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8524 -s 216
11⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5580 -s 216
10⤵
PID:9624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:7096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 240
8⤵
PID:4516

C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60840.exe
7⤵
PID:2116

C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22391.exe
8⤵
PID:3896

C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48315.exe
9⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14699.exe
10⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11906.exe
11⤵
PID:11516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7876 -s 216
11⤵
PID:12616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 220
10⤵
PID:8920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3896 -s 236
9⤵
PID:6440

C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
8⤵
PID:4820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2116 -s 220
8⤵
PID:4132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2684 -s 240
7⤵
- Program crash
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64062.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33918.exe
7⤵
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36682.exe
8⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20127.exe
9⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45509.exe
10⤵
PID:7852

C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63307.exe
11⤵
PID:10532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7852 -s 220
11⤵
PID:12320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
10⤵
PID:9028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 216
9⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2248 -s 236
8⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62810.exe
7⤵
PID:4060

C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54209.exe
8⤵
PID:5168

C:\Users\Admin\AppData\Local\Temp\Unicorn-52922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52922.exe
9⤵
PID:9844

C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40222.exe
10⤵
PID:12788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9844 -s 216
10⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5168 -s 216
9⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4060 -s 216
8⤵
PID:7836

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
PID:5624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1636 -s 240
6⤵
- Program crash
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11612.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2180

C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51447.exe
6⤵
PID:944

C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49761.exe
7⤵
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3680.exe
8⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35833.exe
9⤵
PID:8120

C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39350.exe
10⤵
PID:11212

C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4178.exe
11⤵
PID:9152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8120 -s 236
10⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4216 -s 216
9⤵
PID:8788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 236
8⤵
PID:5752

C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57595.exe
7⤵
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64153.exe
8⤵
PID:5324

C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
9⤵
PID:8420

C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16084.exe
10⤵
PID:10296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8420 -s 216
10⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5324 -s 216
9⤵
PID:9500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3264 -s 216
8⤵
PID:6936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 944 -s 220
7⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12324.exe
6⤵
PID:1728

C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42702.exe
7⤵
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58424.exe
8⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25442.exe
9⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46428.exe
10⤵
PID:11020

C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9627.exe
11⤵
PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
10⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3720 -s 216
8⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1728 -s 236
7⤵
PID:5088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2180 -s 240
6⤵
- Program crash
PID:3608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
5⤵
- Program crash
PID:1236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:668

C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:820

C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2324

C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13913.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50904.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1048

C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62174.exe
8⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16703.exe
9⤵
PID:3712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21675.exe
10⤵
PID:4056

C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56281.exe
11⤵
PID:5524

C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34752.exe
12⤵
PID:8412

C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2109.exe
13⤵
PID:11992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8412 -s 220
13⤵
PID:12956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5524 -s 204
12⤵
PID:9696

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4056 -s 216
11⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3712 -s 236
10⤵
PID:5568

C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2001.exe
9⤵
PID:3212

C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7355.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18909.exe
11⤵
PID:8804

C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30431.exe
12⤵
PID:11624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8804 -s 220
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 220
11⤵
PID:9984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3212 -s 216
10⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 240
9⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19644.exe
8⤵
PID:3748

C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54347.exe
9⤵
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57947.exe
10⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18487.exe
11⤵
PID:8244

C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22971.exe
12⤵
PID:12228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8244 -s 216
12⤵
PID:13128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 236
11⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3468 -s 216
10⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3748 -s 236
9⤵
PID:5556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1048 -s 240
8⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19942.exe
7⤵
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17139.exe
8⤵
PID:4072

C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40827.exe
9⤵
PID:4832

C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10122.exe
10⤵
PID:7564

C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11890.exe
11⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7564 -s 236
11⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4832 -s 216
10⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4072 -s 216
9⤵
PID:6568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 236
8⤵
PID:4556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 240
7⤵
- Program crash
PID:3384

C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34295.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:708

C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33726.exe
7⤵
PID:628

C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43662.exe
8⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-52223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52223.exe
9⤵
PID:5652

C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11461.exe
10⤵
PID:8252

C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
11⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8252 -s 216
11⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5652 -s 216
10⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 216
9⤵
PID:7136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 628 -s 236
8⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19354.exe
7⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-55352.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55352.exe
8⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34918.exe
9⤵
PID:8356

C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18658.exe
10⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8356 -s 216
10⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 204
9⤵
PID:9648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 216
8⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 708 -s 220
7⤵
- Program crash
PID:4140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 240
6⤵
- Program crash
PID:1768

C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46690.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2744

C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38510.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26435.exe
7⤵
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64855.exe
8⤵
PID:3364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31535.exe
9⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61673.exe
10⤵
PID:8332

C:\Users\Admin\AppData\Local\Temp\Unicorn-59674.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59674.exe
11⤵
PID:12552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8332 -s 236
11⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 236
10⤵
PID:10732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3364 -s 216
9⤵
PID:7548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 216
8⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23028.exe
7⤵
PID:3788

C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5082.exe
8⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24591.exe
9⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2404.exe
10⤵
PID:10812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 216
10⤵
PID:12384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
9⤵
PID:9400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3788 -s 216
8⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 220
7⤵
- Program crash
PID:4164

C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14628.exe
6⤵
PID:1240

C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21623.exe
7⤵
PID:3304

C:\Users\Admin\AppData\Local\Temp\Unicorn-60728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60728.exe
8⤵
PID:5032

C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5322.exe
9⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32529.exe
10⤵
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
10⤵
PID:11360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5032 -s 216
9⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3304 -s 216
8⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1240 -s 216
7⤵
PID:4908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2744 -s 220
6⤵
- Program crash
PID:3684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2324 -s 240
5⤵
- Program crash
PID:488

C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42563.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33883.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1437.exe
7⤵
PID:896

C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31415.exe
8⤵
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39291.exe
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35520.exe
10⤵
PID:8472

C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40542.exe
11⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8472 -s 220
11⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 204
10⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3244 -s 216
9⤵
PID:6776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 896 -s 216
8⤵
PID:4964

C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44990.exe
7⤵
PID:3356

C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25944.exe
8⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42598.exe
9⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29099.exe
10⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
10⤵
PID:5408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 204
9⤵
PID:9540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3356 -s 216
8⤵
PID:6944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
7⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60264.exe
6⤵
PID:1792

C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42899.exe
7⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20961.exe
8⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
9⤵
PID:9492

C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26618.exe
10⤵
PID:12516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9492 -s 216
10⤵
PID:13232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 216
9⤵
PID:10776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
8⤵
PID:7820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1792 -s 236
7⤵
PID:5956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 240
6⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49947.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30078.exe
6⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8690.exe
7⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16384.exe
8⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25060.exe
9⤵
PID:9740

C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9410.exe
10⤵
PID:11460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9740 -s 220
10⤵
PID:12540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
9⤵
PID:10912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3144 -s 216
8⤵
PID:7828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
7⤵
PID:5708

C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8560.exe
6⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4925.exe
7⤵
PID:5260

C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6502.exe
8⤵
PID:9660

C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44856.exe
9⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9660 -s 220
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5260 -s 216
8⤵
PID:10888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 216
7⤵
PID:7868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 220
6⤵
PID:5700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2156 -s 240
5⤵
- Program crash
PID:2036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 820 -s 240
4⤵
- Program crash
PID:2284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 240
2⤵
- Program crash
PID:2660

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-20189.exe
Filesize
184KB

MD5
f8f9df4db915c1994d9c1abbedef4ae2

SHA1
c2f368b36ccd9ac2378f5a1b1899bc0e2e394358

SHA256
bd9374c89418ab02eef92776c29e1fc83f67fedee0a61b6554544d480a7a0064

SHA512
9d3a2e485dfcbee170b6864872539d9e3644a66ea6f01c43013e10b74c8eea71a6048c5f726b07bba25fa71a6af98dcd47f1a1657fef3d473970871c0be27dd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-22810.exe
Filesize
184KB

MD5
14212e30f3b91d8abcdd7b4cff73e907

SHA1
4e535c1b879b5dc41a2bddd5ac58474b7faf8be0

SHA256
b4de550075da6f8f79bfa470dd21ec8bd2bded9aaea340defa56839e8e2333a4

SHA512
2e248072e3302fe7684ee0db2eda491c21586aa43ed35342fd5fe4a85794240f2304f9c61d14bdbcdb37e6e2d556c013b03a3b5285731e4337285991e6054326

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38331.exe
Filesize
184KB

MD5
ee3defde7be22f3ea6e68102828519c9

SHA1
81e24d7217d23c25245c9d108216abf11761a432

SHA256
e6c1e094a9558a6c4c392e8b239deb80d7c60f742d9ce9bcf1ee91654514e42f

SHA512
064d56481c705a5f74e8294674d0f436f0ca383b710926b2bdcf1b7f75e0afb408f288ee299615e01559705b35535e579352882038ef14d5564dbc7891c3596e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-48647.exe
Filesize
184KB

MD5
f4eefae8ce6ee16cdcb35e7cc7eec74b

SHA1
df060920addf9f37212d700cb79ef07e493cb4b2

SHA256
548353e671bf4455c56b301a8b27b4949860686c4871708c93851033c9a46968

SHA512
c60d6efbf9add77e7e6c9cd40e4b9e61a4fc60dedc5f1543f145473a7aa2e7d4580f8ac266df30df8c00e5be4d12f99a099ad79cbd140c4b0c1954f8c8837fcc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-49918.exe
Filesize
184KB

MD5
6115e5ceca640f656c5f8c8c37268f90

SHA1
90cf2eb80229a09ec6c9fe219988b204765d770a

SHA256
4ee16bd4d65ada410276ad52597bca26801bf30b5d55dd83b8fe170f38df82a3

SHA512
ee54bbaad65a3ba11201983b2e5670b52cc1b51dd38053bf57b50a1038ca91b529e60ddc9472a7137450ea7804f1a123edbc7e9a43598b6b1de6df08db6bc165

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-54183.exe
Filesize
184KB

MD5
63d9346a1345f346e7db48c68d8669e8

SHA1
4e10ec6e4b33025f7568f0e8b5fb9286efa216c4

SHA256
2ee6008de18f76ac7b77ca1802240393588a54775619967ed8f716c068db04e3

SHA512
6ada8af785d8c550a4bcafd490316226e8c1d50198b7b70ababf94566b39b0764694195f9a374a4ae7cd515ccc17bc16525c1aa0e8c8011187a559b42c1704de

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5737.exe
Filesize
184KB

MD5
39ee4f2ac438999160d892bbd2f1b642

SHA1
810a36fc06fe1355656f0e3cef2460afdae130b7

SHA256
ee0122de336aaef9bb39f058c1fb6728e97150174b7bde6e96b2e77e9de79d99

SHA512
31cdc67d3c89d3243495dafe1b3cecad5388ecc489d4336b3117f6499359a4cc962adb8eee7ac885e3b6eb2ca3b37a1829028f3e09a08c922709a9172dcd8e31

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-59047.exe
Filesize
184KB

MD5
c04236ec7563436dcb0991eba85d9685

SHA1
61aaf0bce91fc7148a2d18dedbbdc6c2d290d625

SHA256
d1eae0469fd726480ef4e4297919fdc8f6a728d563b913a52afcdb61f65d0382

SHA512
0df9f1e646f43bbd96133adfca4102bea2792a75546e48d07237a404247796d10d81c87ccc69412da5bad23b817fc0cf20b2ee5ee2823762a1cc97155ee0724a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6355.exe
Filesize
184KB

MD5
57c6f13664fdbb1f1f8ff9546e53627f

SHA1
0a0e6cff1a4fd01cbcf2b448d3b4f0cda4231cc4

SHA256
8af62ac575b34d7f081b5e65705ee05c55fc88e42fa640f514944c4adad84fe2

SHA512
494310e3e9ec3db09f2372fc19e183081aa70f2f6f0d04517a024a6e695654fe8e9799779ad9a02abaabacbd052f108e7f81006cfe9f4a22ac07f199f59345b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6413.exe
Filesize
184KB

MD5
44fea0ff5372d5c47528cab9e59a506f

SHA1
12037a020de7ebbac5faec8ff018930a0812c259

SHA256
9cc612878208c1bcbcf0b1d62f9e0196e2eeba52170003b53c5ea33dc16350b4

SHA512
db5968adf8f0f35516a8f65193959dbb6900bd0edac9e03faa555981e3d59dceba35fc6d42e750f03abfc28a97d13145f83161a32860af5bec57f828acfc792a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-9820.exe
Filesize
184KB

MD5
d3ed7fd16de4774ecd09f2be851bf483

SHA1
1c65b6e94ed94467a8c3ed77e76cfa10a1793349

SHA256
d4c1cb2ecf16507d4fb84b40687a8c03fcc4ff6253100cf54572741e16a9f801

SHA512
98b9a0d6e33980b78ac324b0ba14d6735993cb960ff6f1bca34ba62fc933715304459c266ebeff6310ab60f232fdf8265118abc4ffbe034d466fe9baf333f3f5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11932.exe
Filesize
184KB

MD5
f509988bb77055067622ed35b8c0217b

SHA1
868960a1b8c7f92b6c6b6bf90f7b5bb80650b3cc

SHA256
7b30f036c500d4f216cde6681aa72a1da6cddde2b61741063d7795bbb114003a

SHA512
6bfda0c4f55d2d814bccb7c913b734e468e92d22832ffde5e090d378a343deb2d7780d0c32620e4ea71f8332ba71366c5270ed677557ccf62f848de07c6c5078

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-14907.exe
Filesize
184KB

MD5
f6cdd4e295d7e0557bd559ce9e60c661

SHA1
800256c79d7c9b0857df0d33039542ef26870891

SHA256
71401bceff42a6bf8de5dae1fff1b5f2c1c7430994602ffbaa9b1222d2eb5dc6

SHA512
4a05c7a8c4ae91d2396ba78a6fe2739f5afe92cb0f3ab6f5be6e83cb9a63c7be6d066a99a653cf3e164ae39697fd23bf088185b2b6689316b87664a6a99b0f9e

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-18999.exe
Filesize
184KB

MD5
dd1a5001e9cf28fe3473b69e44d0f0ce

SHA1
6218a3fde68ed738171eb3289632c926dc2b61e7

SHA256
c16ad6acc5d82b1f765afb723c98f498b46f22ee8ad92093fd2ddde00f482c27

SHA512
32b09f2a86c9e0a56f24dfe4f218885322caa86119ef09eee054c19b4719a96d915024d689d7e9c2d690ddcee0704ff8286c6f6c225fb00d38a8d9a7a6101b76

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-27490.exe
Filesize
184KB

MD5
4b7b859e48f817ce990614ab013ca8dd

SHA1
39e00592c1021c317f4bf9620c0bab7dc267df00

SHA256
4064cdb2b0f7860800721e91c4939baeeb5880b9321567ab9f6be48afb075094

SHA512
2ce2301fffd8f419c04150d8206611a60c1b5d0edc07c0da0a580d299365a198b86841fc1874e8e54b86c57e9b0dc938ba65ba92606116028a867d9ad2dad567

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-32566.exe
Filesize
184KB

MD5
cb718e9dcc8b57b1942de94a03e80aa6

SHA1
1e6bda29e9f127753e4c21a962eb1d1e47f78e01

SHA256
f5bbc677fd8063d04de4c3513e3eeabd281837803dcefb387a93630e6a22d6ff

SHA512
2c69478661f8c7eb41736f7168035054b91f7920d60127e0887d8630f62ef9f84f120e467655de4f5616ec24b9eedaba31b5371b27b7f7515b3d169d90b90ecf

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-3923.exe
Filesize
184KB

MD5
e09ce8a8a78cb018d7e5d1ecbe4d3899

SHA1
05d6ffd0666474f00c8b449744f6739b8cced3f7

SHA256
2ce21248b46b94e9451eddd5e6fcdeac9d121a4bb0456780ddfbe41a6cc60b7c

SHA512
b1f61818df3aa482e2b04741b88116143cabc0afd175502c44b41cdd3acbb126780a1b6e99ee6cd1a25a795d7f1fe75bef9a258bd0a9dd90ad7b43c1f6646ad1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45145.exe
Filesize
184KB

MD5
646eeed42aa4b6adcec6ebf44047058f

SHA1
79cc448334139dc61582f4435b27405c63a74841

SHA256
2f6766ff32bc5127d2588fbf032821f7ba8646a1bdafbb424f2dcfade7e6f46a

SHA512
41a08413d16377f07ca316038de8edf98a4c8d9caa9a75e9446d120c2536eb2bfe46aa9310f9078e15fba620c00e1454195c82192d18c09c05a48c89adfba170

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-49595.exe
Filesize
184KB

MD5
1170d3e68a04ff68f038477ab9319cdc

SHA1
56d6c671a944592d870d382b77ab2fa15bad8818

SHA256
960e3b2b90782d1be9591821adf2f30d1da13ba8daac86d8dc310a8b625ff300

SHA512
8e2b52c646b18321746961cb18c50541148d084c482862cfdc156c1aa81b9f64c628be1e4b8af094e6f1318b633699c34f2f824b3cb02bc67758dde1464d973d

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-64662.exe
Filesize
184KB

MD5
118942f8d08a853de0cdf46eada4b77b

SHA1
da480327a39f8ea59b62b0297d393f68456ffa4a

SHA256
e91ab3604db4031e6c06d994694ea5533cccda2fe5881fc73af54add1cf4fac6

SHA512
b2d7a7dd5b167364c2b0e9d3d97dce94b381e812401dddc1fb510cfe4a7a47a30caa74421cb39152b0ea267fe3a9bf632170b7bccea083360220ba437a34b633

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads