9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17

Analysis

max time kernel
150s
max time network
119s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
Size

184KB
MD5

92df3c8314f697ff6d9f7a1bdff17a27
SHA1

fbc92182424681e822d10f056b6ad4d4a130449b
SHA256

9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17
SHA512

0fb09fc7aa206482614ddf82cf34c0b1e53b5d2e39968bfbd51b8c2fba2944223831a09197e2335f3e943125cd8214170999f3a2b3d1faff02ff678de4b91bf5
SSDEEP

3072:t4vydxou7fvm3UFfetzLaWqnhlowiFQn3:t4SowEUFMLlqnhlowiFQ

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-48652.exeUnicorn-13048.exeUnicorn-58720.exeUnicorn-55133.exeUnicorn-21370.exeUnicorn-5022.exeUnicorn-6138.exeUnicorn-25115.exeUnicorn-39100.exeUnicorn-6629.exeUnicorn-53547.exeUnicorn-23013.exeUnicorn-3147.exeUnicorn-10849.exeUnicorn-30715.exeUnicorn-18110.exeUnicorn-41086.exeUnicorn-33965.exeUnicorn-37578.exeUnicorn-7043.exeUnicorn-4007.exeUnicorn-6748.exeUnicorn-40983.exeUnicorn-34630.exeUnicorn-24730.exeUnicorn-4864.exeUnicorn-30563.exeUnicorn-44932.exeUnicorn-11429.exeUnicorn-11237.exeUnicorn-50080.exeUnicorn-63593.exeUnicorn-30214.exeUnicorn-43727.exeUnicorn-24054.exeUnicorn-54972.exeUnicorn-53472.exeUnicorn-18853.exeUnicorn-36223.exeUnicorn-37183.exeUnicorn-34146.exeUnicorn-39461.exeUnicorn-40255.exeUnicorn-11749.exeUnicorn-11749.exeUnicorn-11879.exeUnicorn-12709.exeUnicorn-12455.exeUnicorn-12455.exeUnicorn-12455.exeUnicorn-8267.exeUnicorn-8267.exeUnicorn-15931.exeUnicorn-45349.exeUnicorn-32184.exeUnicorn-25447.exeUnicorn-13278.exeUnicorn-55998.exeUnicorn-18343.exeUnicorn-18884.exeUnicorn-51374.exeUnicorn-21956.exeUnicorn-52874.exeUnicorn-4166.exe

pid	process
2732	Unicorn-48652.exe
2668	Unicorn-13048.exe
2688	Unicorn-58720.exe
2588	Unicorn-55133.exe
2648	Unicorn-21370.exe
756	Unicorn-5022.exe
1364	Unicorn-6138.exe
2740	Unicorn-25115.exe
2120	Unicorn-39100.exe
1912	Unicorn-6629.exe
1428	Unicorn-53547.exe
2968	Unicorn-23013.exe
2884	Unicorn-3147.exe
568	Unicorn-10849.exe
300	Unicorn-30715.exe
1468	Unicorn-18110.exe
2420	Unicorn-41086.exe
3016	Unicorn-33965.exe
404	Unicorn-37578.exe
2992	Unicorn-7043.exe
2224	Unicorn-4007.exe
1832	Unicorn-6748.exe
2976	Unicorn-40983.exe
1968	Unicorn-34630.exe
824	Unicorn-24730.exe
1100	Unicorn-4864.exe
2168	Unicorn-30563.exe
2356	Unicorn-44932.exe
1512	Unicorn-11429.exe
2908	Unicorn-11237.exe
2344	Unicorn-50080.exe
2796	Unicorn-63593.exe
3060	Unicorn-30214.exe
2592	Unicorn-43727.exe
2524	Unicorn-24054.exe
2032	Unicorn-54972.exe
1484	Unicorn-53472.exe
1524	Unicorn-18853.exe
1852	Unicorn-36223.exe
1648	Unicorn-37183.exe
1720	Unicorn-34146.exe
2092	Unicorn-39461.exe
2880	Unicorn-40255.exe
2148	Unicorn-11749.exe
2924	Unicorn-11749.exe
2212	Unicorn-11879.exe
2488	Unicorn-12709.exe
2736	Unicorn-12455.exe
2812	Unicorn-12455.exe
768	Unicorn-12455.exe
1408	Unicorn-8267.exe
1724	Unicorn-8267.exe
1972	Unicorn-15931.exe
2836	Unicorn-45349.exe
2432	Unicorn-32184.exe
2784	Unicorn-25447.exe
1500	Unicorn-13278.exe
2280	Unicorn-55998.exe
2352	Unicorn-18343.exe
2604	Unicorn-18884.exe
2652	Unicorn-51374.exe
2516	Unicorn-21956.exe
1964	Unicorn-52874.exe
2088	Unicorn-4166.exe

Loads dropped DLL 64 IoCs

Processes:

9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exeUnicorn-48652.exeUnicorn-13048.exeWerFault.exeUnicorn-58720.exeUnicorn-21370.exeWerFault.exeWerFault.exeUnicorn-5022.exeUnicorn-55133.exeUnicorn-25115.exeUnicorn-6138.exeWerFault.exeWerFault.exeUnicorn-39100.exeUnicorn-6629.exeUnicorn-53547.exeUnicorn-3147.exe

pid	process
1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
2732	Unicorn-48652.exe
1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
2732	Unicorn-48652.exe
1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
2732	Unicorn-48652.exe
2668	Unicorn-13048.exe
2668	Unicorn-13048.exe
2732	Unicorn-48652.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2500	WerFault.exe
2688	Unicorn-58720.exe
2688	Unicorn-58720.exe
2648	Unicorn-21370.exe
2648	Unicorn-21370.exe
2668	Unicorn-13048.exe
2668	Unicorn-13048.exe
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
1020	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1676	WerFault.exe
1020	WerFault.exe
756	Unicorn-5022.exe
756	Unicorn-5022.exe
2588	Unicorn-55133.exe
2588	Unicorn-55133.exe
2740	Unicorn-25115.exe
2740	Unicorn-25115.exe
2648	Unicorn-21370.exe
2648	Unicorn-21370.exe
1364	Unicorn-6138.exe
1364	Unicorn-6138.exe
2200	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
2292	WerFault.exe
2200	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2292	WerFault.exe
2200	WerFault.exe
2200	WerFault.exe
756	Unicorn-5022.exe
756	Unicorn-5022.exe
2200	WerFault.exe
2120	Unicorn-39100.exe
2120	Unicorn-39100.exe
2292	WerFault.exe
1912	Unicorn-6629.exe
1912	Unicorn-6629.exe
1428	Unicorn-53547.exe
1428	Unicorn-53547.exe
2740	Unicorn-25115.exe
2740	Unicorn-25115.exe
2884	Unicorn-3147.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2708	1632	WerFault.exe	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
2500	2732	WerFault.exe	Unicorn-48652.exe
1020	2688	WerFault.exe	Unicorn-58720.exe
1676	2668	WerFault.exe	Unicorn-13048.exe
2200	2648	WerFault.exe	Unicorn-21370.exe
2292	2588	WerFault.exe	Unicorn-55133.exe
1016	756	WerFault.exe	Unicorn-5022.exe
808	2740	WerFault.exe	Unicorn-25115.exe
3052	1364	WerFault.exe	Unicorn-6138.exe
2760	2120	WerFault.exe	Unicorn-39100.exe
2712	1912	WerFault.exe	Unicorn-6629.exe
2460	1428	WerFault.exe	Unicorn-53547.exe
1884	2884	WerFault.exe	Unicorn-3147.exe
1536	2968	WerFault.exe	Unicorn-23013.exe
112	568	WerFault.exe	Unicorn-10849.exe
832	300	WerFault.exe	Unicorn-30715.exe
440	1468	WerFault.exe	Unicorn-18110.exe
868	2420	WerFault.exe	Unicorn-41086.exe
2816	3016	WerFault.exe	Unicorn-33965.exe
2368	404	WerFault.exe	Unicorn-37578.exe
1712	2992	WerFault.exe	Unicorn-7043.exe
2316	2224	WerFault.exe	Unicorn-4007.exe
2716	1832	WerFault.exe	Unicorn-6748.exe
2556	2976	WerFault.exe	Unicorn-40983.exe
2752	1100	WerFault.exe	Unicorn-4864.exe
2452	1968	WerFault.exe	Unicorn-34630.exe
2124	824	WerFault.exe	Unicorn-24730.exe
1488	2356	WerFault.exe	Unicorn-44932.exe
2248	1512	WerFault.exe	Unicorn-11429.exe
2332	2168	WerFault.exe	Unicorn-30563.exe
2196	2908	WerFault.exe	Unicorn-11237.exe
532	2344	WerFault.exe	Unicorn-50080.exe
1656	3060	WerFault.exe	Unicorn-30214.exe
600	2592	WerFault.exe	Unicorn-43727.exe
2412	2796	WerFault.exe	Unicorn-63593.exe
3592	2032	WerFault.exe	Unicorn-54972.exe
3720	1852	WerFault.exe	Unicorn-36223.exe
3728	2524	WerFault.exe	Unicorn-24054.exe
3756	1524	WerFault.exe	Unicorn-18853.exe
3800	1648	WerFault.exe	Unicorn-37183.exe
3808	1720	WerFault.exe	Unicorn-34146.exe
3852	2924	WerFault.exe	Unicorn-11749.exe
3868	1484	WerFault.exe	Unicorn-53472.exe
3976	1408	WerFault.exe	Unicorn-8267.exe
4000	2880	WerFault.exe	Unicorn-40255.exe
4076	2092	WerFault.exe	Unicorn-39461.exe
4084	768	WerFault.exe	Unicorn-12455.exe
2704	2148	WerFault.exe	Unicorn-11749.exe
1684	2736	WerFault.exe	Unicorn-12455.exe
3164	2812	WerFault.exe	Unicorn-12455.exe
3240	2212	WerFault.exe	Unicorn-11879.exe
3344	1724	WerFault.exe	Unicorn-8267.exe
3372	2488	WerFault.exe	Unicorn-12709.exe
4092	2280	WerFault.exe	Unicorn-55998.exe
3436	2516	WerFault.exe	Unicorn-21956.exe
3468	1860	WerFault.exe	Unicorn-3050.exe
3480	2088	WerFault.exe	Unicorn-4166.exe
3232	316	WerFault.exe	Unicorn-15235.exe
3288	2932	WerFault.exe	Unicorn-6003.exe
3236	1132	WerFault.exe	Unicorn-62983.exe
3428	1668	WerFault.exe	Unicorn-58935.exe
3432	1256	WerFault.exe	Unicorn-62983.exe
3464	804	WerFault.exe	Unicorn-13263.exe
3548	2220	WerFault.exe	Unicorn-44234.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exeUnicorn-48652.exeUnicorn-58720.exeUnicorn-13048.exeUnicorn-21370.exeUnicorn-55133.exeUnicorn-5022.exeUnicorn-25115.exeUnicorn-6138.exeUnicorn-39100.exeUnicorn-6629.exeUnicorn-53547.exeUnicorn-3147.exeUnicorn-23013.exeUnicorn-10849.exeUnicorn-30715.exeUnicorn-18110.exeUnicorn-41086.exeUnicorn-33965.exeUnicorn-37578.exeUnicorn-7043.exeUnicorn-4007.exeUnicorn-6748.exeUnicorn-40983.exeUnicorn-34630.exeUnicorn-4864.exeUnicorn-24730.exeUnicorn-30563.exeUnicorn-44932.exeUnicorn-11429.exeUnicorn-11237.exeUnicorn-50080.exeUnicorn-63593.exeUnicorn-30214.exeUnicorn-43727.exeUnicorn-24054.exeUnicorn-54972.exeUnicorn-53472.exeUnicorn-18853.exeUnicorn-36223.exeUnicorn-37183.exeUnicorn-34146.exeUnicorn-39461.exeUnicorn-40255.exeUnicorn-11749.exeUnicorn-11749.exeUnicorn-11879.exeUnicorn-12709.exeUnicorn-12455.exeUnicorn-12455.exeUnicorn-12455.exeUnicorn-8267.exeUnicorn-8267.exeUnicorn-15931.exeUnicorn-45349.exeUnicorn-32184.exeUnicorn-25447.exeUnicorn-13278.exeUnicorn-18343.exeUnicorn-55998.exeUnicorn-18884.exeUnicorn-51374.exeUnicorn-21956.exeUnicorn-52874.exe

pid	process
1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
2732	Unicorn-48652.exe
2688	Unicorn-58720.exe
2668	Unicorn-13048.exe
2648	Unicorn-21370.exe
2588	Unicorn-55133.exe
756	Unicorn-5022.exe
2740	Unicorn-25115.exe
1364	Unicorn-6138.exe
2120	Unicorn-39100.exe
1912	Unicorn-6629.exe
1428	Unicorn-53547.exe
2884	Unicorn-3147.exe
2968	Unicorn-23013.exe
568	Unicorn-10849.exe
300	Unicorn-30715.exe
1468	Unicorn-18110.exe
2420	Unicorn-41086.exe
3016	Unicorn-33965.exe
404	Unicorn-37578.exe
2992	Unicorn-7043.exe
2224	Unicorn-4007.exe
1832	Unicorn-6748.exe
2976	Unicorn-40983.exe
1968	Unicorn-34630.exe
1100	Unicorn-4864.exe
824	Unicorn-24730.exe
2168	Unicorn-30563.exe
2356	Unicorn-44932.exe
1512	Unicorn-11429.exe
2908	Unicorn-11237.exe
2344	Unicorn-50080.exe
2796	Unicorn-63593.exe
3060	Unicorn-30214.exe
2592	Unicorn-43727.exe
2524	Unicorn-24054.exe
2032	Unicorn-54972.exe
1484	Unicorn-53472.exe
1524	Unicorn-18853.exe
1852	Unicorn-36223.exe
1648	Unicorn-37183.exe
1720	Unicorn-34146.exe
2092	Unicorn-39461.exe
2880	Unicorn-40255.exe
2924	Unicorn-11749.exe
2148	Unicorn-11749.exe
2212	Unicorn-11879.exe
2488	Unicorn-12709.exe
2736	Unicorn-12455.exe
2812	Unicorn-12455.exe
768	Unicorn-12455.exe
1408	Unicorn-8267.exe
1724	Unicorn-8267.exe
1972	Unicorn-15931.exe
2836	Unicorn-45349.exe
2432	Unicorn-32184.exe
2784	Unicorn-25447.exe
1500	Unicorn-13278.exe
2352	Unicorn-18343.exe
2280	Unicorn-55998.exe
2604	Unicorn-18884.exe
2652	Unicorn-51374.exe
2516	Unicorn-21956.exe
1964	Unicorn-52874.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exeUnicorn-48652.exeUnicorn-13048.exeUnicorn-58720.exeUnicorn-21370.exeUnicorn-5022.exeUnicorn-55133.exeUnicorn-25115.exe

description	pid	process	target process
PID 1632 wrote to memory of 2732	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-48652.exe
PID 1632 wrote to memory of 2732	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-48652.exe
PID 1632 wrote to memory of 2732	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-48652.exe
PID 1632 wrote to memory of 2732	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-48652.exe
PID 2732 wrote to memory of 2668	2732	Unicorn-48652.exe	Unicorn-13048.exe
PID 2732 wrote to memory of 2668	2732	Unicorn-48652.exe	Unicorn-13048.exe
PID 2732 wrote to memory of 2668	2732	Unicorn-48652.exe	Unicorn-13048.exe
PID 2732 wrote to memory of 2668	2732	Unicorn-48652.exe	Unicorn-13048.exe
PID 1632 wrote to memory of 2688	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-58720.exe
PID 1632 wrote to memory of 2688	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-58720.exe
PID 1632 wrote to memory of 2688	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-58720.exe
PID 1632 wrote to memory of 2688	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	Unicorn-58720.exe
PID 1632 wrote to memory of 2708	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	WerFault.exe
PID 1632 wrote to memory of 2708	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	WerFault.exe
PID 1632 wrote to memory of 2708	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	WerFault.exe
PID 1632 wrote to memory of 2708	1632	9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe	WerFault.exe
PID 2668 wrote to memory of 2588	2668	Unicorn-13048.exe	Unicorn-55133.exe
PID 2668 wrote to memory of 2588	2668	Unicorn-13048.exe	Unicorn-55133.exe
PID 2668 wrote to memory of 2588	2668	Unicorn-13048.exe	Unicorn-55133.exe
PID 2668 wrote to memory of 2588	2668	Unicorn-13048.exe	Unicorn-55133.exe
PID 2732 wrote to memory of 2648	2732	Unicorn-48652.exe	Unicorn-21370.exe
PID 2732 wrote to memory of 2648	2732	Unicorn-48652.exe	Unicorn-21370.exe
PID 2732 wrote to memory of 2648	2732	Unicorn-48652.exe	Unicorn-21370.exe
PID 2732 wrote to memory of 2648	2732	Unicorn-48652.exe	Unicorn-21370.exe
PID 2732 wrote to memory of 2500	2732	Unicorn-48652.exe	WerFault.exe
PID 2732 wrote to memory of 2500	2732	Unicorn-48652.exe	WerFault.exe
PID 2732 wrote to memory of 2500	2732	Unicorn-48652.exe	WerFault.exe
PID 2732 wrote to memory of 2500	2732	Unicorn-48652.exe	WerFault.exe
PID 2688 wrote to memory of 756	2688	Unicorn-58720.exe	Unicorn-5022.exe
PID 2688 wrote to memory of 756	2688	Unicorn-58720.exe	Unicorn-5022.exe
PID 2688 wrote to memory of 756	2688	Unicorn-58720.exe	Unicorn-5022.exe
PID 2688 wrote to memory of 756	2688	Unicorn-58720.exe	Unicorn-5022.exe
PID 2648 wrote to memory of 1364	2648	Unicorn-21370.exe	Unicorn-6138.exe
PID 2648 wrote to memory of 1364	2648	Unicorn-21370.exe	Unicorn-6138.exe
PID 2648 wrote to memory of 1364	2648	Unicorn-21370.exe	Unicorn-6138.exe
PID 2648 wrote to memory of 1364	2648	Unicorn-21370.exe	Unicorn-6138.exe
PID 2668 wrote to memory of 2740	2668	Unicorn-13048.exe	Unicorn-25115.exe
PID 2668 wrote to memory of 2740	2668	Unicorn-13048.exe	Unicorn-25115.exe
PID 2668 wrote to memory of 2740	2668	Unicorn-13048.exe	Unicorn-25115.exe
PID 2668 wrote to memory of 2740	2668	Unicorn-13048.exe	Unicorn-25115.exe
PID 2688 wrote to memory of 1020	2688	Unicorn-58720.exe	WerFault.exe
PID 2688 wrote to memory of 1020	2688	Unicorn-58720.exe	WerFault.exe
PID 2688 wrote to memory of 1020	2688	Unicorn-58720.exe	WerFault.exe
PID 2688 wrote to memory of 1020	2688	Unicorn-58720.exe	WerFault.exe
PID 2668 wrote to memory of 1676	2668	Unicorn-13048.exe	WerFault.exe
PID 2668 wrote to memory of 1676	2668	Unicorn-13048.exe	WerFault.exe
PID 2668 wrote to memory of 1676	2668	Unicorn-13048.exe	WerFault.exe
PID 2668 wrote to memory of 1676	2668	Unicorn-13048.exe	WerFault.exe
PID 756 wrote to memory of 2120	756	Unicorn-5022.exe	Unicorn-39100.exe
PID 756 wrote to memory of 2120	756	Unicorn-5022.exe	Unicorn-39100.exe
PID 756 wrote to memory of 2120	756	Unicorn-5022.exe	Unicorn-39100.exe
PID 756 wrote to memory of 2120	756	Unicorn-5022.exe	Unicorn-39100.exe
PID 2588 wrote to memory of 1912	2588	Unicorn-55133.exe	Unicorn-6629.exe
PID 2588 wrote to memory of 1912	2588	Unicorn-55133.exe	Unicorn-6629.exe
PID 2588 wrote to memory of 1912	2588	Unicorn-55133.exe	Unicorn-6629.exe
PID 2588 wrote to memory of 1912	2588	Unicorn-55133.exe	Unicorn-6629.exe
PID 2740 wrote to memory of 1428	2740	Unicorn-25115.exe	Unicorn-53547.exe
PID 2740 wrote to memory of 1428	2740	Unicorn-25115.exe	Unicorn-53547.exe
PID 2740 wrote to memory of 1428	2740	Unicorn-25115.exe	Unicorn-53547.exe
PID 2740 wrote to memory of 1428	2740	Unicorn-25115.exe	Unicorn-53547.exe
PID 2648 wrote to memory of 2884	2648	Unicorn-21370.exe	Unicorn-3147.exe
PID 2648 wrote to memory of 2884	2648	Unicorn-21370.exe	Unicorn-3147.exe
PID 2648 wrote to memory of 2884	2648	Unicorn-21370.exe	Unicorn-3147.exe
PID 2648 wrote to memory of 2884	2648	Unicorn-21370.exe	Unicorn-3147.exe

C:\Users\Admin\AppData\Local\Temp\9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe
"C:\Users\Admin\AppData\Local\Temp\9d2b850c6a7d81e94b5403724e26041c69f1523e014cefb87cfc01fc89f48d17.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1632

C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2732

C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18110.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24730.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:824

C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37183.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1648

C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52874.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23392.exe
10⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23884.exe
11⤵
PID:3556

C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
12⤵
PID:5264

C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13709.exe
13⤵
PID:6684

C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10822.exe
14⤵
PID:10096

C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7787.exe
15⤵
PID:932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10096 -s 220
15⤵
PID:13248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6684 -s 216
14⤵
PID:10584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5264 -s 216
13⤵
PID:8316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3556 -s 236
12⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
11⤵
PID:4552

C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
10⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21199.exe
11⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11089.exe
12⤵
PID:7680

C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
13⤵
PID:9824

C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24033.exe
14⤵
PID:12144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9824 -s 236
14⤵
PID:11784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7680 -s 216
13⤵
PID:11000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 216
12⤵
PID:8608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
11⤵
PID:6856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 240
10⤵
PID:4912

C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33676.exe
9⤵
PID:3020

C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60609.exe
10⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54642.exe
11⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34227.exe
12⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15454.exe
13⤵
PID:9924

C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15829.exe
14⤵
PID:12256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9924 -s 236
14⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
13⤵
PID:11036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
12⤵
PID:8908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3300 -s 216
11⤵
PID:7040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3020 -s 236
10⤵
PID:4176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1648 -s 240
9⤵
- Program crash
PID:3800

C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3050.exe
8⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53542.exe
9⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
10⤵
PID:3952

C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35893.exe
11⤵
PID:5788

C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36422.exe
11⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46364.exe
12⤵
PID:7848

C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21512.exe
13⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5102.exe
14⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7848 -s 216
13⤵
PID:11752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
12⤵
PID:9320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3952 -s 220
11⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 236
10⤵
PID:4392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1860 -s 236
9⤵
- Program crash
PID:3468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 824 -s 240
8⤵
- Program crash
PID:2124

C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34146.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1720

C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4166.exe
8⤵
- Executes dropped EXE
PID:2088

C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36329.exe
9⤵
PID:1956

C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11206.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3386.exe
11⤵
PID:5732

C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49429.exe
12⤵
PID:7764

C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
13⤵
PID:9888

C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15068.exe
14⤵
PID:12072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9888 -s 216
14⤵
PID:13304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7764 -s 216
13⤵
PID:11028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5732 -s 216
12⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4068 -s 216
11⤵
PID:7012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1956 -s 236
10⤵
PID:4380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2088 -s 236
9⤵
- Program crash
PID:3480

C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49686.exe
8⤵
PID:1288

C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47096.exe
9⤵
PID:3404

C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59832.exe
10⤵
PID:5808

C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
11⤵
PID:6300

C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14475.exe
12⤵
PID:9808

C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64327.exe
13⤵
PID:12196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9808 -s 216
13⤵
PID:12716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6300 -s 216
12⤵
PID:10392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5808 -s 216
11⤵
PID:7432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3404 -s 216
10⤵
PID:6312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1288 -s 236
9⤵
PID:4292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1720 -s 240
8⤵
- Program crash
PID:3808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 240
7⤵
- Program crash
PID:440

C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4864.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1100

C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36223.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55998.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45021.exe
9⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55425.exe
10⤵
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54068.exe
11⤵
PID:5208

C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46621.exe
12⤵
PID:7180

C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10036.exe
13⤵
PID:9448

C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28818.exe
14⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9448 -s 236
14⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7180 -s 216
13⤵
PID:10728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5208 -s 216
12⤵
PID:8444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3536 -s 216
11⤵
PID:6492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 216
10⤵
PID:4868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2280 -s 236
9⤵
- Program crash
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59914.exe
8⤵
PID:2512

C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26043.exe
9⤵
PID:3972

C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
10⤵
PID:5420

C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54182.exe
11⤵
PID:7464

C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
12⤵
PID:9628

C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57518.exe
13⤵
PID:4956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9628 -s 216
13⤵
PID:12372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7464 -s 216
12⤵
PID:10760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5420 -s 216
11⤵
PID:8508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 216
10⤵
PID:6604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2512 -s 216
9⤵
PID:4680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
8⤵
- Program crash
PID:3720

C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51374.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1305.exe
8⤵
PID:2400

C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37833.exe
9⤵
PID:3292

C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51956.exe
10⤵
PID:4344

C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24748.exe
11⤵
PID:7268

C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
12⤵
PID:9644

C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3174.exe
13⤵
PID:4228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9644 -s 220
13⤵
PID:7732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7268 -s 216
12⤵
PID:10752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4344 -s 216
11⤵
PID:8468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3292 -s 236
10⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2400 -s 236
9⤵
PID:4452

C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
8⤵
PID:3448

C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58676.exe
9⤵
PID:4356

C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33248.exe
10⤵
PID:6248

C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9286.exe
11⤵
PID:10132

C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46993.exe
12⤵
PID:6904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10132 -s 216
12⤵
PID:13088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6248 -s 216
11⤵
PID:10608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4356 -s 236
10⤵
PID:8368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 216
9⤵
PID:6336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 240
8⤵
PID:4404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1100 -s 240
7⤵
- Program crash
PID:2752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
6⤵
- Program crash
PID:2712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 236
5⤵
- Loads dropped DLL
- Program crash
PID:2292

C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2740

C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1428

C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41086.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2420

C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30563.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2168

C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13278.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1500

C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62042.exe
9⤵
PID:1748

C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8834.exe
10⤵
PID:3116

C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10233.exe
11⤵
PID:5336

C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24556.exe
12⤵
PID:7316

C:\Users\Admin\AppData\Local\Temp\Unicorn-27826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27826.exe
13⤵
PID:9392

C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59375.exe
14⤵
PID:12068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9392 -s 216
14⤵
PID:13116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7316 -s 216
13⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5336 -s 216
12⤵
PID:8500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3116 -s 216
11⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1748 -s 236
10⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17967.exe
9⤵
PID:3276

C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8697.exe
10⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
11⤵
PID:6824

C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3261.exe
12⤵
PID:9972

C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40325.exe
13⤵
PID:6964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9972 -s 220
13⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6824 -s 216
12⤵
PID:10556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 236
11⤵
PID:8240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3276 -s 216
10⤵
PID:6636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1500 -s 240
9⤵
PID:4780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 236
8⤵
- Program crash
PID:2332

C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13263.exe
8⤵
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
9⤵
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31614.exe
10⤵
PID:4348

C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61874.exe
11⤵
PID:6804

C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8097.exe
12⤵
PID:9664

C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42801.exe
13⤵
PID:11888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9664 -s 236
13⤵
PID:12420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6804 -s 216
12⤵
PID:10280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 236
11⤵
PID:7516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 216
10⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 236
9⤵
- Program crash
PID:3464

C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
8⤵
PID:860

C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43612.exe
9⤵
PID:4628

C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
10⤵
PID:5728

C:\Users\Admin\AppData\Local\Temp\Unicorn-58182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58182.exe
11⤵
PID:7688

C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8240.exe
12⤵
PID:9488

C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1325.exe
13⤵
PID:7364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9488 -s 236
13⤵
PID:2160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7688 -s 220
12⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5728 -s 216
11⤵
PID:8104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 216
10⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 860 -s 216
9⤵
PID:6116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
8⤵
- Program crash
PID:2704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2420 -s 240
7⤵
- Program crash
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44932.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2356

C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39461.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2092

C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
8⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
9⤵
PID:2364

C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
10⤵
PID:4316

C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6513.exe
11⤵
PID:6736

C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20215.exe
12⤵
PID:9636

C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
13⤵
PID:12024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9636 -s 216
13⤵
PID:12584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6736 -s 216
12⤵
PID:10272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4316 -s 216
11⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2364 -s 216
10⤵
PID:5772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 216
9⤵
- Program crash
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59027.exe
8⤵
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57561.exe
9⤵
PID:4532

C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26665.exe
10⤵
PID:5948

C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6229.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48035.exe
12⤵
PID:10268

C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24282.exe
13⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10268 -s 216
13⤵
PID:11448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 216
12⤵
PID:11772

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5948 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4532 -s 216
10⤵
PID:7920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2940 -s 236
9⤵
PID:6048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2092 -s 240
8⤵
- Program crash
PID:4076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2356 -s 236
7⤵
- Program crash
PID:1488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1428 -s 240
6⤵
- Program crash
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33965.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11429.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1512

C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40255.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2880

C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15235.exe
8⤵
PID:316

C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57237.exe
9⤵
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-664.exe
10⤵
PID:4232

C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17814.exe
11⤵
PID:5872

C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26686.exe
12⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-3127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3127.exe
13⤵
PID:10564

C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52113.exe
14⤵
PID:12844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10564 -s 216
14⤵
PID:12832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 236
13⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5872 -s 216
12⤵
PID:9228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4232 -s 216
11⤵
PID:6780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 236
10⤵
PID:5884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 316 -s 236
9⤵
- Program crash
PID:3232

C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6401.exe
8⤵
PID:2236

C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44624.exe
9⤵
PID:4396

C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39298.exe
10⤵
PID:5408

C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16769.exe
11⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10392.exe
12⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20269.exe
13⤵
PID:5076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10488 -s 216
13⤵
PID:12392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
12⤵
PID:11584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5408 -s 216
11⤵
PID:8932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4396 -s 216
10⤵
PID:6544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2236 -s 216
9⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2880 -s 240
8⤵
- Program crash
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
7⤵
PID:1420

C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48545.exe
8⤵
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33171.exe
9⤵
PID:4108

C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56147.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21218.exe
11⤵
PID:7292

C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8329.exe
12⤵
PID:9896

C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4907.exe
13⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9896 -s 216
13⤵
PID:13200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7292 -s 216
12⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:9140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4108 -s 216
10⤵
PID:6320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3380 -s 236
9⤵
PID:4248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1420 -s 236
8⤵
PID:3340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1512 -s 240
7⤵
- Program crash
PID:2248

C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11749.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\AppData\Local\Temp\Unicorn-1990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1990.exe
7⤵
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56001.exe
8⤵
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20600.exe
9⤵
PID:5716

C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43668.exe
10⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30781.exe
11⤵
PID:9956

C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11957.exe
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9956 -s 236
12⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 216
11⤵
PID:10540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3672 -s 216
9⤵
PID:6948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 236
8⤵
PID:4260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2924 -s 216
7⤵
- Program crash
PID:3852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3016 -s 240
6⤵
- Program crash
PID:2816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2740 -s 240
5⤵
- Program crash
PID:808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2648

C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1364

C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7043.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50080.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2344

C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18343.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1113.exe
9⤵
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
10⤵
PID:3508

C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31863.exe
11⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41561.exe
12⤵
PID:6744

C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21632.exe
13⤵
PID:9876

C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62267.exe
14⤵
PID:5304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9876 -s 216
14⤵
PID:12744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6744 -s 216
13⤵
PID:10468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3508 -s 216
11⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 236
10⤵
PID:4492

C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52534.exe
9⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19450.exe
10⤵
PID:5228

C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26284.exe
11⤵
PID:7208

C:\Users\Admin\AppData\Local\Temp\Unicorn-27826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27826.exe
12⤵
PID:9412

C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
13⤵
PID:12132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9412 -s 216
13⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7208 -s 216
12⤵
PID:10720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5228 -s 216
11⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 216
10⤵
PID:6484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 240
9⤵
PID:4528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2344 -s 216
8⤵
- Program crash
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
8⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35608.exe
9⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39964.exe
10⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54539.exe
11⤵
PID:5316

C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60313.exe
12⤵
PID:7232

C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30414.exe
13⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5953.exe
14⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7232 -s 216
13⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5316 -s 216
12⤵
PID:9352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
11⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 216
10⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
9⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
8⤵
PID:3348

C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26015.exe
9⤵
PID:4820

C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57159.exe
10⤵
PID:5984

C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25566.exe
11⤵
PID:7840

C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7369.exe
12⤵
PID:9940

C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24477.exe
13⤵
PID:7128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9940 -s 220
13⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7840 -s 216
12⤵
PID:11052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5984 -s 216
11⤵
PID:8924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4820 -s 216
10⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3348 -s 236
9⤵
PID:4264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1724 -s 240
8⤵
- Program crash
PID:3344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
7⤵
- Program crash
PID:1712

C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43727.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62983.exe
8⤵
PID:1132

C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63407.exe
9⤵
PID:2348

C:\Users\Admin\AppData\Local\Temp\Unicorn-58521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58521.exe
10⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36127.exe
11⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23039.exe
12⤵
PID:7872

C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23044.exe
13⤵
PID:10180

C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30213.exe
14⤵
PID:11976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10180 -s 236
14⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7872 -s 216
13⤵
PID:10920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
12⤵
PID:8896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
11⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2348 -s 216
10⤵
PID:5684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1132 -s 216
9⤵
- Program crash
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-42171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42171.exe
8⤵
PID:1612

C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25221.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47191.exe
10⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60692.exe
11⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40033.exe
12⤵
PID:10668

C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25175.exe
13⤵
PID:12816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10668 -s 216
13⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 236
12⤵
PID:11820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1612 -s 216
9⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2812 -s 220
8⤵
- Program crash
PID:3164

C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6003.exe
7⤵
PID:2932

C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13329.exe
8⤵
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8469.exe
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50963.exe
10⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1873.exe
11⤵
PID:7736

C:\Users\Admin\AppData\Local\Temp\Unicorn-27167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27167.exe
12⤵
PID:9792

C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55458.exe
13⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9792 -s 216
13⤵
PID:12452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7736 -s 216
12⤵
PID:10980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
11⤵
PID:8668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
10⤵
PID:6532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 216
9⤵
PID:5544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2932 -s 236
8⤵
- Program crash
PID:3288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 220
7⤵
- Program crash
PID:600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 240
6⤵
- Program crash
PID:1536

C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4007.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63593.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2796

C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14223.exe
8⤵
PID:872

C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17051.exe
9⤵
PID:3220

C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17686.exe
10⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54780.exe
10⤵
PID:4240

C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59471.exe
11⤵
PID:6404

C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13618.exe
12⤵
PID:9568

C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
13⤵
PID:5192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9568 -s 216
13⤵
PID:12460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6404 -s 216
12⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4240 -s 216
11⤵
PID:7896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3220 -s 240
10⤵
PID:5368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 872 -s 236
9⤵
PID:4012

C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49977.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26591.exe
9⤵
PID:4596

C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52954.exe
10⤵
PID:5484

C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56733.exe
11⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14603.exe
12⤵
PID:11424

C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62065.exe
13⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 236
12⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5484 -s 216
11⤵
PID:9440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4596 -s 216
10⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 216
9⤵
PID:5656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
8⤵
- Program crash
PID:1684

C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11187.exe
7⤵
PID:876

C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17243.exe
8⤵
PID:3168

C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23519.exe
9⤵
PID:4332

C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40834.exe
10⤵
PID:6056

C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54096.exe
11⤵
PID:7264

C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64980.exe
12⤵
PID:10900

C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2881.exe
13⤵
PID:12952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10900 -s 216
13⤵
PID:12864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7264 -s 216
12⤵
PID:11700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6056 -s 216
11⤵
PID:9256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4332 -s 216
10⤵
PID:6724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3168 -s 216
9⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 876 -s 236
8⤵
PID:3744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2796 -s 240
7⤵
- Program crash
PID:2412

C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8267.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30477.exe
7⤵
PID:924

C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
8⤵
PID:3188

C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3788.exe
9⤵
PID:3228

C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64144.exe
10⤵
PID:5372

C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39339.exe
11⤵
PID:8096

C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23330.exe
12⤵
PID:9368

C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18871.exe
13⤵
PID:7176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9368 -s 220
13⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8096 -s 220
12⤵
PID:11320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5372 -s 216
11⤵
PID:9100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3228 -s 216
10⤵
PID:6452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3188 -s 216
9⤵
PID:5272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 924 -s 236
8⤵
PID:3816

C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15742.exe
7⤵
PID:3252

C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2200.exe
8⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48062.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24343.exe
10⤵
PID:7088

C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
11⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59757.exe
12⤵
PID:5116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 216
12⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7088 -s 216
11⤵
PID:10528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:8292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4156 -s 216
9⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3252 -s 236
8⤵
PID:4280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
7⤵
- Program crash
PID:3976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
6⤵
- Program crash
PID:2316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1364 -s 240
5⤵
- Program crash
PID:3052

C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37578.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:404

C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11237.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2908

C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11879.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2212

C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44234.exe
8⤵
PID:2220

C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13355.exe
9⤵
PID:3056

C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44572.exe
10⤵
PID:4692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
11⤵
PID:6004

C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29695.exe
12⤵
PID:8752

C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57061.exe
13⤵
PID:11880

C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46722.exe
14⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8752 -s 216
13⤵
PID:12176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6004 -s 216
12⤵
PID:9716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4692 -s 216
11⤵
PID:8076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3056 -s 216
10⤵
PID:5168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2220 -s 236
9⤵
- Program crash
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23422.exe
8⤵
PID:3088

C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42076.exe
9⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53335.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11550.exe
11⤵
PID:6368

C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2830.exe
12⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6263.exe
13⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
13⤵
PID:12756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6368 -s 236
12⤵
PID:10416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
10⤵
PID:6328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3088 -s 216
9⤵
PID:6108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2212 -s 240
8⤵
- Program crash
PID:3240

C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58935.exe
7⤵
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13521.exe
8⤵
PID:2628

C:\Users\Admin\AppData\Local\Temp\Unicorn-10005.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10005.exe
9⤵
PID:4424

C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4632.exe
10⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39512.exe
11⤵
PID:7612

C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43996.exe
12⤵
PID:9728

C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37025.exe
13⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9728 -s 220
13⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7612 -s 220
12⤵
PID:10964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
11⤵
PID:8584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4424 -s 216
10⤵
PID:7048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2628 -s 236
9⤵
PID:5908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 216
8⤵
- Program crash
PID:3428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2908 -s 240
7⤵
- Program crash
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12709.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2488

C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27981.exe
7⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4113.exe
8⤵
PID:3196

C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25055.exe
9⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15889.exe
10⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3381.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2.exe
12⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-0.exe
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9480 -s 236
13⤵
PID:7888

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 220
12⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
11⤵
PID:8972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 216
10⤵
PID:7444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3196 -s 216
9⤵
PID:5488

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
8⤵
PID:4036

C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28679.exe
7⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23685.exe
8⤵
PID:4788

C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47383.exe
9⤵
PID:5320

C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6540.exe
10⤵
PID:8188

C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64020.exe
11⤵
PID:10836

C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42248.exe
12⤵
PID:12880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10836 -s 216
12⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 216
11⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5320 -s 216
10⤵
PID:9240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4788 -s 216
9⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
8⤵
PID:5460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2488 -s 240
7⤵
- Program crash
PID:3372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 404 -s 240
6⤵
- Program crash
PID:2368

C:\Users\Admin\AppData\Local\Temp\Unicorn-30214.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30214.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3060

C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12455.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48266.exe
7⤵
PID:1440

C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60501.exe
8⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39004.exe
9⤵
PID:4472

C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51799.exe
10⤵
PID:5768

C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48182.exe
11⤵
PID:6868

C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53876.exe
12⤵
PID:9680

C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13510.exe
13⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9680 -s 236
13⤵
PID:8044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6868 -s 236
12⤵
PID:11452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5768 -s 216
11⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4472 -s 216
10⤵
PID:7240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
9⤵
PID:6084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1440 -s 236
8⤵
PID:3680

C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57657.exe
7⤵
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31806.exe
8⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11002.exe
9⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39016.exe
10⤵
PID:9692

C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-383.exe
11⤵
PID:12088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9692 -s 236
11⤵
PID:12648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
10⤵
PID:10288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4308 -s 216
9⤵
PID:7460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3132 -s 216
8⤵
PID:5724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 768 -s 240
7⤵
- Program crash
PID:4084

C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
6⤵
PID:680

C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15707.exe
7⤵
PID:3396

C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18262.exe
8⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49308.exe
9⤵
PID:5796

C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20258.exe
10⤵
PID:7196

C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-997.exe
11⤵
PID:9848

C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30832.exe
12⤵
PID:8068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9848 -s 216
12⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7196 -s 236
11⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5796 -s 216
10⤵
PID:9132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4296 -s 216
9⤵
PID:6580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3396 -s 216
8⤵
PID:5876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 680 -s 236
7⤵
PID:3712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3060 -s 240
6⤵
- Program crash
PID:1656

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
5⤵
- Program crash
PID:1884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2648 -s 220
4⤵
- Loads dropped DLL
- Program crash
PID:2200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2732 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2500

C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2688

C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:756

C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30715.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40983.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54972.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2032

C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15931.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
9⤵
PID:2748

C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38966.exe
10⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52201.exe
11⤵
PID:5036

C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1645.exe
12⤵
PID:6232

C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28872.exe
13⤵
PID:9396

C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8744.exe
14⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9396 -s 236
14⤵
PID:12208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6232 -s 216
13⤵
PID:9408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5036 -s 216
12⤵
PID:7556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
11⤵
PID:5664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2748 -s 236
10⤵
PID:4944

C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36121.exe
9⤵
PID:3648

C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61542.exe
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32128.exe
11⤵
PID:6276

C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40673.exe
12⤵
PID:9464

C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50203.exe
13⤵
PID:12184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9464 -s 236
13⤵
PID:11832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6276 -s 216
12⤵
PID:9704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5064 -s 216
11⤵
PID:7608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3648 -s 236
10⤵
PID:6012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 240
9⤵
PID:4284

C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2877.exe
8⤵
PID:1856

C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50943.exe
9⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10670.exe
10⤵
PID:4168

C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64079.exe
11⤵
PID:6456

C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50868.exe
12⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33395.exe
13⤵
PID:11444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11444 -s 188
14⤵
PID:12120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
13⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6456 -s 236
12⤵
PID:9856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4168 -s 236
11⤵
PID:7968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 236
10⤵
PID:5400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1856 -s 236
9⤵
PID:4964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2032 -s 240
8⤵
- Program crash
PID:3592

C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45349.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2836

C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54429.exe
8⤵
PID:1412

C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56104.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45884.exe
10⤵
PID:4980

C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46986.exe
11⤵
PID:7120

C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16012.exe
12⤵
PID:9776

C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29645.exe
13⤵
PID:5204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9776 -s 220
13⤵
PID:12928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7120 -s 236
12⤵
PID:10368

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4980 -s 236
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:6184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1412 -s 236
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57941.exe
8⤵
PID:3940

C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44514.exe
9⤵
PID:4252

C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13662.exe
10⤵
PID:6156

C:\Users\Admin\AppData\Local\Temp\Unicorn-6388.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6388.exe
11⤵
PID:10140

C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
12⤵
PID:12280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10140 -s 216
12⤵
PID:13168

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6156 -s 216
11⤵
PID:11208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4252 -s 216
10⤵
PID:7288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3940 -s 236
9⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2836 -s 240
8⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
- Program crash
PID:2556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18853.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18884.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31264.exe
8⤵
PID:2772

C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18627.exe
9⤵
PID:4020

C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16837.exe
10⤵
PID:5740

C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57479.exe
11⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53568.exe
12⤵
PID:10328

C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
13⤵
PID:5860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10328 -s 220
13⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7836 -s 236
12⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5740 -s 216
11⤵
PID:8484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4020 -s 236
10⤵
PID:6284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2772 -s 236
9⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45741.exe
8⤵
PID:4052

C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41079.exe
9⤵
PID:4412

C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24898.exe
10⤵
PID:6820

C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12991.exe
11⤵
PID:10012

C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37325.exe
12⤵
PID:5060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10012 -s 216
12⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6820 -s 216
11⤵
PID:10452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4412 -s 216
10⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4052 -s 236
9⤵
PID:6360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
8⤵
PID:3144

C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59722.exe
7⤵
PID:1692

C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19276.exe
8⤵
PID:3124

C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21635.exe
9⤵
PID:5492

C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52940.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62533.exe
11⤵
PID:9800

C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62777.exe
12⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9800 -s 236
12⤵
PID:12360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 220
11⤵
PID:10636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5492 -s 216
10⤵
PID:9092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3124 -s 216
9⤵
PID:6652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1692 -s 236
8⤵
PID:4748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
7⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 240
6⤵
- Program crash
PID:832

C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34630.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1968 -s 240
6⤵
- Program crash
PID:2452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 240
5⤵
- Program crash
PID:2760

C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10849.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:568

C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24054.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32184.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46749.exe
8⤵
PID:576

C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55814.exe
9⤵
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54665.exe
10⤵
PID:5436

C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64623.exe
11⤵
PID:7356

C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60856.exe
12⤵
PID:9616

C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3626.exe
13⤵
PID:1800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9616 -s 216
13⤵
PID:12468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7356 -s 216
12⤵
PID:10744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5436 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3204 -s 216
10⤵
PID:6620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 576 -s 216
9⤵
PID:4756

C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5554.exe
8⤵
PID:3420

C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53129.exe
9⤵
PID:5520

C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
10⤵
PID:7528

C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
11⤵
PID:9684

C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21737.exe
12⤵
PID:2952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9684 -s 216
12⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7528 -s 220
11⤵
PID:10860

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5520 -s 216
10⤵
PID:8548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3420 -s 236
9⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 240
8⤵
PID:4844

C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43905.exe
7⤵
PID:1176

C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61045.exe
8⤵
PID:4032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10809.exe
9⤵
PID:5376

C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53777.exe
10⤵
PID:6972

C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29572.exe
11⤵
PID:10224

C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63648.exe
12⤵
PID:12048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10224 -s 216
12⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6972 -s 216
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5376 -s 216
10⤵
PID:8340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4032 -s 216
9⤵
PID:6588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1176 -s 236
8⤵
PID:4648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 220
7⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25447.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33620.exe
7⤵
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6862.exe
8⤵
PID:3664

C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41728.exe
9⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64337.exe
10⤵
PID:6416

C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7293.exe
11⤵
PID:10036

C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52758.exe
12⤵
PID:4104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10036 -s 216
12⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6416 -s 216
11⤵
PID:10460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
10⤵
PID:8304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3664 -s 216
9⤵
PID:6612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 980 -s 236
8⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44278.exe
7⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65469.exe
8⤵
PID:5296

C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50201.exe
9⤵
PID:6628

C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31741.exe
10⤵
PID:9912

C:\Users\Admin\AppData\Local\Temp\Unicorn-3282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3282.exe
11⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9912 -s 216
11⤵
PID:12920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6628 -s 216
10⤵
PID:10520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5296 -s 216
9⤵
PID:5580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
8⤵
PID:6552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
7⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1832 -s 240
6⤵
- Program crash
PID:2716

C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53472.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21956.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53350.exe
7⤵
PID:2984

C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41528.exe
8⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43454.exe
9⤵
PID:5932

C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3957.exe
10⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13394.exe
11⤵
PID:10052

C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18330.exe
12⤵
PID:12124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10052 -s 216
12⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 220
11⤵
PID:11180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5932 -s 216
10⤵
PID:8960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
9⤵
PID:7108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2984 -s 216
8⤵
PID:4172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2516 -s 236
7⤵
- Program crash
PID:3436

C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2182.exe
6⤵
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18887.exe
7⤵
PID:3736

C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63858.exe
8⤵
PID:5672

C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47192.exe
9⤵
PID:7568

C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10389.exe
10⤵
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1446.exe
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 216
11⤵
PID:12296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7568 -s 220
10⤵
PID:10972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5672 -s 216
9⤵
PID:8556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3736 -s 216
8⤵
PID:7032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 236
7⤵
PID:4180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 220
6⤵
- Program crash
PID:3868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 568 -s 240
5⤵
- Program crash
PID:112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 756 -s 240
4⤵
- Program crash
PID:1016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2688 -s 216
3⤵
- Loads dropped DLL
- Program crash
PID:1020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1632 -s 240
2⤵
- Program crash
PID:2708

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-14215.exe
Filesize
184KB

MD5
b819095b86325e0ce212853ad754f530

SHA1
9f8d940e7a00037a2c1df511e52ee6fa68daa3d7

SHA256
f4d5c5762b1c731950f988b7d1147d8421d184f1594b4162e71ce7398ba4b804

SHA512
2a0c1891d4d68ffa0972c08c476e3fb1b8654cff0ac13d7bfb51d588e56a2e083e3f48a8fdfee89e2e7bce59223ae25e1da68dfd299e4721c1eb5329a9221b97

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-19847.exe
Filesize
184KB

MD5
fd5bc565737c59fd92cec1c81f71b3eb

SHA1
5d50a79e08666f78cb6861d6f15a861687990579

SHA256
8a148adb9c9fedda84da7e2d8242a1a390d44819905fcc5336fb61817fdfabca

SHA512
2ce390dade63c15946679276513664b8c9250dcfad61cdee229fe5e593d5f3eedc932981845bba14cc70955add76809f312e182d57834fc93d460f1460faf15e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-23792.exe
Filesize
184KB

MD5
e1649f03bf58ced9964eb73c32b5cba3

SHA1
bb515124f1317904158582542524dbfbf4060110

SHA256
0c7a266d550cbd9e241b53977fea1b4fe532e6ae14a836d6c5cb091340d3dac8

SHA512
1ae38fc6a76cafbf9439258bf9c96fcf26d17a4fc65a608b50833ea52a8dc5bcb98b46b0e782ddcd8fa6d0b2de5053041bedc509efaf277559459959d673e892

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
Filesize
184KB

MD5
20d481a8053c5d382830dcead8d60c99

SHA1
8b0a1ddeef31f3b8006569e1e9ee063f847692f7

SHA256
a9e5cbcdbe162d56f462652ac59ed9622e2754a6edae3669cd00fbb47ec37dc0

SHA512
62ff0e65f399d583d6ccbe52025bfdcdd362a74af0316ea7a0a45c40635bf7d4baeac57e69c9d232034386d973e5e1f97f0def8a760ccbfdd5df9714fd0ebcdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40556.exe
Filesize
184KB

MD5
95b9f0e2be4219ba9d9a973de644646d

SHA1
bfd8a09b71bcfa1e8343245b787e680d05848d69

SHA256
3257d360c00e6b234ae1ebe737f9518ad23aebb0e3944ecc67923611842442ab

SHA512
ddfff4f138b309c3ef9927940a59c503577adc823af658d3fb6c344a14dde6ecf43ed2fc501342bd7016533b6f6cdb3142e698965182430a743088798c943030

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-4865.exe
Filesize
184KB

MD5
0306f75f01ce5f520e144324673cc731

SHA1
916859a9b21324cf4dd85372711679e084e83860

SHA256
310ee6bd55ca09f102e08f241c7f43b87782f495bbd5b0511c0bccd20d129d24

SHA512
6d3d3dba927d0d2372aa688d8722b86c24d293c421d9d72e158b6b6cd3f34e28956acaeb2e573df5e5c415125b5078bd89aaebae28b4755c66530c383c99478a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-53922.exe
Filesize
184KB

MD5
0e51214a64f93fe26b0fc301482064e0

SHA1
d1a5ee1b47a30890690d15861748a2ddc51e50d9

SHA256
ee98767f39414ef6a0166185d9bcf403e0bf66afd681484e001e3ac6d7f7870a

SHA512
8ce35b76e78f859cb4e64f8418f4c7ad8c934e1d64924054bc51160afa6ef219d221cf43889786db7310f38f57a8c36a3c3a9af20940b149d05b86a0c1ee683f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-55133.exe
Filesize
184KB

MD5
63e442f64553151d28c28ff4169f9c0f

SHA1
e4dacaf87f0124fc662dae6912cca42455ee2a55

SHA256
afdf30cf1b131e7c6db1b277010e4107a1a97c539591f47947c9c190c5f654e1

SHA512
3dc5ca0847600cda20ea01831573735909471cadca6241aee05910d228983c01641b02e200d288f06165b538554a703f3dc67cb80107a97e7f252a81d633bbc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5721.exe
Filesize
184KB

MD5
ad25972d8f1efa51b8bd9cfcd9dea170

SHA1
1200532d3ba0044d427fab9422bd40170a6a40d4

SHA256
2c9020a18558aee499453470729bca603def244ea47cd8d59e842abdc7de80d8

SHA512
ec2fa7f578d80b5885c18d0e9bc8f73039e43b5d7244c292d8cca9ede4bb5a9e0b4bc33aa24df09f225fa8e647fc4ac972b46428da34a1d3a61055c6ac223de9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-58720.exe
Filesize
184KB

MD5
a8253a6abcc3620d4d35904c6ba198f1

SHA1
b39e345e17b6384ddf7f57f419c5fdf39aca2011

SHA256
a4f47717a018947cf1cec4d9fc7364ce7cd41156e5a7a0c4cc36913d2d764096

SHA512
a3473e18522f2dc82287b46093275c62ee76393e58799e105ce9414dcd5b267c706494b5300822176ff17bbf88fee6702232a828ee40fd816c06fd6622d74c61

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-60418.exe
Filesize
184KB

MD5
c49628b25d23da68fdba01dfb098c793

SHA1
16292c72b79bb44bf1f4ce10f14068d27e8348c8

SHA256
366b6c9e8b264179daa8d932fe187533b0a838c42b4a34ab6e8f1b083dc88616

SHA512
9d3bed8196c5d92546f4e78d76d29b0e31d60f892c44af8f85cd80e844fc17ff6176bc64c255f4d40ba584a3bd428bff1ed153ee87307ac5dcc21ea7742cec68

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6138.exe
Filesize
184KB

MD5
0c1d1dde73e3e9fb0fe4701bf031a3a4

SHA1
b4e42c333ec01128407a6dc46ce9276d8318a733

SHA256
1f25484330134ea7f181e770c4b34b9277407c4ef65994c405e51457262c62d4

SHA512
a7cffbbc3e34e92f6d5f6082f44e08321a23d0b096a6cce746dd576d3042d9bb05eb32ee6e0770a03648ef3bc796a82b681ea3ac6b9d9df0442260f549e9868c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6748.exe
Filesize
184KB

MD5
8c76e05686a7eb2f12ed63e71f43aa69

SHA1
8a3224fb92ebade3bcd11a10ba211cc1021f3096

SHA256
25468b298ab467f7049b3bf3c91551b5f572b6ca3d8f6ce822523f18bc70bd3a

SHA512
bc780df2478882c9bc1fce67ee93ddacaca866d4480a2d7439bdc4eeffdb68c58b414a45d097f2bcc06591d888f20f42eddf066a1863bfd8259fa2ef0b676ce9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6836.exe
Filesize
184KB

MD5
bc95cdc05d4ec050bf9ab1f5a6a84acf

SHA1
4acffd353365f89bfb3fe8e609da59bb81384796

SHA256
e081045d44b9a85e5e7244cc80f3969a0be2b601285e2595108b2c0bc41bcb3b

SHA512
1ad735a339b3144ece9029780bcc14220f882097458bfffba3c48b12afd2e3ecd4449d7b81d4fdb1c1ca1fea3aaa1f2ac6c878a5c7d12f1853d0032fb4c7e580

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-13048.exe
Filesize
184KB

MD5
486bb364601faa63386d5dfd65a66ccc

SHA1
49f8af48749e71b7fe4bb00a6f6f40266040218a

SHA256
3f5a3c050410be912c20592db0d731b951ed31cd9f21acd70c01f9c8b596c182

SHA512
5e730b40625e14de7286a48fd3b4ece8cb598cf98469a396239dd810e3017d0d8afbee7e96c0b47007223b776edbc33d846e40a9d2f53a697837e64c39b3f3e3

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-21370.exe
Filesize
184KB

MD5
ee1ee664e547e693d2506430cb82e4b7

SHA1
ea54bcc5a20b0fab5c8e30d027316f9f1fff7f65

SHA256
9aaed126b0f136a8b52a208be3f76b3d978d23afe6b125a8cdad3e3ffbea6701

SHA512
c2b89460fdc34e74e4bde1a6a9955516095c996ded8334de3c2bbe1ad14960a32d1abfbae039b42e31d02d16c4b5aeb0f2f95f40c663755f6c003a6135698fba

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-23013.exe
Filesize
184KB

MD5
d35aa8125593307848c4b1b75c7343bf

SHA1
11b7b61d612c08ab734707fe478cec43281539fe

SHA256
ab832e74aa11cdee7b8c5e92d149cdcdb06471cdf3a51a9e10f702428f2f6114

SHA512
ceb42faf7fc6b072afa629f20013b5ee436d9d078f2d7be29539c43c1d4a0a9df943345dcf192c62ec59da03fb0dfdaa8aa248a3d1b40a73b1e9b5f1c97404d1

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25115.exe
Filesize
184KB

MD5
c08bd4644751f4aed9a1194b1193a032

SHA1
1b99d23fb5ca8bc7194e48b2a5e896905657f1bc

SHA256
8fa1b0914b6ff3d9bffcdd74bbb1c27ed850f35021d87687a36489dad53cff09

SHA512
d18ecfd90efb916d1b1c1bc025738d966f4ef53b675a20ac1b364efa34ca976ce3edb6d2861108b70b055ece9dfa27b283ec41a5ddb69be1d689a262dc8df264

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-39100.exe
Filesize
184KB

MD5
9a1d40ccde348be4fffec9f6e5bef2ca

SHA1
33331dbdba614725af649675549b4e5db646433b

SHA256
110ba446204891e88e292892ea3c924cf6e6086b87c65036c745095dee10d764

SHA512
ca3ba9d2de7c468f8a2c8fa3d23e5b95ec2a913d8418c2496a0d29b960d35d3a1ad95eca7712101f22941c9f60c57151b4f2274714b5870d6f1f2103f8a246ec

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-48652.exe
Filesize
184KB

MD5
1f24dc01f7d5d5acbda136f41e7f33b0

SHA1
d07fac54c05ff93f94ff9c6f2ce851a3bf84a682

SHA256
46cb72e9ec8933ab2377281b6f17ee79cb92636616d3218e01e9f51e3fd51271

SHA512
5a6eb619c7ce12d0d8b52040ecede2b6d038ccfdcc219c1bc9c0c015ef5b280168ca6176e54f6cd3ca25161675ecf99047ed7a63daa81d783313c04970f0142a

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5022.exe
Filesize
184KB

MD5
2408e5a1d4851418e168492991ac69e3

SHA1
74d235f649d8d46285b8d79cf4bdeb18fbbbdd6e

SHA256
04bef921216cb5250e673bb2ff6a7d5295a39506c166747a79071447441b4f21

SHA512
0b2923dc255779866b574c53f52549454dc5ab789aaaa238fb7d67c63fdba6563c1e7944fd5eb711e4dccef9c6e3353b6b54b36f99660440a5409e92f479b171

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-53547.exe
Filesize
184KB

MD5
f6d679411cde4f36930cf33d084f40cb

SHA1
e3db4de3809f6aaba330444caff6ead45a30bf6f

SHA256
97adfa1de7956d8c15edd46c4df1e6e8d7283bd6f42efaebd76e7e53e6dce81a

SHA512
ca5eb273ac9ab7fdf803d60ea1b2b0f2f9a90df2ad3b3e5d78a58266eb74d4b313550ccd6a130aac294275047b7a82db364988bd14cec17431655ab1dbe836a6

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-6629.exe
Filesize
184KB

MD5
688e002266df0f8b53a97a111168f780

SHA1
61f51aad63fdef9adf28585baca16c8f96ca57df

SHA256
aac71fef0c5932f81e13ca3b9416b7027258ee254a0a725dfbae540450e0e0fc

SHA512
7b88bd4d98934641a3dc41e4f7ab4c584af8cd46052023d1d6a668a89d833f312d9e5c3244eb36139751970ef3e9e8b61f7b827add5d55f48cd9a66e14a465df

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads