a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f

Analysis

max time kernel
150s
max time network
126s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
Size

184KB
MD5

de68b7e692c51127d4e2526840505158
SHA1

5d9ffa974e4dcb7102c0ccfb2305649ea4cf1bce
SHA256

a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f
SHA512

fb981f099e554a9fd04d5d6de18de82b836d2c13496b4a5c6cb4c0648a4bca7e7ff1b5103114582bb80049a34829c5b52bfa8b9b566aea7251403d1a49dd9d7a
SSDEEP

3072:HEa3HxoT72QTjGQWeRwL1qsIhlnViFXn3:HEsoBHGQMLssIhlnViFX

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-2825.exeUnicorn-60524.exeUnicorn-7794.exeUnicorn-5335.exeUnicorn-1505.exeUnicorn-36638.exeUnicorn-45066.exeUnicorn-12009.exeUnicorn-10063.exeUnicorn-57681.exeUnicorn-55735.exeUnicorn-4171.exeUnicorn-41586.exeUnicorn-62220.exeUnicorn-46761.exeUnicorn-42162.exeUnicorn-11400.exeUnicorn-6802.exeUnicorn-26668.exeUnicorn-4125.exeUnicorn-65064.exeUnicorn-52449.exeUnicorn-2397.exeUnicorn-35838.exeUnicorn-49029.exeUnicorn-33569.exeUnicorn-24219.exeUnicorn-41432.exeUnicorn-37601.exeUnicorn-42008.exeUnicorn-37409.exeUnicorn-52094.exeUnicorn-32036.exeUnicorn-51902.exeUnicorn-16542.exeUnicorn-11943.exeUnicorn-288.exeUnicorn-61227.exeUnicorn-48228.exeUnicorn-16551.exeUnicorn-65067.exeUnicorn-35623.exeUnicorn-31866.exeUnicorn-64922.exeUnicorn-31242.exeUnicorn-32634.exeUnicorn-32442.exeUnicorn-32442.exeUnicorn-32442.exeUnicorn-64299.exeUnicorn-45825.exeUnicorn-36812.exeUnicorn-52847.exeUnicorn-32981.exeUnicorn-63013.exeUnicorn-23246.exeUnicorn-43880.exeUnicorn-59147.exeUnicorn-6993.exeUnicorn-12909.exeUnicorn-62987.exeUnicorn-26100.exeUnicorn-10641.exeUnicorn-13677.exe

pid	process
1700	Unicorn-2825.exe
3028	Unicorn-60524.exe
2736	Unicorn-7794.exe
2784	Unicorn-5335.exe
2768	Unicorn-1505.exe
2676	Unicorn-36638.exe
1952	Unicorn-45066.exe
2680	Unicorn-12009.exe
1432	Unicorn-10063.exe
2576	Unicorn-57681.exe
1912	Unicorn-55735.exe
1872	Unicorn-4171.exe
2148	Unicorn-41586.exe
2380	Unicorn-62220.exe
836	Unicorn-46761.exe
2260	Unicorn-42162.exe
480	Unicorn-11400.exe
932	Unicorn-6802.exe
2272	Unicorn-26668.exe
2156	Unicorn-4125.exe
2340	Unicorn-65064.exe
976	Unicorn-52449.exe
868	Unicorn-2397.exe
704	Unicorn-35838.exe
2988	Unicorn-49029.exe
2072	Unicorn-33569.exe
992	Unicorn-24219.exe
1732	Unicorn-41432.exe
2992	Unicorn-37601.exe
1544	Unicorn-42008.exe
1800	Unicorn-37409.exe
2708	Unicorn-52094.exe
3024	Unicorn-32036.exe
3044	Unicorn-51902.exe
2504	Unicorn-16542.exe
2524	Unicorn-11943.exe
1360	Unicorn-288.exe
1940	Unicorn-61227.exe
1924	Unicorn-48228.exe
2816	Unicorn-16551.exe
1600	Unicorn-65067.exe
2404	Unicorn-35623.exe
1668	Unicorn-31866.exe
1980	Unicorn-64922.exe
1848	Unicorn-31242.exe
2944	Unicorn-32634.exe
2844	Unicorn-32442.exe
2904	Unicorn-32442.exe
2268	Unicorn-32442.exe
2884	Unicorn-64299.exe
532	Unicorn-45825.exe
1328	Unicorn-36812.exe
1516	Unicorn-52847.exe
1588	Unicorn-32981.exe
1580	Unicorn-63013.exe
2588	Unicorn-23246.exe
2460	Unicorn-43880.exe
2888	Unicorn-59147.exe
2360	Unicorn-6993.exe
2692	Unicorn-12909.exe
2540	Unicorn-62987.exe
1236	Unicorn-26100.exe
304	Unicorn-10641.exe
1140	Unicorn-13677.exe

Loads dropped DLL 64 IoCs

Processes:

a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exeUnicorn-2825.exeUnicorn-60524.exeUnicorn-7794.exeWerFault.exeUnicorn-5335.exeUnicorn-1505.exeUnicorn-36638.exeWerFault.exeWerFault.exeUnicorn-45066.exeUnicorn-57681.exeUnicorn-10063.exeUnicorn-12009.exeUnicorn-55735.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
1700	Unicorn-2825.exe
1700	Unicorn-2825.exe
2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
3028	Unicorn-60524.exe
3028	Unicorn-60524.exe
1700	Unicorn-2825.exe
1700	Unicorn-2825.exe
2736	Unicorn-7794.exe
2736	Unicorn-7794.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2964	WerFault.exe
2784	Unicorn-5335.exe
2784	Unicorn-5335.exe
3028	Unicorn-60524.exe
2736	Unicorn-7794.exe
2768	Unicorn-1505.exe
2676	Unicorn-36638.exe
2736	Unicorn-7794.exe
2676	Unicorn-36638.exe
3028	Unicorn-60524.exe
2768	Unicorn-1505.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
1804	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
2688	WerFault.exe
1804	WerFault.exe
2688	WerFault.exe
1952	Unicorn-45066.exe
1952	Unicorn-45066.exe
2784	Unicorn-5335.exe
2784	Unicorn-5335.exe
2576	Unicorn-57681.exe
2576	Unicorn-57681.exe
1432	Unicorn-10063.exe
1432	Unicorn-10063.exe
2768	Unicorn-1505.exe
2768	Unicorn-1505.exe
2680	Unicorn-12009.exe
2680	Unicorn-12009.exe
2676	Unicorn-36638.exe
2676	Unicorn-36638.exe
1912	Unicorn-55735.exe
1912	Unicorn-55735.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
1560	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
348	WerFault.exe
1560	WerFault.exe
348	WerFault.exe
1504	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2348	2096	WerFault.exe	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
2964	1700	WerFault.exe	Unicorn-2825.exe
1804	3028	WerFault.exe	Unicorn-60524.exe
2688	2736	WerFault.exe	Unicorn-7794.exe
1560	2784	WerFault.exe	Unicorn-5335.exe
348	2768	WerFault.exe	Unicorn-1505.exe
1504	2676	WerFault.exe	Unicorn-36638.exe
2216	1952	WerFault.exe	Unicorn-45066.exe
2724	2576	WerFault.exe	Unicorn-57681.exe
2656	1432	WerFault.exe	Unicorn-10063.exe
2764	1912	WerFault.exe	Unicorn-55735.exe
2564	2680	WerFault.exe	Unicorn-12009.exe
2812	1872	WerFault.exe	Unicorn-4171.exe
2304	2148	WerFault.exe	Unicorn-41586.exe
2232	2380	WerFault.exe	Unicorn-62220.exe
1244	836	WerFault.exe	Unicorn-46761.exe
872	2260	WerFault.exe	Unicorn-42162.exe
1828	480	WerFault.exe	Unicorn-11400.exe
1728	932	WerFault.exe	Unicorn-6802.exe
892	2272	WerFault.exe	Unicorn-26668.exe
2536	1360	WerFault.exe	Unicorn-288.exe
2668	2340	WerFault.exe	Unicorn-65064.exe
1944	976	WerFault.exe	Unicorn-52449.exe
2496	868	WerFault.exe	Unicorn-2397.exe
1180	704	WerFault.exe	Unicorn-35838.exe
2440	2988	WerFault.exe	Unicorn-49029.exe
1224	2072	WerFault.exe	Unicorn-33569.exe
1888	1732	WerFault.exe	Unicorn-41432.exe
588	1800	WerFault.exe	Unicorn-37409.exe
2372	2992	WerFault.exe	Unicorn-37601.exe
888	1544	WerFault.exe	Unicorn-42008.exe
1344	992	WerFault.exe	Unicorn-24219.exe
3108	2708	WerFault.exe	Unicorn-52094.exe
3100	3024	WerFault.exe	Unicorn-32036.exe
3428	3044	WerFault.exe	Unicorn-51902.exe
3452	1924	WerFault.exe	Unicorn-48228.exe
3476	2904	WerFault.exe	Unicorn-32442.exe
3536	1980	WerFault.exe	Unicorn-64922.exe
3588	2404	WerFault.exe	Unicorn-35623.exe
3580	1600	WerFault.exe	Unicorn-65067.exe
3204	2268	WerFault.exe	Unicorn-32442.exe
3236	2524	WerFault.exe	Unicorn-11943.exe
3300	2944	WerFault.exe	Unicorn-32634.exe
3328	2884	WerFault.exe	Unicorn-64299.exe
3352	1588	WerFault.exe	Unicorn-32981.exe
3948	1668	WerFault.exe	Unicorn-31866.exe
3960	532	WerFault.exe	Unicorn-45825.exe
4048	2816	WerFault.exe	Unicorn-16551.exe
4068	1940	WerFault.exe	Unicorn-61227.exe
3092	1256	WerFault.exe	Unicorn-13485.exe
3132	1960	WerFault.exe	Unicorn-46734.exe
3188	1848	WerFault.exe	Unicorn-31242.exe
3216	556	WerFault.exe	Unicorn-7543.exe
3196	2828	WerFault.exe	Unicorn-11409.exe
3192	2888	WerFault.exe	Unicorn-59147.exe
3496	2204	WerFault.exe	Unicorn-46926.exe
3600	1236	WerFault.exe	Unicorn-26100.exe
3568	580	WerFault.exe	Unicorn-59889.exe
3652	2540	WerFault.exe	Unicorn-62987.exe
3756	2968	WerFault.exe	Unicorn-31275.exe
4088	304	WerFault.exe	Unicorn-10641.exe
3400	2504	WerFault.exe	Unicorn-16542.exe
3140	1352	WerFault.exe	Unicorn-12141.exe
3724	1796	WerFault.exe	Unicorn-40023.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exeUnicorn-2825.exeUnicorn-60524.exeUnicorn-7794.exeUnicorn-5335.exeUnicorn-1505.exeUnicorn-36638.exeUnicorn-45066.exeUnicorn-12009.exeUnicorn-57681.exeUnicorn-10063.exeUnicorn-55735.exeUnicorn-4171.exeUnicorn-41586.exeUnicorn-46761.exeUnicorn-62220.exeUnicorn-42162.exeUnicorn-11400.exeUnicorn-26668.exeUnicorn-6802.exeUnicorn-4125.exeUnicorn-65064.exeUnicorn-52449.exeUnicorn-2397.exeUnicorn-35838.exeUnicorn-49029.exeUnicorn-33569.exeUnicorn-24219.exeUnicorn-41432.exeUnicorn-37601.exeUnicorn-42008.exeUnicorn-37409.exeUnicorn-52094.exeUnicorn-32036.exeUnicorn-51902.exeUnicorn-11943.exeUnicorn-16542.exeUnicorn-288.exeUnicorn-61227.exeUnicorn-48228.exeUnicorn-16551.exeUnicorn-65067.exeUnicorn-35623.exeUnicorn-31866.exeUnicorn-64922.exeUnicorn-31242.exeUnicorn-32634.exeUnicorn-32442.exeUnicorn-32442.exeUnicorn-32442.exeUnicorn-45825.exeUnicorn-64299.exeUnicorn-32981.exeUnicorn-36812.exeUnicorn-52847.exeUnicorn-63013.exeUnicorn-23246.exeUnicorn-43880.exeUnicorn-59147.exeUnicorn-6993.exeUnicorn-12909.exeUnicorn-62987.exeUnicorn-26100.exeUnicorn-10641.exe

pid	process
2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
1700	Unicorn-2825.exe
3028	Unicorn-60524.exe
2736	Unicorn-7794.exe
2784	Unicorn-5335.exe
2768	Unicorn-1505.exe
2676	Unicorn-36638.exe
1952	Unicorn-45066.exe
2680	Unicorn-12009.exe
2576	Unicorn-57681.exe
1432	Unicorn-10063.exe
1912	Unicorn-55735.exe
1872	Unicorn-4171.exe
2148	Unicorn-41586.exe
836	Unicorn-46761.exe
2380	Unicorn-62220.exe
2260	Unicorn-42162.exe
480	Unicorn-11400.exe
2272	Unicorn-26668.exe
932	Unicorn-6802.exe
2156	Unicorn-4125.exe
2340	Unicorn-65064.exe
976	Unicorn-52449.exe
868	Unicorn-2397.exe
704	Unicorn-35838.exe
2988	Unicorn-49029.exe
2072	Unicorn-33569.exe
992	Unicorn-24219.exe
1732	Unicorn-41432.exe
2992	Unicorn-37601.exe
1544	Unicorn-42008.exe
1800	Unicorn-37409.exe
2708	Unicorn-52094.exe
3024	Unicorn-32036.exe
3044	Unicorn-51902.exe
2524	Unicorn-11943.exe
2504	Unicorn-16542.exe
1360	Unicorn-288.exe
1940	Unicorn-61227.exe
1924	Unicorn-48228.exe
2816	Unicorn-16551.exe
1600	Unicorn-65067.exe
2404	Unicorn-35623.exe
1668	Unicorn-31866.exe
1980	Unicorn-64922.exe
1848	Unicorn-31242.exe
2944	Unicorn-32634.exe
2844	Unicorn-32442.exe
2904	Unicorn-32442.exe
2268	Unicorn-32442.exe
532	Unicorn-45825.exe
2884	Unicorn-64299.exe
1588	Unicorn-32981.exe
1328	Unicorn-36812.exe
1516	Unicorn-52847.exe
1580	Unicorn-63013.exe
2588	Unicorn-23246.exe
2460	Unicorn-43880.exe
2888	Unicorn-59147.exe
2360	Unicorn-6993.exe
2692	Unicorn-12909.exe
2540	Unicorn-62987.exe
1236	Unicorn-26100.exe
304	Unicorn-10641.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exeUnicorn-2825.exeUnicorn-60524.exeUnicorn-7794.exeUnicorn-5335.exeUnicorn-36638.exeUnicorn-1505.exeUnicorn-45066.exe

description	pid	process	target process
PID 2096 wrote to memory of 1700	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-2825.exe
PID 2096 wrote to memory of 1700	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-2825.exe
PID 2096 wrote to memory of 1700	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-2825.exe
PID 2096 wrote to memory of 1700	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-2825.exe
PID 1700 wrote to memory of 3028	1700	Unicorn-2825.exe	Unicorn-60524.exe
PID 1700 wrote to memory of 3028	1700	Unicorn-2825.exe	Unicorn-60524.exe
PID 1700 wrote to memory of 3028	1700	Unicorn-2825.exe	Unicorn-60524.exe
PID 1700 wrote to memory of 3028	1700	Unicorn-2825.exe	Unicorn-60524.exe
PID 2096 wrote to memory of 2736	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-7794.exe
PID 2096 wrote to memory of 2736	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-7794.exe
PID 2096 wrote to memory of 2736	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-7794.exe
PID 2096 wrote to memory of 2736	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	Unicorn-7794.exe
PID 2096 wrote to memory of 2348	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	WerFault.exe
PID 2096 wrote to memory of 2348	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	WerFault.exe
PID 2096 wrote to memory of 2348	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	WerFault.exe
PID 2096 wrote to memory of 2348	2096	a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe	WerFault.exe
PID 3028 wrote to memory of 2784	3028	Unicorn-60524.exe	Unicorn-5335.exe
PID 3028 wrote to memory of 2784	3028	Unicorn-60524.exe	Unicorn-5335.exe
PID 3028 wrote to memory of 2784	3028	Unicorn-60524.exe	Unicorn-5335.exe
PID 3028 wrote to memory of 2784	3028	Unicorn-60524.exe	Unicorn-5335.exe
PID 1700 wrote to memory of 2768	1700	Unicorn-2825.exe	Unicorn-1505.exe
PID 1700 wrote to memory of 2768	1700	Unicorn-2825.exe	Unicorn-1505.exe
PID 1700 wrote to memory of 2768	1700	Unicorn-2825.exe	Unicorn-1505.exe
PID 1700 wrote to memory of 2768	1700	Unicorn-2825.exe	Unicorn-1505.exe
PID 2736 wrote to memory of 2676	2736	Unicorn-7794.exe	Unicorn-36638.exe
PID 2736 wrote to memory of 2676	2736	Unicorn-7794.exe	Unicorn-36638.exe
PID 2736 wrote to memory of 2676	2736	Unicorn-7794.exe	Unicorn-36638.exe
PID 2736 wrote to memory of 2676	2736	Unicorn-7794.exe	Unicorn-36638.exe
PID 1700 wrote to memory of 2964	1700	Unicorn-2825.exe	WerFault.exe
PID 1700 wrote to memory of 2964	1700	Unicorn-2825.exe	WerFault.exe
PID 1700 wrote to memory of 2964	1700	Unicorn-2825.exe	WerFault.exe
PID 1700 wrote to memory of 2964	1700	Unicorn-2825.exe	WerFault.exe
PID 2784 wrote to memory of 1952	2784	Unicorn-5335.exe	Unicorn-45066.exe
PID 2784 wrote to memory of 1952	2784	Unicorn-5335.exe	Unicorn-45066.exe
PID 2784 wrote to memory of 1952	2784	Unicorn-5335.exe	Unicorn-45066.exe
PID 2784 wrote to memory of 1952	2784	Unicorn-5335.exe	Unicorn-45066.exe
PID 2676 wrote to memory of 2680	2676	Unicorn-36638.exe	Unicorn-12009.exe
PID 2676 wrote to memory of 2680	2676	Unicorn-36638.exe	Unicorn-12009.exe
PID 2676 wrote to memory of 2680	2676	Unicorn-36638.exe	Unicorn-12009.exe
PID 2676 wrote to memory of 2680	2676	Unicorn-36638.exe	Unicorn-12009.exe
PID 2736 wrote to memory of 2576	2736	Unicorn-7794.exe	Unicorn-57681.exe
PID 2736 wrote to memory of 2576	2736	Unicorn-7794.exe	Unicorn-57681.exe
PID 2736 wrote to memory of 2576	2736	Unicorn-7794.exe	Unicorn-57681.exe
PID 2736 wrote to memory of 2576	2736	Unicorn-7794.exe	Unicorn-57681.exe
PID 3028 wrote to memory of 1912	3028	Unicorn-60524.exe	Unicorn-55735.exe
PID 3028 wrote to memory of 1912	3028	Unicorn-60524.exe	Unicorn-55735.exe
PID 3028 wrote to memory of 1912	3028	Unicorn-60524.exe	Unicorn-55735.exe
PID 3028 wrote to memory of 1912	3028	Unicorn-60524.exe	Unicorn-55735.exe
PID 2768 wrote to memory of 1432	2768	Unicorn-1505.exe	Unicorn-10063.exe
PID 2768 wrote to memory of 1432	2768	Unicorn-1505.exe	Unicorn-10063.exe
PID 2768 wrote to memory of 1432	2768	Unicorn-1505.exe	Unicorn-10063.exe
PID 2768 wrote to memory of 1432	2768	Unicorn-1505.exe	Unicorn-10063.exe
PID 3028 wrote to memory of 1804	3028	Unicorn-60524.exe	WerFault.exe
PID 3028 wrote to memory of 1804	3028	Unicorn-60524.exe	WerFault.exe
PID 3028 wrote to memory of 1804	3028	Unicorn-60524.exe	WerFault.exe
PID 3028 wrote to memory of 1804	3028	Unicorn-60524.exe	WerFault.exe
PID 2736 wrote to memory of 2688	2736	Unicorn-7794.exe	WerFault.exe
PID 2736 wrote to memory of 2688	2736	Unicorn-7794.exe	WerFault.exe
PID 2736 wrote to memory of 2688	2736	Unicorn-7794.exe	WerFault.exe
PID 2736 wrote to memory of 2688	2736	Unicorn-7794.exe	WerFault.exe
PID 1952 wrote to memory of 1872	1952	Unicorn-45066.exe	Unicorn-4171.exe
PID 1952 wrote to memory of 1872	1952	Unicorn-45066.exe	Unicorn-4171.exe
PID 1952 wrote to memory of 1872	1952	Unicorn-45066.exe	Unicorn-4171.exe
PID 1952 wrote to memory of 1872	1952	Unicorn-45066.exe	Unicorn-4171.exe

C:\Users\Admin\AppData\Local\Temp\a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe
"C:\Users\Admin\AppData\Local\Temp\a173f4e0e5f0ce59039795cd9b2396c493990bf9062c4bd4ce2245ed7117614f.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2096

C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1700

C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3028

C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1872

C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4125.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2156

C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51902.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3044

C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63013.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1580

C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31190.exe
10⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61050.exe
11⤵
PID:3812

C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55756.exe
12⤵
PID:4824

C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52790.exe
13⤵
PID:6692

C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35049.exe
14⤵
PID:9696

C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44815.exe
15⤵
PID:12040

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9696 -s 216
15⤵
PID:6016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6692 -s 216
14⤵
PID:10424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4824 -s 216
13⤵
PID:7292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3812 -s 216
12⤵
PID:6440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1936 -s 236
11⤵
PID:4296

C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24163.exe
10⤵
PID:3932

C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65242.exe
11⤵
PID:4528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43693.exe
12⤵
PID:6756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31592.exe
13⤵
PID:10020

C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35464.exe
14⤵
PID:11376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10020 -s 236
14⤵
PID:12312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6756 -s 236
13⤵
PID:10712

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4528 -s 216
12⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3932 -s 216
11⤵
PID:5612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1580 -s 240
10⤵
PID:4828

C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61402.exe
9⤵
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19229.exe
10⤵
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21958.exe
11⤵
PID:4264

C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
12⤵
PID:7048

C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1250.exe
13⤵
PID:9516

C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59340.exe
14⤵
PID:12076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9516 -s 216
14⤵
PID:4428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7048 -s 236
13⤵
PID:10320

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4264 -s 216
12⤵
PID:8036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3728 -s 216
11⤵
PID:6316

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 236
10⤵
PID:5096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3044 -s 240
9⤵
- Program crash
PID:3428

C:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23246.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14360.exe
9⤵
PID:2792

C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28378.exe
10⤵
PID:3784

C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15715.exe
11⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-14284.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14284.exe
12⤵
PID:6876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 188
13⤵
PID:6204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 216
12⤵
PID:7616

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3784 -s 216
11⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2792 -s 236
10⤵
PID:5072

C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40992.exe
9⤵
PID:3860

C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37993.exe
10⤵
PID:4488

C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35795.exe
11⤵
PID:7040

C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36035.exe
12⤵
PID:9480

C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50651.exe
12⤵
PID:9240

C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61774.exe
13⤵
PID:11956

C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52667.exe
14⤵
PID:8748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9240 -s 236
13⤵
PID:12492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7040 -s 220
12⤵
PID:10868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4488 -s 216
11⤵
PID:2052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3860 -s 216
10⤵
PID:6332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
9⤵
PID:4100

C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32036.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3024

C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52847.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1516

C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57715.exe
9⤵
PID:1020

C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51709.exe
10⤵
PID:3660

C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45865.exe
11⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31306.exe
12⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14716.exe
13⤵
PID:9348

C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10201.exe
14⤵
PID:11932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9348 -s 216
14⤵
PID:12216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 216
13⤵
PID:10248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4932 -s 216
12⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3660 -s 216
11⤵
PID:6272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1020 -s 236
10⤵
PID:5080

C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16960.exe
9⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61568.exe
10⤵
PID:4636

C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47341.exe
11⤵
PID:6916

C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35267.exe
12⤵
PID:9580

C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3787.exe
13⤵
PID:11960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9580 -s 216
13⤵
PID:8276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6916 -s 216
12⤵
PID:10348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4636 -s 216
11⤵
PID:7736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 216
10⤵
PID:5468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1516 -s 240
9⤵
PID:4856

C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
8⤵
PID:1284

C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37127.exe
9⤵
PID:3608

C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7577.exe
10⤵
PID:4464

C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54030.exe
11⤵
PID:6616

C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36481.exe
12⤵
PID:8300

C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19937.exe
13⤵
PID:11608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8300 -s 216
13⤵
PID:11944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6616 -s 236
12⤵
PID:9964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4464 -s 236
11⤵
PID:7996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3608 -s 216
10⤵
PID:5552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1284 -s 236
9⤵
PID:4744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3024 -s 240
8⤵
- Program crash
PID:3100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1872 -s 240
7⤵
- Program crash
PID:2812

C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65064.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52094.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2708

C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36812.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42448.exe
9⤵
PID:2848

C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56260.exe
10⤵
PID:3500

C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47645.exe
11⤵
PID:4572

C:\Users\Admin\AppData\Local\Temp\Unicorn-4694.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4694.exe
12⤵
PID:6668

C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39361.exe
13⤵
PID:8324

C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13574.exe
14⤵
PID:11532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8324 -s 216
14⤵
PID:1364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6668 -s 216
13⤵
PID:9524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 216
12⤵
PID:8180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3500 -s 216
11⤵
PID:6036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2848 -s 236
10⤵
PID:4840

C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52046.exe
9⤵
PID:3548

C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29856.exe
10⤵
PID:4732

C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37559.exe
11⤵
PID:6696

C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37991.exe
12⤵
PID:8984

C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46304.exe
13⤵
PID:11668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8984 -s 216
13⤵
PID:11972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6696 -s 216
12⤵
PID:9512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4732 -s 216
11⤵
PID:8172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3548 -s 236
10⤵
PID:6212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1328 -s 240
9⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5753.exe
8⤵
PID:1780

C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36846.exe
9⤵
PID:3900

C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49392.exe
10⤵
PID:5776

C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7864.exe
11⤵
PID:7836

C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49872.exe
12⤵
PID:10844

C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5502.exe
13⤵
PID:12776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10844 -s 236
13⤵
PID:7484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5776 -s 216
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3900 -s 236
10⤵
PID:6664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1780 -s 216
9⤵
PID:4872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2708 -s 240
8⤵
- Program crash
PID:3108

C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32981.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1588

C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44176.exe
8⤵
PID:1324

C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49467.exe
9⤵
PID:3272

C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58383.exe
10⤵
PID:3408

C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2256.exe
11⤵
PID:5244

C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5046.exe
12⤵
PID:7824

C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22882.exe
13⤵
PID:10528

C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43935.exe
14⤵
PID:12588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10528 -s 216
14⤵
PID:12892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7824 -s 216
13⤵
PID:10936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5244 -s 216
12⤵
PID:8560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3408 -s 216
11⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3272 -s 236
10⤵
PID:4524

C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23634.exe
9⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17332.exe
10⤵
PID:5272

C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5238.exe
11⤵
PID:7796

C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20936.exe
12⤵
PID:10496

C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21133.exe
13⤵
PID:12428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10496 -s 216
13⤵
PID:1524

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7796 -s 216
12⤵
PID:10900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5272 -s 216
11⤵
PID:8544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 216
10⤵
PID:6820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1324 -s 240
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12772.exe
8⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24175.exe
9⤵
PID:3620

C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10611.exe
10⤵
PID:5440

C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23277.exe
11⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59010.exe
12⤵
PID:10636

C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12492.exe
13⤵
PID:12528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10636 -s 216
13⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 216
12⤵
PID:11100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5440 -s 216
11⤵
PID:8700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3620 -s 216
10⤵
PID:7024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 236
9⤵
PID:4880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1588 -s 240
8⤵
- Program crash
PID:3352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
7⤵
- Program crash
PID:2668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
6⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52449.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16542.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2504

C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12909.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12762.exe
9⤵
PID:1312

C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61749.exe
10⤵
PID:4760

C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9631.exe
11⤵
PID:5448

C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22705.exe
12⤵
PID:8264

C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62829.exe
13⤵
PID:10400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5448 -s 236
12⤵
PID:9492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4760 -s 216
11⤵
PID:7584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1312 -s 236
10⤵
PID:5492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2692 -s 236
9⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
8⤵
PID:828

C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19487.exe
9⤵
PID:4580

C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29092.exe
10⤵
PID:5584

C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39238.exe
11⤵
PID:9040

C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38729.exe
12⤵
PID:10732

C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45237.exe
13⤵
PID:12856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9040 -s 216
12⤵
PID:11852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5584 -s 236
11⤵
PID:10060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4580 -s 216
10⤵
PID:7496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 828 -s 216
9⤵
PID:5632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2504 -s 220
8⤵
- Program crash
PID:3400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 976 -s 236
7⤵
- Program crash
PID:1944

C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11943.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13677.exe
7⤵
- Executes dropped EXE
PID:1140

C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31724.exe
8⤵
PID:3256

C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29096.exe
9⤵
PID:5016

C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14111.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53973.exe
11⤵
PID:9832

C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33475.exe
12⤵
PID:10988

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9832 -s 216
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
11⤵
PID:10948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5016 -s 236
10⤵
PID:9076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3256 -s 216
9⤵
PID:6592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1140 -s 216
8⤵
PID:4496

C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
7⤵
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64465.exe
8⤵
PID:3616

C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
9⤵
PID:6048

C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32050.exe
10⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8188 -s 200
11⤵
PID:10600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6048 -s 216
10⤵
PID:8268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 216
8⤵
PID:4704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2524 -s 240
7⤵
- Program crash
PID:3236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 240
6⤵
- Program crash
PID:2304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1560

C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1912

C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26668.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65067.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1600

C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
7⤵
PID:2452

C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30552.exe
8⤵
PID:1400

C:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63934.exe
9⤵
PID:5000

C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39567.exe
10⤵
PID:6176

C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2889.exe
11⤵
PID:8652

C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-826.exe
12⤵
PID:11380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8652 -s 236
12⤵
PID:11420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6176 -s 216
11⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5000 -s 216
10⤵
PID:7700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1400 -s 236
9⤵
PID:5452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2452 -s 236
8⤵
PID:4436

C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59202.exe
7⤵
PID:1688

C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56162.exe
8⤵
PID:3676

C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57399.exe
9⤵
PID:5588

C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36458.exe
10⤵
PID:8140

C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41076.exe
11⤵
PID:10752

C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6768.exe
12⤵
PID:12364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10752 -s 216
12⤵
PID:12580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8140 -s 236
11⤵
PID:11252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5588 -s 216
10⤵
PID:8980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3676 -s 216
9⤵
PID:7084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 236
8⤵
PID:4504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1600 -s 220
7⤵
- Program crash
PID:3580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 216
6⤵
- Program crash
PID:892

C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37409.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1800

C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32634.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2944

C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12141.exe
7⤵
PID:1352

C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63608.exe
8⤵
PID:2508

C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43602.exe
9⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28324.exe
10⤵
PID:5288

C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56233.exe
11⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
12⤵
PID:10652

C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17220.exe
13⤵
PID:13024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10652 -s 216
13⤵
PID:13104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
12⤵
PID:11736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5288 -s 216
11⤵
PID:10052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4616 -s 216
10⤵
PID:7452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2508 -s 216
9⤵
PID:5596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1352 -s 236
8⤵
- Program crash
PID:3140

C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10686.exe
7⤵
PID:788

C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
8⤵
PID:3928

C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
9⤵
PID:6068

C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
10⤵
PID:8208

C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
11⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61906.exe
12⤵
PID:12840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
12⤵
PID:13084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8208 -s 216
11⤵
PID:11292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6068 -s 216
10⤵
PID:8676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 216
9⤵
PID:6200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 788 -s 236
8⤵
PID:4692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2944 -s 240
7⤵
- Program crash
PID:3300

C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7543.exe
6⤵
PID:556

C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57557.exe
7⤵
PID:1868

C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61261.exe
8⤵
PID:4184

C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47026.exe
9⤵
PID:5540

C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20286.exe
10⤵
PID:8432

C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6577.exe
11⤵
PID:10332

C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28399.exe
12⤵
PID:13176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10332 -s 216
12⤵
PID:7916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8432 -s 216
11⤵
PID:11544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5540 -s 216
10⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4184 -s 236
9⤵
PID:6472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1868 -s 236
8⤵
PID:5668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 556 -s 236
7⤵
- Program crash
PID:3216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1800 -s 240
6⤵
- Program crash
PID:588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1912 -s 240
5⤵
- Program crash
PID:2764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3028 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1804

C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2768

C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46761.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:836

C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35838.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:704

C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48228.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1924

C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43880.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2460

C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18009.exe
9⤵
PID:1436

C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10780.exe
10⤵
PID:3844

C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29664.exe
11⤵
PID:4688

C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30538.exe
12⤵
PID:6984

C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38507.exe
13⤵
PID:10216

C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9174.exe
14⤵
PID:11900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10216 -s 216
14⤵
PID:12484

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6984 -s 216
13⤵
PID:10832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4688 -s 216
12⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3844 -s 216
11⤵
PID:6156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1436 -s 236
10⤵
PID:4888

C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8704.exe
9⤵
PID:3920

C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62886.exe
10⤵
PID:4868

C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45971.exe
11⤵
PID:6944

C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30010.exe
12⤵
PID:9400

C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44047.exe
13⤵
PID:12000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9400 -s 216
13⤵
PID:11396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6944 -s 216
12⤵
PID:10312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4868 -s 216
11⤵
PID:7756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3920 -s 216
10⤵
PID:6256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2460 -s 240
9⤵
PID:5044

C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46851.exe
8⤵
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44029.exe
9⤵
PID:3908

C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48963.exe
10⤵
PID:4780

C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55540.exe
11⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62599.exe
12⤵
PID:9220

C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39034.exe
13⤵
PID:11828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9220 -s 236
13⤵
PID:12096

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 216
12⤵
PID:9852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4780 -s 216
11⤵
PID:8128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3908 -s 216
10⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 236
9⤵
PID:4980

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1924 -s 220
8⤵
- Program crash
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6993.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1947.exe
8⤵
PID:2264

C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29146.exe
9⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19436.exe
10⤵
PID:4720

C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4056.exe
11⤵
PID:6292

C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23648.exe
12⤵
PID:9596

C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62630.exe
13⤵
PID:12128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9596 -s 216
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6292 -s 216
12⤵
PID:10372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4720 -s 216
11⤵
PID:8148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 236
10⤵
PID:6380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2264 -s 236
9⤵
PID:4216

C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57220.exe
8⤵
PID:4000

C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18860.exe
9⤵
PID:4660

C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55094.exe
10⤵
PID:6496

C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57088.exe
11⤵
PID:9668

C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64742.exe
12⤵
PID:12220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9668 -s 216
12⤵
PID:5796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6496 -s 216
11⤵
PID:10364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4660 -s 216
10⤵
PID:7864

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4000 -s 216
9⤵
PID:6364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 240
8⤵
PID:4204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 704 -s 240
7⤵
- Program crash
PID:1180

C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16551.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2816

C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46734.exe
7⤵
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25077.exe
8⤵
PID:2780

C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23057.exe
9⤵
PID:3872

C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
10⤵
PID:6096

C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43643.exe
11⤵
PID:1624

C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
12⤵
PID:10972

C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
13⤵
PID:12992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10972 -s 216
13⤵
PID:13292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1624 -s 216
12⤵
PID:11268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6096 -s 216
11⤵
PID:8516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3872 -s 216
10⤵
PID:6248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2780 -s 216
9⤵
PID:5140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 236
8⤵
- Program crash
PID:3132

C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5019.exe
7⤵
PID:1964

C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18937.exe
8⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20.exe
9⤵
PID:5832

C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45086.exe
10⤵
PID:8480

C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22805.exe
11⤵
PID:10416

C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1730.exe
12⤵
PID:13008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10416 -s 220
12⤵
PID:7776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8480 -s 216
11⤵
PID:11520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5832 -s 216
10⤵
PID:9448

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
9⤵
PID:7188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1964 -s 236
8⤵
PID:5748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2816 -s 240
7⤵
- Program crash
PID:4048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 836 -s 240
6⤵
- Program crash
PID:1244

C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33569.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2072

C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31866.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1668

C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62987.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe
8⤵
PID:1296

C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44982.exe
9⤵
PID:4368

C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11639.exe
10⤵
PID:5660

C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26311.exe
11⤵
PID:8528

C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4195.exe
12⤵
PID:10548

C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54953.exe
13⤵
PID:13252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10548 -s 220
13⤵
PID:7412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8528 -s 220
12⤵
PID:11680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 216
11⤵
PID:9504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4368 -s 216
10⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1296 -s 236
9⤵
PID:5708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2540 -s 236
8⤵
- Program crash
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
7⤵
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
8⤵
PID:4328

C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63995.exe
9⤵
PID:6028

C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9507.exe
10⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42535.exe
11⤵
PID:10820

C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57039.exe
12⤵
PID:13144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10820 -s 216
12⤵
PID:6416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 216
11⤵
PID:11776

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6028 -s 216
10⤵
PID:9556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4328 -s 216
9⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1532 -s 216
8⤵
PID:5756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1668 -s 220
7⤵
- Program crash
PID:3948

C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26100.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1236

C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
7⤵
PID:2892

C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64273.exe
8⤵
PID:3692

C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24089.exe
9⤵
PID:6040

C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30514.exe
10⤵
PID:8216

C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55871.exe
11⤵
PID:11012

C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11012 -s 216
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8216 -s 216
11⤵
PID:11308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6040 -s 216
10⤵
PID:8328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3692 -s 216
9⤵
PID:7144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2892 -s 216
8⤵
PID:4396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1236 -s 216
7⤵
- Program crash
PID:3600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2072 -s 240
6⤵
- Program crash
PID:1224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
5⤵
- Program crash
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42162.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24219.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:992

C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 220
7⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10641.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:304

C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
7⤵
PID:2600

C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31251.exe
8⤵
PID:4248

C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47768.exe
9⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61095.exe
10⤵
PID:8632

C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31326.exe
11⤵
PID:10760

C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25771.exe
12⤵
PID:7072

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10760 -s 216
12⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8632 -s 216
11⤵
PID:11728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
10⤵
PID:9564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4248 -s 216
9⤵
PID:6716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 236
8⤵
PID:5716

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 304 -s 216
7⤵
- Program crash
PID:4088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 992 -s 220
6⤵
- Program crash
PID:1344

C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64299.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46926.exe
6⤵
PID:2204

C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23541.exe
7⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37421.exe
8⤵
PID:3268

C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56927.exe
9⤵
PID:6116

C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53752.exe
10⤵
PID:8248

C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14942.exe
11⤵
PID:11088

C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7189.exe
12⤵
PID:13220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11088 -s 216
12⤵
PID:8012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8248 -s 216
11⤵
PID:11364

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6116 -s 216
10⤵
PID:9032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3268 -s 236
9⤵
PID:6624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 216
8⤵
PID:5428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2204 -s 236
7⤵
- Program crash
PID:3496

C:\Users\Admin\AppData\Local\Temp\Unicorn-36731.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36731.exe
6⤵
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52247.exe
7⤵
PID:3180

C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
8⤵
PID:6088

C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45205.exe
9⤵
PID:8056

C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44662.exe
10⤵
PID:10980

C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60152.exe
11⤵
PID:12804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10980 -s 216
11⤵
PID:7632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8056 -s 216
10⤵
PID:11276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6088 -s 216
9⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3180 -s 236
8⤵
PID:6324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 236
7⤵
PID:5188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 240
6⤵
- Program crash
PID:3328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
5⤵
- Program crash
PID:872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2768 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1700 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2736

C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2676

C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2680

C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11400.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:480

C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41432.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1732

C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64922.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1980

C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13485.exe
8⤵
PID:1256

C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41906.exe
9⤵
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57047.exe
10⤵
PID:3828

C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39548.exe
11⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10586.exe
12⤵
PID:7832

C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22815.exe
13⤵
PID:10992

C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35747.exe
14⤵
PID:12984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10992 -s 216
14⤵
PID:13276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7832 -s 216
13⤵
PID:11300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
12⤵
PID:8600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3828 -s 216
11⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2652 -s 236
10⤵
PID:5148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1256 -s 236
9⤵
- Program crash
PID:3092

C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5211.exe
8⤵
PID:2852

C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38949.exe
9⤵
PID:3772

C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23466.exe
10⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31850.exe
11⤵
PID:8060

C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
12⤵
PID:10692

C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14490.exe
13⤵
PID:12704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10692 -s 216
13⤵
PID:12948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8060 -s 216
12⤵
PID:11136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5560 -s 216
11⤵
PID:8892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3772 -s 216
10⤵
PID:7092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2852 -s 236
9⤵
PID:4360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1980 -s 220
8⤵
- Program crash
PID:3536

C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11409.exe
7⤵
PID:2828

C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58133.exe
8⤵
PID:1484

C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17486.exe
9⤵
PID:4092

C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63481.exe
10⤵
PID:5952

C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42901.exe
11⤵
PID:7172

C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
12⤵
PID:10920

C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54034.exe
13⤵
PID:12884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10920 -s 216
13⤵
PID:13140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7172 -s 236
12⤵
PID:4560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5952 -s 216
11⤵
PID:9160

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4092 -s 236
10⤵
PID:7036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1484 -s 236
9⤵
PID:4700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2828 -s 236
8⤵
- Program crash
PID:3196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1732 -s 240
7⤵
- Program crash
PID:1888

C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31242.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1848

C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59889.exe
7⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23349.exe
8⤵
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11925.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48536.exe
10⤵
PID:6064

C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63913.exe
11⤵
PID:9140

C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21392.exe
12⤵
PID:10448

C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26829.exe
13⤵
PID:8460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9140 -s 216
12⤵
PID:12188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6064 -s 216
11⤵
PID:7520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 216
10⤵
PID:7220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 236
9⤵
PID:5800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
8⤵
- Program crash
PID:3568

C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19134.exe
7⤵
PID:2712

C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33436.exe
8⤵
PID:4508

C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45438.exe
9⤵
PID:5392

C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10908.exe
10⤵
PID:8772

C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47361.exe
11⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63653.exe
12⤵
PID:6424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10964 -s 236
12⤵
PID:12700

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8772 -s 216
11⤵
PID:11868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5392 -s 236
10⤵
PID:9640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4508 -s 236
9⤵
PID:7304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2712 -s 236
8⤵
PID:5852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1848 -s 240
7⤵
- Program crash
PID:3188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 480 -s 240
6⤵
- Program crash
PID:1828

C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37601.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
7⤵
PID:1492

C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55829.exe
8⤵
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59445.exe
9⤵
PID:4804

C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4185.exe
10⤵
PID:5696

C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37832.exe
11⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64365.exe
12⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25843.exe
13⤵
PID:7272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 236
12⤵
PID:288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5696 -s 216
11⤵
PID:9432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4804 -s 216
10⤵
PID:7604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2720 -s 236
9⤵
PID:5548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1492 -s 236
8⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3675.exe
7⤵
PID:2616

C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33521.exe
8⤵
PID:3320

C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47228.exe
9⤵
PID:6008

C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60114.exe
10⤵
PID:7752

C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1138.exe
11⤵
PID:10928

C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57656.exe
12⤵
PID:12748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10928 -s 236
12⤵
PID:13060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7752 -s 216
11⤵
PID:11140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6008 -s 236
10⤵
PID:9212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3320 -s 236
9⤵
PID:6996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2616 -s 236
8⤵
PID:5024

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 240
7⤵
- Program crash
PID:3204

C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
6⤵
PID:2308

C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24309.exe
7⤵
PID:1776

C:\Users\Admin\AppData\Local\Temp\Unicorn-12290.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12290.exe
8⤵
PID:3128

C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4910.exe
9⤵
PID:4656

C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43413.exe
10⤵
PID:6956

C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25833.exe
11⤵
PID:9836

C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14638.exe
12⤵
PID:12172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9836 -s 216
12⤵
PID:6480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6956 -s 216
11⤵
PID:10568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4656 -s 216
10⤵
PID:8344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3128 -s 216
9⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1776 -s 236
8⤵
PID:4380

C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42502.exe
7⤵
PID:3160

C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41052.exe
9⤵
PID:6896

C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45158.exe
10⤵
PID:9788

C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5168.exe
11⤵
PID:12108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9788 -s 216
11⤵
PID:12664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6896 -s 236
10⤵
PID:10432

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 236
9⤵
PID:8232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3160 -s 236
8⤵
PID:6464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2308 -s 240
7⤵
PID:4312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 240
6⤵
- Program crash
PID:2372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2680 -s 240
5⤵
- Program crash
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6802.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:932

C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42008.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32442.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31275.exe
7⤵
PID:2968

C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30360.exe
8⤵
PID:2532

C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43664.exe
9⤵
PID:4136

C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24831.exe
10⤵
PID:5204

C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22834.exe
11⤵
PID:8280

C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-469.exe
12⤵
PID:11120

C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24320.exe
13⤵
PID:13048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11120 -s 220
13⤵
PID:7892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8280 -s 220
12⤵
PID:11412

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5204 -s 216
11⤵
PID:8256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4136 -s 236
10⤵
PID:6600

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2532 -s 216
9⤵
PID:5480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2968 -s 236
8⤵
- Program crash
PID:3756

C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58434.exe
7⤵
PID:676

C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9585.exe
8⤵
PID:4712

C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21313.exe
9⤵
PID:6132

C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20224.exe
10⤵
PID:8960

C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20198.exe
11⤵
PID:10300

C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22108.exe
12⤵
PID:12760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10300 -s 216
12⤵
PID:12968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8960 -s 236
11⤵
PID:11560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6132 -s 216
10⤵
PID:9968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4712 -s 216
9⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 676 -s 216
8⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 220
7⤵
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56853.exe
6⤵
PID:264

C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14900.exe
7⤵
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2455.exe
8⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14216.exe
9⤵
PID:5944

C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60468.exe
10⤵
PID:8368

C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62201.exe
11⤵
PID:10396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8368 -s 236
11⤵
PID:11356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5944 -s 216
10⤵
PID:9528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
9⤵
PID:7636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 216
8⤵
PID:6032

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 264 -s 236
7⤵
PID:4276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1544 -s 240
6⤵
- Program crash
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45825.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:532

C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44430.exe
6⤵
PID:1764

C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46587.exe
7⤵
PID:2284

C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56565.exe
8⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20737.exe
9⤵
PID:5816

C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19456.exe
10⤵
PID:8884

C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46653.exe
11⤵
PID:11260

C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47551.exe
12⤵
PID:12680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11260 -s 216
12⤵
PID:8844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8884 -s 236
11⤵
PID:11340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5816 -s 216
10⤵
PID:9884

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
9⤵
PID:7404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2284 -s 216
8⤵
PID:5256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1764 -s 236
7⤵
PID:3888

C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44511.exe
6⤵
PID:2860

C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61811.exe
7⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15287.exe
8⤵
PID:5960

C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12771.exe
9⤵
PID:8668

C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27076.exe
10⤵
PID:10864

C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8741.exe
11⤵
PID:13308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10864 -s 216
11⤵
PID:12504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8668 -s 216
10⤵
PID:11796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5960 -s 216
9⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4340 -s 216
8⤵
PID:7196

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2860 -s 216
7⤵
PID:5740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 532 -s 240
6⤵
- Program crash
PID:3960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 932 -s 240
5⤵
- Program crash
PID:1728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2676 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2380

C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2397.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-288.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1360 -s 240
7⤵
- Program crash
PID:2536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 236
6⤵
- Program crash
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61227.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59147.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40536.exe
7⤵
PID:1908

C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30509.exe
8⤵
PID:3868

C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56159.exe
9⤵
PID:5416

C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4992.exe
10⤵
PID:8372

C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21051.exe
11⤵
PID:11236

C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34657.exe
12⤵
PID:12940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11236 -s 216
12⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8372 -s 216
11⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5416 -s 216
10⤵
PID:9308

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3868 -s 236
9⤵
PID:6940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1908 -s 236
8⤵
PID:5636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 236
7⤵
- Program crash
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52985.exe
6⤵
PID:2100

C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5013.exe
7⤵
PID:4468

C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28635.exe
8⤵
PID:5172

C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46596.exe
9⤵
PID:8720

C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44839.exe
10⤵
PID:10700

C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47200.exe
11⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10700 -s 216
11⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8720 -s 216
10⤵
PID:11720

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5172 -s 216
9⤵
PID:9632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4468 -s 216
8⤵
PID:7256

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2100 -s 236
7⤵
PID:5840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 240
6⤵
- Program crash
PID:4068

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2380 -s 240
5⤵
- Program crash
PID:2232

C:\Users\Admin\AppData\Local\Temp\Unicorn-49029.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49029.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35623.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2404

C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
6⤵
PID:2604

C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62072.exe
7⤵
PID:3120

C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55946.exe
9⤵
PID:5504

C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31274.exe
10⤵
PID:8024

C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42420.exe
11⤵
PID:10704

C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1065.exe
12⤵
PID:12560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10704 -s 216
12⤵
PID:12824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8024 -s 216
11⤵
PID:10940

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5504 -s 216
10⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 216
9⤵
PID:7060

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3120 -s 236
8⤵
PID:5112

C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
7⤵
PID:3832

C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24535.exe
8⤵
PID:5532

C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35882.exe
9⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26167.exe
10⤵
PID:10724

C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25596.exe
11⤵
PID:12624

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10724 -s 236
11⤵
PID:7388

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
10⤵
PID:11248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5532 -s 216
9⤵
PID:8928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3832 -s 216
8⤵
PID:7120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2604 -s 240
7⤵
PID:4156

C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57474.exe
6⤵
PID:3152

C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57506.exe
7⤵
PID:3544

C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21390.exe
8⤵
PID:5160

C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26318.exe
9⤵
PID:7740

C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35113.exe
10⤵
PID:10384

C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36976.exe
11⤵
PID:12456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10384 -s 216
11⤵
PID:12724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7740 -s 216
10⤵
PID:10808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5160 -s 236
9⤵
PID:8452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 216
8⤵
PID:6792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3152 -s 236
7⤵
PID:5064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2404 -s 240
6⤵
- Program crash
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
5⤵
PID:1796

C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14106.exe
6⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23509.exe
7⤵
PID:4672

C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18407.exe
8⤵
PID:5968

C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52512.exe
9⤵
PID:8932

C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46845.exe
10⤵
PID:11076

C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21651.exe
11⤵
PID:12476

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11076 -s 216
11⤵
PID:12852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8932 -s 216
10⤵
PID:11324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5968 -s 216
9⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4672 -s 216
8⤵
PID:7396

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 216
7⤵
PID:5176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1796 -s 236
6⤵
- Program crash
PID:3724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2988 -s 240
5⤵
- Program crash
PID:2440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2576 -s 240
4⤵
- Program crash
PID:2724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2736 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2096 -s 240
2⤵
- Program crash
PID:2348

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-12009.exe
Filesize
184KB

MD5
14d4738a5faa7301650d13ed03b152bf

SHA1
9d6e91fe0c675eeea3f9d821a108a057ab882aa5

SHA256
b042a1335471cf6b9e59df2bcc006f10ed780bac467d7bc12f5e838fa8d03672

SHA512
0ad011fe60573539463d7ac79aeb64d3e77c4853f5350e8481ea33a05eceac1d878a5a49642bc2665adbf583878c8d8b912611ed5371c2c0b0fcb6e05969de99

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-1505.exe
Filesize
184KB

MD5
555dcbf041992970c00e2c8cb01ca0f0

SHA1
d824969fc29e0bd605da28e4199a6edc7d82e0c9

SHA256
f5a6df9da38637ba7a8487ca8a81f8fefdc8f15aa77792972906778fb45c4143

SHA512
4391058da57faaa4fe7c5235437c9f6039b7cfdd27651201ab0ef8cb67992c7f3559632a0bb0744c909808eceafa4029b01da918651bbb9b8248b365d5d5cffa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-36638.exe
Filesize
184KB

MD5
06143bf54577e76ad27553532ec99dc3

SHA1
a52e9d528e201aa3c8c981d74f143a0c4ea6be5b

SHA256
3261c1966678b228c38f14b449849710d5ccb797357dbbbc6e778ae9e4ad1af0

SHA512
3c87698793a881834a6e8ad37d7f05b8ed0232aa8db5052ac2001c3a0278122f1594856a09070dfdf5c44f3b2c3b0eaeac77b0af9d1ab82bc8062e5c80fd133e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-39944.exe
Filesize
184KB

MD5
47ea7839620eea8d8f62de64ad4bbba5

SHA1
39224cfb01d8c76a26d7afff1bcf1189980838b4

SHA256
700cf50db03b3956df514e313b8e01898839cdb7c5e91428fc336d63a3551613

SHA512
35905db93909284bbb359d110415476297dff9d55c61b6eeff0859d93740e1035bdc68715416589be1632c3a3557a34a202ba64b45c3643af34895190af8b823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40023.exe
Filesize
184KB

MD5
8a333a964b1274013c0dd8338ee5b2eb

SHA1
92125650106d610c2a021a9af4765f93702fdba9

SHA256
8c0f0a4be457ad33f3f0ab6baed0f331a724fd07910c2b4c245537a2d05fb967

SHA512
ebf3a6d248d310648514bc11a22bb718e2d8ee5847e02018a81ee6419932b57dfea38c230ce7c02f4928b2d541466edc5a841048a9cecff1ea06decb1c2339bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5672.exe
Filesize
184KB

MD5
83759b90dda4805897d874968fe8f3f4

SHA1
cfe632aa0208a1868ff997b5e4570dfb3abec187

SHA256
1d8dba9cccc3bc840b41e08ece5e29b401112512e2c891c38bca2271b9e3f1bb

SHA512
da05a5a5bafaa381c0ba3be129ca32645329415d3ffe0eba27fe3f1b5ebbd65343d246298f7da4194d2a02db7bd664df705512bbda0083ea3b10088986960a2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57621.exe
Filesize
184KB

MD5
68563b56df4aa5734aab3cecc273f2e5

SHA1
9ec1ef2b6a0be9025c1b72ee27113a5a61dfdfe8

SHA256
239e470a072b4b5b87e5bd9aed88b21372b5634848d1c96500abd6b6234ca539

SHA512
45c1e8e79be30be37e367263de6bacf8b786f46c98f5f0d83d9fca6a5f7c67981c84661b27752ab0314615ea11f7ec83d57e30fe792c6559bd633a4ef6ee9d3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-5892.exe
Filesize
184KB

MD5
260c85449fcf9d19f2bb11ef593c4e1e

SHA1
70a805a071611a4a9ca10f54b4a368f9c6fde6a5

SHA256
073834c636a1a683b0d9a12be97652f17bcb9ba08fab2cd80aa3d9a0104f05ae

SHA512
f1922b92f7f9ba19b858ccef74e1829abaf3c65d50e66a4d28ac30d456b06959a99cf23e3e9bbc3fe3c955399b435628a4844bef5e60143edf42d72826eecdb3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6446.exe
Filesize
184KB

MD5
43a04958ac7f77c1959f4972387476e9

SHA1
730ddc6ca961d85651a8547c313b0af10e38d151

SHA256
bb05d5ad0c992ccda0a7f706ba8141d8a1bd2cdbb7b292587cf9b7a2716e1183

SHA512
e083aedb2d91cdc80b97f9d06466352c7c6c9e654ca14b6ca9e03cb51e8dab1b1a560f85f1d6826cc2580663e2421be6bef51589e8350219f250bf4fcdb80378

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6519.exe
Filesize
184KB

MD5
4c9d62eb4fbb45a18eb31ff23dd77738

SHA1
4f70da12fc1026c6b470e4d330146ce000de892c

SHA256
f1c38c8bb6c642bd6f4890a966d1c38cb370bb16e1b5efa87cc62c9a894a5dfb

SHA512
3fadf54c59596718fa5aa14d87c1c5b6c540d570b2316866ebb036615e8ef57538b0085e093f563d5faeeb45ea356a022a6f448117dca9cdd0e64401a6cc9976

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-7794.exe
Filesize
184KB

MD5
4653a4ccb35c9cddb0facf60227bc3d4

SHA1
5a3dd876c10525891735e2249818bdf9cb8891ff

SHA256
3ca64ec9e866bc430a5243f1e14f66783c6573df0ffe629ca79f11f074be0f7b

SHA512
18e73a121a0af32c81991d5fbe0dd5273bb52dbac52cb453ecb6b21e7682e06703a483fbf56d922c706a352e1b3108e7c7792945136278971b29c1ffadd49fd2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10063.exe
Filesize
184KB

MD5
2f433b6ff3ca3be69b84470605900a2c

SHA1
96ff6c7eef0528d07e044c372e4e31c3fcff4f4a

SHA256
2c55fd38c3f9d4bac69c64f01d984afd061c049a520fd02685dfcb41a00cdecb

SHA512
7450744e087cbccf777d764dd911cbe71200e392ebcaa6e1389575d45ce3363e8612e5e4186887a6a3498e319475c420615d788297a31b15a9a34d42fd8a88d4

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-2825.exe
Filesize
184KB

MD5
6e6edeb3385308298c49f988fbba8d3b

SHA1
0cabad98814e3579f229fe17e1fc9f9ec291d15e

SHA256
f4ca53ec6f5f0805dd17d3147445bf591247562a1689019affd3545ae4df295e

SHA512
c2ccaf57eaede097ca13e428420fc6a13b46d3ed1afa7e39f8516ef8722f4d349870265c363fd0dea236b3028b01cd12fed008e21f5fe0dcb47c70e5c96a1167

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-41586.exe
Filesize
184KB

MD5
c3589b46636f5688b2b0cbbdedbb8719

SHA1
91798843d7958f6deb96a05ccbf86f5eda20995e

SHA256
01a89a133b64933c4bc1e07cd6d7db52a8a9fab7542c3f814c511343107a7f79

SHA512
e907711c310b5d889463e451d50f40f0b380223d188ff1f82b9e4d424c98503bd93ab792a3fb44ace11b638ec130ff0aa3cf6083771f83cccf5e56dbdbdb3025

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-4171.exe
Filesize
184KB

MD5
4c9d636d5e1d56f13a41278a826b4485

SHA1
80f496dea5935a323a905a78da0642f136e16d54

SHA256
7e29afb43e0621b0538097f9a85b7048333a62748b59bb2d017b8ca4f6356de8

SHA512
1d072700582836ee4b254670b3ffc7e26f8a7f2321556dca8b30e849ba5adc2d6968aea0326ffc5ebf69f7289daf6ca034d519cd8ef45ce0140dde1076f236fe

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-45066.exe
Filesize
184KB

MD5
1aa1350f9c127bc7f450b209116cd46b

SHA1
191e0d2a1eee4658f9ab020a6c3255530dab953a

SHA256
e4bf864e58608a24d41972a08a1b5811cc055ff71dff381a5376aa8a18118f45

SHA512
0e94a6d3b9f0daae3b1fb4b0cdbc8173a1a19c5ce8cce6251c31a2a284f027d8a5bdeff2081c563401c641d71a859b137cc9fbacb6190b104a1010aa5342d878

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-5335.exe
Filesize
184KB

MD5
d01743fe93aea86b6c1931f26eae3790

SHA1
6313d150caf2c61cbf28b6890311e99ab3f72876

SHA256
38778f2b366c4c387989b965293f1257621743e34319283779ed20112b4a839b

SHA512
aba012270ed4b2e8d6a46499311fe24b2a98b8ccdf0235bdada955c7165264ea07b201dcaa780017419ee4d5e8c753a2a4be6982209009dcf12ef96216a83e42

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-55735.exe
Filesize
184KB

MD5
909cb91d021bb0216bd5306b3ce67a7e

SHA1
8244cd8ac6cb415d6ff18afd3573a3df9d852fbf

SHA256
ae48e033fcb730fa42f8beb464095829911db947b6befa48897ba40c7f4c3fcd

SHA512
a74476958a4ea1b3e968f46a5b019709c266d1a6df62caca0a6f53ae5ffe2ed6dbd46bda09a465349a84377c88c987a1e531591da4629e7326d17cb7fea7b59b

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57681.exe
Filesize
184KB

MD5
dbeaabb16786ef24d588a1c6fc80a9e3

SHA1
757ed4b97dc61de90f6727ae62a883b7f1a2d889

SHA256
3a96f0d58f5521b6a6231150d554441ed88199ea535dcdcedac7f25763e35d19

SHA512
f63b304bc398d2ae0a8222c06e957eb600689c57d12808b9ea6460b5d17cc046ab5b4d3cbcecfa05f05ff783be66b25ed584110c5d1ee8ccf278287b9f86abde

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-60524.exe
Filesize
184KB

MD5
b043fed19fbc84221905ee62706f855d

SHA1
fb67bf3a0aeacc5a05e89ac1ef261ec69964a443

SHA256
e61a7cb840b19b4396c6c9e4998aab51fc2ddc07dee5147f20030d84db2d25ee

SHA512
ebd0c3b6c7e5ee9cc21be36111be52da630b74c412e9544dbabee88fa6142425887c644a095c4d0786e5bec6d24a793d7895033a2b576f528999dcef28c30368

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-62220.exe
Filesize
184KB

MD5
dbfdfbfe8747d687286b11ce59be8187

SHA1
32af34284d476531fc09a15d324cf86b1752a0da

SHA256
dc3235b3d12aa7ddc41c397f17099510e45fa4ffe605f96264b0ba24c1ec9c9d

SHA512
8f4b660db2a84a1325579bcd056787858b6f1233883b62fba81bd43ef2b74be7540b5bfe4f1d93d5ad0744ce0e4d6678adb3e86edef14969f7efbd99f99d0964

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads