c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240220-en
resource tags

arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
submitted
23-05-2024 02:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
Size

184KB
MD5

4e286d641f8200e2d2b993107cc505ec
SHA1

6553346e1376a111716d65582a91ad80123783f5
SHA256

c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3
SHA512

1e2d8fd126cfddaf8d9cc474c3ae3e51e50609b9c4dbce080a462e76036398efc310b704b1c3e3f009843f40431a1d562fc7b8b1a9f0b97ef76ec34d8d9110ed
SSDEEP

3072:zZe2s8orTHhYdFYbe8gLRRs89lnViFxn3:zZDohEFYgL/s89lnViFx

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 64 IoCs

Processes:

Unicorn-11259.exeUnicorn-25326.exeUnicorn-54661.exeUnicorn-42482.exeUnicorn-57749.exeUnicorn-38760.exeUnicorn-28876.exeUnicorn-10079.exeUnicorn-45020.exeUnicorn-28492.exeUnicorn-57827.exeUnicorn-44771.exeUnicorn-8569.exeUnicorn-28435.exeUnicorn-18643.exeUnicorn-47786.exeUnicorn-2114.exeUnicorn-51315.exeUnicorn-14921.exeUnicorn-10609.exeUnicorn-26754.exeUnicorn-56089.exeUnicorn-22155.exeUnicorn-10225.exeUnicorn-5627.exeUnicorn-9841.exeUnicorn-25109.exeUnicorn-37915.exeUnicorn-37915.exeUnicorn-41253.exeUnicorn-57781.exeUnicorn-14504.exeUnicorn-43840.exeUnicorn-43840.exeUnicorn-63513.exeUnicorn-43455.exeUnicorn-63321.exeUnicorn-30457.exeUnicorn-12859.exeUnicorn-43071.exeUnicorn-61676.exeUnicorn-29689.exeUnicorn-44499.exeUnicorn-31500.exeUnicorn-60835.exeUnicorn-16041.exeUnicorn-47836.exeUnicorn-11442.exeUnicorn-60643.exeUnicorn-31635.exeUnicorn-27337.exeUnicorn-54302.exeUnicorn-53363.exeUnicorn-40404.exeUnicorn-52979.exeUnicorn-52979.exeUnicorn-52979.exeUnicorn-52979.exeUnicorn-43742.exeUnicorn-56357.exeUnicorn-10685.exeUnicorn-10685.exeUnicorn-10685.exeUnicorn-23492.exe

pid	process
2188	Unicorn-11259.exe
2496	Unicorn-25326.exe
2588	Unicorn-54661.exe
2260	Unicorn-42482.exe
2668	Unicorn-57749.exe
2396	Unicorn-38760.exe
2432	Unicorn-28876.exe
2636	Unicorn-10079.exe
2272	Unicorn-45020.exe
928	Unicorn-28492.exe
376	Unicorn-57827.exe
2000	Unicorn-44771.exe
2876	Unicorn-8569.exe
2896	Unicorn-28435.exe
2480	Unicorn-18643.exe
692	Unicorn-47786.exe
760	Unicorn-2114.exe
528	Unicorn-51315.exe
2568	Unicorn-14921.exe
2776	Unicorn-10609.exe
1464	Unicorn-26754.exe
968	Unicorn-56089.exe
1948	Unicorn-22155.exe
1852	Unicorn-10225.exe
1988	Unicorn-5627.exe
1644	Unicorn-9841.exe
572	Unicorn-25109.exe
1432	Unicorn-37915.exe
900	Unicorn-37915.exe
2784	Unicorn-41253.exe
1524	Unicorn-57781.exe
2492	Unicorn-14504.exe
2756	Unicorn-43840.exe
2592	Unicorn-43840.exe
2388	Unicorn-63513.exe
2936	Unicorn-43455.exe
2148	Unicorn-63321.exe
2912	Unicorn-30457.exe
2044	Unicorn-12859.exe
780	Unicorn-43071.exe
812	Unicorn-61676.exe
1468	Unicorn-29689.exe
1576	Unicorn-44499.exe
1164	Unicorn-31500.exe
1264	Unicorn-60835.exe
2152	Unicorn-16041.exe
2888	Unicorn-47836.exe
2224	Unicorn-11442.exe
1960	Unicorn-60643.exe
2112	Unicorn-31635.exe
804	Unicorn-27337.exe
2052	Unicorn-54302.exe
2976	Unicorn-53363.exe
1596	Unicorn-40404.exe
300	Unicorn-52979.exe
2960	Unicorn-52979.exe
1504	Unicorn-52979.exe
1972	Unicorn-52979.exe
888	Unicorn-43742.exe
2580	Unicorn-56357.exe
2408	Unicorn-10685.exe
2656	Unicorn-10685.exe
2416	Unicorn-10685.exe
2440	Unicorn-23492.exe

Loads dropped DLL 64 IoCs

Processes:

c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exeUnicorn-11259.exeUnicorn-54661.exeUnicorn-25326.exeWerFault.exeUnicorn-42482.exeUnicorn-38760.exeUnicorn-57749.exeWerFault.exeWerFault.exeUnicorn-28876.exeUnicorn-10079.exeUnicorn-57827.exeUnicorn-28492.exeUnicorn-45020.exeWerFault.exeWerFault.exeWerFault.exe

pid	process
2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
2188	Unicorn-11259.exe
2188	Unicorn-11259.exe
2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
2588	Unicorn-54661.exe
2588	Unicorn-54661.exe
2496	Unicorn-25326.exe
2496	Unicorn-25326.exe
2188	Unicorn-11259.exe
2188	Unicorn-11259.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2256	WerFault.exe
2260	Unicorn-42482.exe
2260	Unicorn-42482.exe
2588	Unicorn-54661.exe
2588	Unicorn-54661.exe
2396	Unicorn-38760.exe
2396	Unicorn-38760.exe
2668	Unicorn-57749.exe
2668	Unicorn-57749.exe
2496	Unicorn-25326.exe
2496	Unicorn-25326.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
1276	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2872	WerFault.exe
2432	Unicorn-28876.exe
2432	Unicorn-28876.exe
2260	Unicorn-42482.exe
2636	Unicorn-10079.exe
2260	Unicorn-42482.exe
2636	Unicorn-10079.exe
376	Unicorn-57827.exe
376	Unicorn-57827.exe
2668	Unicorn-57749.exe
2668	Unicorn-57749.exe
928	Unicorn-28492.exe
928	Unicorn-28492.exe
2272	Unicorn-45020.exe
2272	Unicorn-45020.exe
2396	Unicorn-38760.exe
2396	Unicorn-38760.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
3016	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
704	WerFault.exe
1128	WerFault.exe
1128	WerFault.exe

Program crash 64 IoCs

Processes:

WerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exeWerFault.exe

pid	pid_target	process	target process
2676	2340	WerFault.exe	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
2256	2188	WerFault.exe	Unicorn-11259.exe
1276	2588	WerFault.exe	Unicorn-54661.exe
2872	2496	WerFault.exe	Unicorn-25326.exe
3016	2260	WerFault.exe	Unicorn-42482.exe
704	2396	WerFault.exe	Unicorn-38760.exe
1128	2668	WerFault.exe	Unicorn-57749.exe
2572	2432	WerFault.exe	Unicorn-28876.exe
2684	2636	WerFault.exe	Unicorn-10079.exe
2528	376	WerFault.exe	Unicorn-57827.exe
2540	928	WerFault.exe	Unicorn-28492.exe
1040	2272	WerFault.exe	Unicorn-45020.exe
2728	2876	WerFault.exe	Unicorn-8569.exe
1740	2000	WerFault.exe	Unicorn-44771.exe
1144	2896	WerFault.exe	Unicorn-28435.exe
2216	2480	WerFault.exe	Unicorn-18643.exe
1292	692	WerFault.exe	Unicorn-47786.exe
2208	528	WerFault.exe	Unicorn-51315.exe
1676	760	WerFault.exe	Unicorn-2114.exe
1904	2568	WerFault.exe	Unicorn-14921.exe
980	2776	WerFault.exe	Unicorn-10609.exe
1708	968	WerFault.exe	Unicorn-56089.exe
2940	1464	WerFault.exe	Unicorn-26754.exe
1704	1948	WerFault.exe	Unicorn-22155.exe
2172	1852	WerFault.exe	Unicorn-10225.exe
1892	1644	WerFault.exe	Unicorn-9841.exe
1532	572	WerFault.exe	Unicorn-25109.exe
1036	1432	WerFault.exe	Unicorn-37915.exe
2652	1524	WerFault.exe	Unicorn-57781.exe
2720	2784	WerFault.exe	Unicorn-41253.exe
2748	900	WerFault.exe	Unicorn-37915.exe
2212	340	WerFault.exe	Unicorn-9460.exe
1784	2128	WerFault.exe	Unicorn-9460.exe
3380	2492	WerFault.exe	Unicorn-14504.exe
3404	2756	WerFault.exe	Unicorn-43840.exe
3516	2388	WerFault.exe	Unicorn-63513.exe
3664	1264	WerFault.exe	Unicorn-60835.exe
3756	780	WerFault.exe	Unicorn-43071.exe
3840	1468	WerFault.exe	Unicorn-29689.exe
3824	2044	WerFault.exe	Unicorn-12859.exe
3892	1164	WerFault.exe	Unicorn-31500.exe
4048	2152	WerFault.exe	Unicorn-16041.exe
3076	1960	WerFault.exe	Unicorn-60643.exe
3244	2148	WerFault.exe	Unicorn-63321.exe
3264	812	WerFault.exe	Unicorn-61676.exe
3740	2196	WerFault.exe	Unicorn-31308.exe
3876	1576	WerFault.exe	Unicorn-44499.exe
3324	2224	WerFault.exe	Unicorn-11442.exe
3468	1504	WerFault.exe	Unicorn-52979.exe
3476	1452	WerFault.exe	Unicorn-13181.exe
3512	2964	WerFault.exe	Unicorn-56165.exe
3672	2864	WerFault.exe	Unicorn-25761.exe
3728	2912	WerFault.exe	Unicorn-30457.exe
3764	1616	WerFault.exe	Unicorn-28449.exe
3780	1572	WerFault.exe	Unicorn-58853.exe
3792	868	WerFault.exe	Unicorn-26638.exe
3808	1356	WerFault.exe	Unicorn-13181.exe
3104	1840	WerFault.exe	Unicorn-31308.exe
3268	2844	WerFault.exe	Unicorn-58853.exe
3308	2888	WerFault.exe	Unicorn-47836.exe
3584	2724	WerFault.exe	Unicorn-26638.exe
3556	2620	WerFault.exe	Unicorn-58853.exe
3880	2592	WerFault.exe	Unicorn-43840.exe
3440	1972	WerFault.exe	Unicorn-52979.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exeUnicorn-11259.exeUnicorn-54661.exeUnicorn-25326.exeUnicorn-42482.exeUnicorn-38760.exeUnicorn-57749.exeUnicorn-28876.exeUnicorn-10079.exeUnicorn-57827.exeUnicorn-28492.exeUnicorn-45020.exeUnicorn-44771.exeUnicorn-8569.exeUnicorn-28435.exeUnicorn-18643.exeUnicorn-47786.exeUnicorn-51315.exeUnicorn-2114.exeUnicorn-14921.exeUnicorn-10609.exeUnicorn-26754.exeUnicorn-56089.exeUnicorn-22155.exeUnicorn-10225.exeUnicorn-5627.exeUnicorn-9841.exeUnicorn-25109.exeUnicorn-37915.exeUnicorn-37915.exeUnicorn-57781.exeUnicorn-14504.exeUnicorn-43840.exeUnicorn-43840.exeUnicorn-63513.exeUnicorn-63321.exeUnicorn-43455.exeUnicorn-30457.exeUnicorn-12859.exeUnicorn-43071.exeUnicorn-61676.exeUnicorn-29689.exeUnicorn-44499.exeUnicorn-31500.exeUnicorn-60835.exeUnicorn-47836.exeUnicorn-16041.exeUnicorn-31308.exeUnicorn-60643.exeUnicorn-11442.exeUnicorn-31308.exeUnicorn-31635.exeUnicorn-27337.exeUnicorn-54302.exeUnicorn-53363.exeUnicorn-40404.exeUnicorn-52979.exeUnicorn-43742.exeUnicorn-52979.exeUnicorn-52979.exeUnicorn-52979.exeUnicorn-10685.exeUnicorn-23492.exeUnicorn-25761.exe

pid	process
2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
2188	Unicorn-11259.exe
2588	Unicorn-54661.exe
2496	Unicorn-25326.exe
2260	Unicorn-42482.exe
2396	Unicorn-38760.exe
2668	Unicorn-57749.exe
2432	Unicorn-28876.exe
2636	Unicorn-10079.exe
376	Unicorn-57827.exe
928	Unicorn-28492.exe
2272	Unicorn-45020.exe
2000	Unicorn-44771.exe
2876	Unicorn-8569.exe
2896	Unicorn-28435.exe
2480	Unicorn-18643.exe
692	Unicorn-47786.exe
528	Unicorn-51315.exe
760	Unicorn-2114.exe
2568	Unicorn-14921.exe
2776	Unicorn-10609.exe
1464	Unicorn-26754.exe
968	Unicorn-56089.exe
1948	Unicorn-22155.exe
1852	Unicorn-10225.exe
1988	Unicorn-5627.exe
1644	Unicorn-9841.exe
572	Unicorn-25109.exe
1432	Unicorn-37915.exe
900	Unicorn-37915.exe
1524	Unicorn-57781.exe
2492	Unicorn-14504.exe
2756	Unicorn-43840.exe
2592	Unicorn-43840.exe
2388	Unicorn-63513.exe
2148	Unicorn-63321.exe
2936	Unicorn-43455.exe
2912	Unicorn-30457.exe
2044	Unicorn-12859.exe
780	Unicorn-43071.exe
812	Unicorn-61676.exe
1468	Unicorn-29689.exe
1576	Unicorn-44499.exe
1164	Unicorn-31500.exe
1264	Unicorn-60835.exe
2888	Unicorn-47836.exe
2152	Unicorn-16041.exe
2196	Unicorn-31308.exe
1960	Unicorn-60643.exe
2224	Unicorn-11442.exe
1840	Unicorn-31308.exe
2112	Unicorn-31635.exe
804	Unicorn-27337.exe
2052	Unicorn-54302.exe
2976	Unicorn-53363.exe
1596	Unicorn-40404.exe
300	Unicorn-52979.exe
888	Unicorn-43742.exe
2960	Unicorn-52979.exe
1504	Unicorn-52979.exe
1972	Unicorn-52979.exe
2416	Unicorn-10685.exe
2440	Unicorn-23492.exe
2864	Unicorn-25761.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exeUnicorn-11259.exeUnicorn-54661.exeUnicorn-25326.exeUnicorn-42482.exeUnicorn-38760.exeUnicorn-57749.exeUnicorn-28876.exe

description	pid	process	target process
PID 2340 wrote to memory of 2188	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-11259.exe
PID 2340 wrote to memory of 2188	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-11259.exe
PID 2340 wrote to memory of 2188	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-11259.exe
PID 2340 wrote to memory of 2188	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-11259.exe
PID 2188 wrote to memory of 2496	2188	Unicorn-11259.exe	Unicorn-25326.exe
PID 2188 wrote to memory of 2496	2188	Unicorn-11259.exe	Unicorn-25326.exe
PID 2188 wrote to memory of 2496	2188	Unicorn-11259.exe	Unicorn-25326.exe
PID 2188 wrote to memory of 2496	2188	Unicorn-11259.exe	Unicorn-25326.exe
PID 2340 wrote to memory of 2588	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-54661.exe
PID 2340 wrote to memory of 2588	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-54661.exe
PID 2340 wrote to memory of 2588	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-54661.exe
PID 2340 wrote to memory of 2588	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	Unicorn-54661.exe
PID 2340 wrote to memory of 2676	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	WerFault.exe
PID 2340 wrote to memory of 2676	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	WerFault.exe
PID 2340 wrote to memory of 2676	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	WerFault.exe
PID 2340 wrote to memory of 2676	2340	c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe	WerFault.exe
PID 2588 wrote to memory of 2260	2588	Unicorn-54661.exe	Unicorn-42482.exe
PID 2588 wrote to memory of 2260	2588	Unicorn-54661.exe	Unicorn-42482.exe
PID 2588 wrote to memory of 2260	2588	Unicorn-54661.exe	Unicorn-42482.exe
PID 2588 wrote to memory of 2260	2588	Unicorn-54661.exe	Unicorn-42482.exe
PID 2496 wrote to memory of 2668	2496	Unicorn-25326.exe	Unicorn-57749.exe
PID 2496 wrote to memory of 2668	2496	Unicorn-25326.exe	Unicorn-57749.exe
PID 2496 wrote to memory of 2668	2496	Unicorn-25326.exe	Unicorn-57749.exe
PID 2496 wrote to memory of 2668	2496	Unicorn-25326.exe	Unicorn-57749.exe
PID 2188 wrote to memory of 2396	2188	Unicorn-11259.exe	Unicorn-38760.exe
PID 2188 wrote to memory of 2396	2188	Unicorn-11259.exe	Unicorn-38760.exe
PID 2188 wrote to memory of 2396	2188	Unicorn-11259.exe	Unicorn-38760.exe
PID 2188 wrote to memory of 2396	2188	Unicorn-11259.exe	Unicorn-38760.exe
PID 2188 wrote to memory of 2256	2188	Unicorn-11259.exe	WerFault.exe
PID 2188 wrote to memory of 2256	2188	Unicorn-11259.exe	WerFault.exe
PID 2188 wrote to memory of 2256	2188	Unicorn-11259.exe	WerFault.exe
PID 2188 wrote to memory of 2256	2188	Unicorn-11259.exe	WerFault.exe
PID 2260 wrote to memory of 2432	2260	Unicorn-42482.exe	Unicorn-28876.exe
PID 2260 wrote to memory of 2432	2260	Unicorn-42482.exe	Unicorn-28876.exe
PID 2260 wrote to memory of 2432	2260	Unicorn-42482.exe	Unicorn-28876.exe
PID 2260 wrote to memory of 2432	2260	Unicorn-42482.exe	Unicorn-28876.exe
PID 2588 wrote to memory of 2636	2588	Unicorn-54661.exe	Unicorn-10079.exe
PID 2588 wrote to memory of 2636	2588	Unicorn-54661.exe	Unicorn-10079.exe
PID 2588 wrote to memory of 2636	2588	Unicorn-54661.exe	Unicorn-10079.exe
PID 2588 wrote to memory of 2636	2588	Unicorn-54661.exe	Unicorn-10079.exe
PID 2396 wrote to memory of 2272	2396	Unicorn-38760.exe	Unicorn-45020.exe
PID 2396 wrote to memory of 2272	2396	Unicorn-38760.exe	Unicorn-45020.exe
PID 2396 wrote to memory of 2272	2396	Unicorn-38760.exe	Unicorn-45020.exe
PID 2396 wrote to memory of 2272	2396	Unicorn-38760.exe	Unicorn-45020.exe
PID 2668 wrote to memory of 928	2668	Unicorn-57749.exe	Unicorn-28492.exe
PID 2668 wrote to memory of 928	2668	Unicorn-57749.exe	Unicorn-28492.exe
PID 2668 wrote to memory of 928	2668	Unicorn-57749.exe	Unicorn-28492.exe
PID 2668 wrote to memory of 928	2668	Unicorn-57749.exe	Unicorn-28492.exe
PID 2496 wrote to memory of 376	2496	Unicorn-25326.exe	Unicorn-57827.exe
PID 2496 wrote to memory of 376	2496	Unicorn-25326.exe	Unicorn-57827.exe
PID 2496 wrote to memory of 376	2496	Unicorn-25326.exe	Unicorn-57827.exe
PID 2496 wrote to memory of 376	2496	Unicorn-25326.exe	Unicorn-57827.exe
PID 2588 wrote to memory of 1276	2588	Unicorn-54661.exe	WerFault.exe
PID 2588 wrote to memory of 1276	2588	Unicorn-54661.exe	WerFault.exe
PID 2588 wrote to memory of 1276	2588	Unicorn-54661.exe	WerFault.exe
PID 2588 wrote to memory of 1276	2588	Unicorn-54661.exe	WerFault.exe
PID 2496 wrote to memory of 2872	2496	Unicorn-25326.exe	WerFault.exe
PID 2496 wrote to memory of 2872	2496	Unicorn-25326.exe	WerFault.exe
PID 2496 wrote to memory of 2872	2496	Unicorn-25326.exe	WerFault.exe
PID 2496 wrote to memory of 2872	2496	Unicorn-25326.exe	WerFault.exe
PID 2432 wrote to memory of 2000	2432	Unicorn-28876.exe	Unicorn-44771.exe
PID 2432 wrote to memory of 2000	2432	Unicorn-28876.exe	Unicorn-44771.exe
PID 2432 wrote to memory of 2000	2432	Unicorn-28876.exe	Unicorn-44771.exe
PID 2432 wrote to memory of 2000	2432	Unicorn-28876.exe	Unicorn-44771.exe

C:\Users\Admin\AppData\Local\Temp\c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe
"C:\Users\Admin\AppData\Local\Temp\c19937128ee3d8fa633d76ec22dd7550a3b288dbc5e4ef1d6f97b3e690fec0c3.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2340

C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2496

C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2668

C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:928

C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2114.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:760

C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57781.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1524

C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47836.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2888

C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
9⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2416

C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13861.exe
10⤵
PID:4068

C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-990.exe
11⤵
PID:4196

C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51492.exe
12⤵
PID:6888

C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13728.exe
13⤵
PID:10420

C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
14⤵
PID:12904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10420 -s 216
14⤵
PID:1460

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6888 -s 216
13⤵
PID:9992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4196 -s 236
12⤵
PID:8880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2416 -s 216
10⤵
PID:4360

C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46399.exe
9⤵
PID:2244

C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27669.exe
10⤵
PID:4836

C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38967.exe
11⤵
PID:5896

C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26833.exe
12⤵
PID:8040

C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2569.exe
13⤵
PID:2752

C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53531.exe
14⤵
PID:14212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8040 -s 216
13⤵
PID:12008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5896 -s 216
12⤵
PID:9660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4836 -s 216
11⤵
PID:7420

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2244 -s 236
10⤵
PID:5540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2888 -s 220
9⤵
- Program crash
PID:3308

C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
8⤵
PID:1556

C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
9⤵
PID:240

C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63571.exe
10⤵
PID:4028

C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
11⤵
PID:5964

C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60574.exe
12⤵
PID:8016

C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35107.exe
13⤵
PID:11032

C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10500.exe
14⤵
PID:8512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8016 -s 216
13⤵
PID:11436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5964 -s 216
12⤵
PID:9668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4028 -s 236
11⤵
PID:6852

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 240 -s 236
10⤵
PID:5064

C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52917.exe
9⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14934.exe
10⤵
PID:5464

C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17539.exe
11⤵
PID:8164

C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35242.exe
12⤵
PID:10776

C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
12⤵
PID:11044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8164 -s 220
12⤵
PID:12556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5464 -s 216
11⤵
PID:9464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3236 -s 216
10⤵
PID:7140

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1556 -s 240
9⤵
PID:5164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1524 -s 240
8⤵
- Program crash
PID:2652

C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11442.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2224

C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29326.exe
8⤵
PID:2016

C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17915.exe
9⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22304.exe
9⤵
PID:3156

C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26237.exe
10⤵
PID:4908

C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63791.exe
11⤵
PID:8152

C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18091.exe
12⤵
PID:11100

C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42805.exe
13⤵
PID:12640

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11100 -s 216
13⤵
PID:8120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8152 -s 220
12⤵
PID:11840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4908 -s 216
11⤵
PID:9144

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3156 -s 216
10⤵
PID:6924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2016 -s 240
9⤵
PID:4776

C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
8⤵
PID:1368

C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12785.exe
9⤵
PID:4728

C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13367.exe
10⤵
PID:5876

C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56921.exe
11⤵
PID:8448

C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36239.exe
12⤵
PID:12104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8448 -s 216
12⤵
PID:13016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5876 -s 216
11⤵
PID:10008

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4728 -s 216
10⤵
PID:7800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1368 -s 236
9⤵
PID:5996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2224 -s 240
8⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 760 -s 240
7⤵
- Program crash
PID:1676

C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:900

C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:1840

C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28449.exe
8⤵
PID:1616

C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64427.exe
9⤵
PID:1940

C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
10⤵
PID:4512

C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51312.exe
11⤵
PID:5176

C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49510.exe
12⤵
PID:7976

C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47810.exe
13⤵
PID:11004

C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58726.exe
14⤵
PID:12444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11004 -s 216
14⤵
PID:964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7976 -s 216
13⤵
PID:11816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5176 -s 216
12⤵
PID:8944

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4512 -s 236
11⤵
PID:6172

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1940 -s 216
10⤵
PID:4996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1616 -s 216
9⤵
- Program crash
PID:3764

C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47442.exe
8⤵
PID:2564

C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45266.exe
9⤵
PID:4808

C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14026.exe
10⤵
PID:5452

C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16198.exe
11⤵
PID:8656

C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36714.exe
12⤵
PID:11604

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8656 -s 236
12⤵
PID:13120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5452 -s 216
11⤵
PID:10044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4808 -s 216
10⤵
PID:7872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2564 -s 216
9⤵
PID:5512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1840 -s 240
8⤵
- Program crash
PID:3104

C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
7⤵
PID:2128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2128 -s 220
8⤵
- Program crash
PID:1784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 900 -s 240
7⤵
- Program crash
PID:2748

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 928 -s 240
6⤵
- Program crash
PID:2540

C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47786.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:692

C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9841.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1644

C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29689.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1468

C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5646.exe
8⤵
PID:1844

C:\Users\Admin\AppData\Local\Temp\Unicorn-49980.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49980.exe
9⤵
PID:3964

C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62121.exe
10⤵
PID:4976

C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-646.exe
11⤵
PID:7100

C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30366.exe
12⤵
PID:10464

C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58949.exe
13⤵
PID:4156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10464 -s 216
13⤵
PID:7928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7100 -s 216
12⤵
PID:11120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4976 -s 236
11⤵
PID:8936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3964 -s 216
10⤵
PID:6648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1844 -s 236
9⤵
PID:5036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1468 -s 216
8⤵
- Program crash
PID:3840

C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
7⤵
PID:2844

C:\Users\Admin\AppData\Local\Temp\Unicorn-33675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33675.exe
8⤵
PID:2956

C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26818.exe
9⤵
PID:4644

C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55163.exe
10⤵
PID:6268

C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33979.exe
11⤵
PID:9212

C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36955.exe
12⤵
PID:11692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9212 -s 236
12⤵
PID:12820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6268 -s 220
11⤵
PID:9224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4644 -s 216
10⤵
PID:8132

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2956 -s 236
9⤵
PID:6136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2844 -s 236
8⤵
- Program crash
PID:3268

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1644 -s 240
7⤵
- Program crash
PID:1892

C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44499.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1576

C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:300

C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-343.exe
8⤵
PID:1520

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1520 -s 220
9⤵
PID:5100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 300 -s 236
8⤵
PID:3836

C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44754.exe
7⤵
PID:2900

C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63431.exe
8⤵
PID:4364

C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64213.exe
9⤵
PID:5424

C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64679.exe
10⤵
PID:8452

C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16659.exe
11⤵
PID:10908

C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40402.exe
12⤵
PID:13392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8452 -s 220
11⤵
PID:11508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5424 -s 216
10⤵
PID:9912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4364 -s 216
9⤵
PID:7752

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2900 -s 216
8⤵
PID:5508

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1576 -s 220
7⤵
- Program crash
PID:3876

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 692 -s 240
6⤵
- Program crash
PID:1292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2668 -s 240
5⤵
- Loads dropped DLL
- Program crash
PID:1128

C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:376

C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18643.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2480

C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10225.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1852

C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12859.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2044

C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43742.exe
8⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:888

C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-24246.exe
9⤵
PID:3080

C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
10⤵
PID:3652

C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15536.exe
11⤵
PID:6084

C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21296.exe
12⤵
PID:7572

C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3259.exe
13⤵
PID:11000

C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16963.exe
14⤵
PID:8028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11000 -s 216
14⤵
PID:14176

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7572 -s 216
13⤵
PID:12276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6084 -s 216
12⤵
PID:9480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3652 -s 216
11⤵
PID:6548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3080 -s 216
10⤵
PID:4960

C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12678.exe
9⤵
PID:3804

C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46564.exe
10⤵
PID:5268

C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17975.exe
11⤵
PID:8556

C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18880.exe
12⤵
PID:10408

C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18716.exe
13⤵
PID:8728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8556 -s 216
12⤵
PID:11892

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5268 -s 216
11⤵
PID:9932

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3804 -s 236
10⤵
PID:7124

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 888 -s 240
9⤵
PID:4740

C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37052.exe
8⤵
PID:3096

C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64531.exe
9⤵
PID:3752

C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47742.exe
10⤵
PID:5860

C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15691.exe
11⤵
PID:7496

C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
12⤵
PID:10684

C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44149.exe
13⤵
PID:5528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10684 -s 216
13⤵
PID:5928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7496 -s 216
12⤵
PID:11472

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5860 -s 216
11⤵
PID:7540

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3752 -s 236
10⤵
PID:6516

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3096 -s 236
9⤵
PID:4660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2044 -s 240
8⤵
- Program crash
PID:3824

C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23492.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2440

C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
8⤵
PID:1584

C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14863.exe
9⤵
PID:3312

C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59070.exe
10⤵
PID:5432

C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-21244.exe
11⤵
PID:7412

C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62169.exe
12⤵
PID:10356

C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11528.exe
13⤵
PID:2792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10356 -s 216
13⤵
PID:13468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7412 -s 216
12⤵
PID:12028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5432 -s 216
11⤵
PID:8312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3312 -s 216
10⤵
PID:6296

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1584 -s 236
9⤵
PID:4172

C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28547.exe
8⤵
PID:3344

C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-57918.exe
9⤵
PID:5664

C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30730.exe
10⤵
PID:8044

C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64463.exe
11⤵
PID:10764

C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34015.exe
12⤵
PID:12976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10764 -s 216
12⤵
PID:14128

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8044 -s 216
11⤵
PID:12212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5664 -s 216
10⤵
PID:9292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3344 -s 216
9⤵
PID:6572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2440 -s 220
8⤵
PID:4352

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1852 -s 240
7⤵
- Program crash
PID:2172

C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43071.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:780

C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
7⤵
- Executes dropped EXE
PID:2656

C:\Users\Admin\AppData\Local\Temp\Unicorn-53524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53524.exe
8⤵
PID:3216

C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48541.exe
9⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64699.exe
10⤵
PID:7524

C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53700.exe
11⤵
PID:10672

C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32940.exe
12⤵
PID:13100

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10672 -s 216
12⤵
PID:7236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7524 -s 216
11⤵
PID:11464

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 236
10⤵
PID:8360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3216 -s 236
9⤵
PID:7004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2656 -s 236
8⤵
PID:4932

C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4380.exe
7⤵
PID:3112

C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30816.exe
8⤵
PID:3372

C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46097.exe
9⤵
PID:5972

C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50008.exe
10⤵
PID:7724

C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
11⤵
PID:10756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
12⤵
PID:13208

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10756 -s 216
12⤵
PID:7372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7724 -s 216
11⤵
PID:11556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5972 -s 216
10⤵
PID:8620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3372 -s 216
9⤵
PID:6868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3112 -s 236
8⤵
PID:4948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 240
7⤵
- Program crash
PID:3756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2480 -s 240
6⤵
- Program crash
PID:2216

C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-5627.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61676.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:812

C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1504

C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17256.exe
8⤵
PID:2624

C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46462.exe
9⤵
PID:3388

C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-850.exe
10⤵
PID:5256

C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
11⤵
PID:7244

C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62278.exe
12⤵
PID:10476

C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36215.exe
13⤵
PID:13236

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10476 -s 216
13⤵
PID:13872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7244 -s 220
12⤵
PID:12084

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5256 -s 216
11⤵
PID:8212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3388 -s 236
10⤵
PID:6240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2624 -s 236
9⤵
PID:5080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1504 -s 216
8⤵
- Program crash
PID:3468

C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12465.exe
7⤵
PID:608

C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29441.exe
8⤵
PID:3708

C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48126.exe
9⤵
PID:5804

C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25297.exe
10⤵
PID:8108

C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65309.exe
11⤵
PID:10388

C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37791.exe
12⤵
PID:13928

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8108 -s 216
11⤵
PID:11664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5804 -s 216
10⤵
PID:9572

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3708 -s 236
9⤵
PID:6744

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 608 -s 236
8⤵
PID:4468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 812 -s 220
7⤵
- Program crash
PID:3264

C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56357.exe
6⤵
- Executes dropped EXE
PID:2580

C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33867.exe
7⤵
PID:784

C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47235.exe
8⤵
PID:3984

C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64820.exe
9⤵
PID:5604

C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36532.exe
10⤵
PID:8756

C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31921.exe
11⤵
PID:10364

C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41030.exe
12⤵
PID:9064

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8756 -s 220
11⤵
PID:12400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5604 -s 220
10⤵
PID:10056

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3984 -s 216
9⤵
PID:7224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 784 -s 216
8⤵
PID:5280

C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13145.exe
7⤵
PID:3192

C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32532.exe
8⤵
PID:5412

C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2131.exe
9⤵
PID:8640

C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46913.exe
10⤵
PID:11024

C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52239.exe
11⤵
PID:8916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8640 -s 216
10⤵
PID:12332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5412 -s 216
9⤵
PID:9976

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3192 -s 216
8⤵
PID:6800

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 240
7⤵
PID:5156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 240
5⤵
- Program crash
PID:2528

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2496 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:2872

C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2396

C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2272

C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51315.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:528

C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25109.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:572

C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31500.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1164

C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
8⤵
PID:2700

C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40390.exe
9⤵
PID:3176

C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44241.exe
10⤵
PID:3588

C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62485.exe
11⤵
PID:5744

C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34311.exe
12⤵
PID:8604

C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31537.exe
13⤵
PID:10964

C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31033.exe
14⤵
PID:8324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8604 -s 220
13⤵
PID:12416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5744 -s 220
12⤵
PID:9948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3588 -s 216
11⤵
PID:7620

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3176 -s 216
10⤵
PID:5340

C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43399.exe
9⤵
PID:3904

C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13585.exe
10⤵
PID:5852

C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-59365.exe
11⤵
PID:8852

C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56612.exe
12⤵
PID:11284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8852 -s 216
12⤵
PID:12596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5852 -s 216
11⤵
PID:10108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3904 -s 216
10⤵
PID:7428

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2700 -s 240
9⤵
PID:5580

C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20524.exe
8⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46576.exe
9⤵
PID:3644

C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
10⤵
PID:5836

C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61679.exe
11⤵
PID:8084

C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
12⤵
PID:11136

C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25670.exe
13⤵
PID:12828

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11136 -s 216
13⤵
PID:8188

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8084 -s 216
12⤵
PID:11904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5836 -s 216
11⤵
PID:8996

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3644 -s 236
10⤵
PID:6668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3184 -s 236
9⤵
PID:4584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1164 -s 240
8⤵
- Program crash
PID:3892

C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
7⤵
PID:1572

C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48091.exe
8⤵
PID:1716

C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48740.exe
9⤵
PID:4244

C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62101.exe
10⤵
PID:5892

C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23164.exe
11⤵
PID:7860

C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
12⤵
PID:10248

C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14050.exe
13⤵
PID:13152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10248 -s 216
13⤵
PID:13588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7860 -s 216
12⤵
PID:12012

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5892 -s 216
11⤵
PID:8552

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4244 -s 216
10⤵
PID:7644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1716 -s 236
9⤵
PID:5232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1572 -s 236
8⤵
- Program crash
PID:3780

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 572 -s 240
7⤵
- Program crash
PID:1532

C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60835.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1264

C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2960

C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22688.exe
8⤵
PID:1216

C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27498.exe
9⤵
PID:4320

C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36116.exe
10⤵
PID:6160

C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32286.exe
11⤵
PID:10532

C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28389.exe
12⤵
PID:12972

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10532 -s 216
12⤵
PID:13272

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6160 -s 236
11⤵
PID:11312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4320 -s 236
10⤵
PID:9044

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1216 -s 236
9⤵
PID:6908

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2960 -s 216
8⤵
PID:4760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1264 -s 216
7⤵
- Program crash
PID:3664

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 528 -s 240
6⤵
- Program crash
PID:2208

C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37915.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1432

C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16041.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2152

C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10685.exe
7⤵
- Executes dropped EXE
PID:2408

C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40774.exe
8⤵
PID:1988

C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14287.exe
9⤵
PID:3452

C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42350.exe
10⤵
PID:5500

C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34643.exe
11⤵
PID:8012

C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36124.exe
12⤵
PID:10952

C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10569.exe
13⤵
PID:7416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10952 -s 216
13⤵
PID:14300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8012 -s 216
12⤵
PID:12284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5500 -s 216
11⤵
PID:9416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3452 -s 216
10⤵
PID:6348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1988 -s 236
9⤵
PID:4292

C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10566.exe
8⤵
PID:3504

C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32257.exe
9⤵
PID:6044

C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2354.exe
10⤵
PID:7932

C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20250.exe
11⤵
PID:10680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10680 -s 208
12⤵
PID:13340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7932 -s 220
11⤵
PID:10512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6044 -s 216
10⤵
PID:9380

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3504 -s 216
9⤵
PID:7052

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2408 -s 240
8⤵
PID:4268

C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62818.exe
7⤵
PID:2352

C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32243.exe
8⤵
PID:3336

C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1587.exe
9⤵
PID:5788

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5788 -s 220
10⤵
PID:7592

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3336 -s 216
9⤵
PID:7336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2352 -s 236
8⤵
PID:5300

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2152 -s 220
7⤵
- Program crash
PID:4048

C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56165.exe
6⤵
PID:2964

C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48667.exe
7⤵
PID:1932

C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
8⤵
PID:4132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26710.exe
9⤵
PID:6244

C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50380.exe
10⤵
PID:8796

C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4425.exe
11⤵
PID:11408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8796 -s 216
11⤵
PID:13092

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6244 -s 216
10⤵
PID:10284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4132 -s 216
9⤵
PID:8112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1932 -s 236
8⤵
PID:5960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2964 -s 236
7⤵
- Program crash
PID:3512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1432 -s 240
6⤵
- Program crash
PID:1036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2272 -s 240
5⤵
- Program crash
PID:1040

C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14921.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2568

C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41253.exe
5⤵
- Executes dropped EXE
PID:2784

C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31308.exe
6⤵
- Suspicious use of SetWindowsHookEx
PID:2196

C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25761.exe
7⤵
- Suspicious use of SetWindowsHookEx
PID:2864

C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48283.exe
8⤵
PID:1628

C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14531.exe
9⤵
PID:3628

C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48728.exe
10⤵
PID:5188

C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39168.exe
11⤵
PID:7708

C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2761.exe
12⤵
PID:10792

C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-41514.exe
13⤵
PID:7200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10792 -s 216
13⤵
PID:14200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7708 -s 216
12⤵
PID:11948

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5188 -s 216
11⤵
PID:9580

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3628 -s 216
10⤵
PID:7840

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1628 -s 236
9⤵
PID:6020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2864 -s 236
8⤵
- Program crash
PID:3672

C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28225.exe
7⤵
PID:580

C:\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15491.exe
8⤵
PID:4324

C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47737.exe
9⤵
PID:6524

C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50584.exe
10⤵
PID:7672

C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6035.exe
11⤵
PID:10796

C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31295.exe
12⤵
PID:13224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10796 -s 216
12⤵
PID:7400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7672 -s 216
11⤵
PID:11568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6524 -s 236
10⤵
PID:8564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4324 -s 216
9⤵
PID:6232

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 580 -s 236
8⤵
PID:5252

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2196 -s 240
7⤵
- Program crash
PID:3740

C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
6⤵
PID:2620

C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1002.exe
7⤵
PID:600

C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43429.exe
8⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29756.exe
9⤵
PID:6560

C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17132.exe
10⤵
PID:8868

C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50227.exe
11⤵
PID:11536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8868 -s 216
11⤵
PID:13112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6560 -s 216
10⤵
PID:10292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 216
9⤵
PID:8004

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 600 -s 216
8⤵
PID:5568

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2620 -s 236
7⤵
- Program crash
PID:3556

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2784 -s 240
6⤵
- Program crash
PID:2720

C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60643.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1960

C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
6⤵
PID:1452

C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49928.exe
7⤵
PID:2268

C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20103.exe
8⤵
PID:4568

C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53243.exe
9⤵
PID:5856

C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27409.exe
10⤵
PID:8092

C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34557.exe
11⤵
PID:10584

C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16152.exe
12⤵
PID:14152

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8092 -s 216
11⤵
PID:11924

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5856 -s 216
10⤵
PID:9588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4568 -s 216
9⤵
PID:7960

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2268 -s 236
8⤵
PID:5820

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1452 -s 236
7⤵
- Program crash
PID:3476

C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13534.exe
6⤵
PID:2228

C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60577.exe
7⤵
PID:3684

C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31271.exe
8⤵
PID:5560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3684 -s 216
8⤵
PID:6760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2228 -s 216
7⤵
PID:5292

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1960 -s 220
6⤵
- Program crash
PID:3076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2568 -s 240
5⤵
- Program crash
PID:1904

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2396 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2188 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:2256

C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2260

C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2432

C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2000

C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2592

C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
7⤵
PID:2724

C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
8⤵
PID:2992

C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10948.exe
9⤵
PID:4892

C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48344.exe
10⤵
PID:5780

C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46158.exe
11⤵
PID:8236

C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-25808.exe
12⤵
PID:10788

C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3147.exe
13⤵
PID:8692

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8236 -s 216
12⤵
PID:11856

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5780 -s 216
11⤵
PID:9732

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4892 -s 216
10⤵
PID:7848

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2992 -s 216
9⤵
PID:6104

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2724 -s 236
8⤵
- Program crash
PID:3584

C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30529.exe
7⤵
PID:1088

C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13636.exe
8⤵
PID:4968

C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-38583.exe
9⤵
PID:6024

C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
10⤵
PID:8204

C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1308.exe
11⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61998.exe
11⤵
PID:11112

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8204 -s 220
11⤵
PID:12564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6024 -s 216
10⤵
PID:9652

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4968 -s 216
9⤵
PID:7436

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1088 -s 236
8⤵
PID:5588

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2592 -s 220
7⤵
- Program crash
PID:3880

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2000 -s 236
6⤵
- Program crash
PID:1740

C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22155.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1948

C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30457.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13181.exe
7⤵
PID:1356

C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-34443.exe
8⤵
PID:112

C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27586.exe
9⤵
PID:4504

C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58484.exe
10⤵
PID:6764

C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32790.exe
11⤵
PID:8032

C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12340.exe
12⤵
PID:10944

C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-542.exe
13⤵
PID:5496

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10944 -s 216
13⤵
PID:7384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8032 -s 216
12⤵
PID:11756

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6764 -s 216
11⤵
PID:8952

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4504 -s 216
10⤵
PID:7468

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 112 -s 236
9⤵
PID:5824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1356 -s 236
8⤵
- Program crash
PID:3808

C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
7⤵
PID:2328

C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8815.exe
8⤵
PID:5020

C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48785.exe
9⤵
PID:6012

C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63262.exe
10⤵
PID:7984

C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19264.exe
11⤵
PID:11060

C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10884.exe
12⤵
PID:13456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7984 -s 216
11⤵
PID:12204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6012 -s 216
10⤵
PID:9644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5020 -s 236
9⤵
PID:7116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2328 -s 216
8⤵
PID:5048

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2912 -s 240
7⤵
- Program crash
PID:3728

C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9460.exe
6⤵
PID:340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 340 -s 240
7⤵
- Program crash
PID:2212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1948 -s 240
6⤵
- Program crash
PID:1704

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2432 -s 220
5⤵
- Program crash
PID:2572

C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2876

C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10609.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2776

C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14504.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2492

C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31635.exe
7⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2112

C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3638.exe
8⤵
PID:2920

C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42585.exe
9⤵
PID:3432

C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33803.exe
10⤵
PID:4604

C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1471.exe
11⤵
PID:7028

C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2773.exe
12⤵
PID:10028

C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-37872.exe
13⤵
PID:13156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10028 -s 216
13⤵
PID:7080

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7028 -s 216
12⤵
PID:11076

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4604 -s 216
11⤵
PID:8248

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3432 -s 236
10⤵
PID:6400

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2920 -s 216
9⤵
PID:4476

C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29647.exe
8⤵
PID:3460

C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50907.exe
9⤵
PID:4440

C:\Users\Admin\AppData\Local\Temp\Unicorn-48835.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48835.exe
10⤵
PID:6876

C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4222.exe
11⤵
PID:5648

C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13160.exe
12⤵
PID:10272

C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42089.exe
13⤵
PID:13028

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10272 -s 216
13⤵
PID:13372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5648 -s 216
12⤵
PID:12020

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6876 -s 216
11⤵
PID:8220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4440 -s 216
10⤵
PID:7784

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3460 -s 236
9⤵
PID:6356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 240
8⤵
PID:4388

C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-23736.exe
7⤵
PID:2472

C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33177.exe
8⤵
PID:3488

C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29672.exe
9⤵
PID:4260

C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61821.exe
10⤵
PID:6792

C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-18244.exe
11⤵
PID:6996

C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30065.exe
12⤵
PID:10392

C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43189.exe
13⤵
PID:5108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10392 -s 216
13⤵
PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6996 -s 216
12⤵
PID:10504

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6792 -s 236
11⤵
PID:8908

C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14138.exe
10⤵
PID:6364

C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61969.exe
11⤵
PID:10492

C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9364.exe
12⤵
PID:12936

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10492 -s 216
12⤵
PID:7276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6364 -s 216
11⤵
PID:10968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4260 -s 220
10⤵
PID:9088

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3488 -s 236
9⤵
PID:6304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2472 -s 236
8⤵
PID:4456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2492 -s 240
7⤵
- Program crash
PID:3380

C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27337.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:804

C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43026.exe
7⤵
PID:2360

C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64588.exe
8⤵
PID:3540

C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50331.exe
9⤵
PID:4576

C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3967.exe
10⤵
PID:7104

C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35996.exe
11⤵
PID:9984

C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36798.exe
12⤵
PID:13212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9984 -s 216
12⤵
PID:13240

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7104 -s 216
11⤵
PID:10544

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4576 -s 216
10⤵
PID:8384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3540 -s 216
9⤵
PID:6392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2360 -s 236
8⤵
PID:4484

C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11858.exe
7⤵
PID:3604

C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
8⤵
PID:4724

C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58494.exe
9⤵
PID:5552

C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-22780.exe
10⤵
PID:7748

C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-35081.exe
11⤵
PID:10336

C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4258.exe
12⤵
PID:13228

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10336 -s 216
12⤵
PID:13596

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7748 -s 220
11⤵
PID:12156

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5552 -s 216
10⤵
PID:8824

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4724 -s 236
9⤵
PID:6488

C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12116.exe
8⤵
PID:5772

C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53916.exe
9⤵
PID:7548

C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7815.exe
10⤵
PID:10308

C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-19220.exe
11⤵
PID:12912

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10308 -s 216
11⤵
PID:13108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7548 -s 216
10⤵
PID:12036

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5772 -s 216
9⤵
PID:8440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3604 -s 220
8⤵
PID:6688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 804 -s 240
7⤵
PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2776 -s 240
6⤵
- Program crash
PID:980

C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43840.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2756

C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-54302.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2052

C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26306.exe
7⤵
PID:1952

C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-120.exe
8⤵
PID:3572

C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-65268.exe
9⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47218.exe
10⤵
PID:5576

C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33595.exe
11⤵
PID:8260

C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29529.exe
12⤵
PID:11872

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8260 -s 216
12⤵
PID:12896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5576 -s 216
11⤵
PID:9532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4204 -s 216
10⤵
PID:7612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3572 -s 236
9⤵
PID:6108

C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-27613.exe
8⤵
PID:4280

C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45241.exe
9⤵
PID:6476

C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1830.exe
10⤵
PID:8520

C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43025.exe
11⤵
PID:11648

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8520 -s 220
11⤵
PID:12796

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6476 -s 216
10⤵
PID:9920

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4280 -s 216
9⤵
PID:7312

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1952 -s 240
8⤵
PID:6140

C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12927.exe
7⤵
PID:3632

C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43014.exe
8⤵
PID:4696

C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-49283.exe
9⤵
PID:5352

C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-4715.exe
10⤵
PID:7512

C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50187.exe
11⤵
PID:11144

C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-8949.exe
12⤵
PID:12868

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 11144 -s 216
12⤵
PID:13324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7512 -s 216
11⤵
PID:11896

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5352 -s 216
10⤵
PID:8408

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 216
9⤵
PID:6200

C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-6532.exe
8⤵
PID:5396

C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51555.exe
9⤵
PID:7720

C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-2958.exe
10⤵
PID:10876

C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58841.exe
11⤵
PID:7376

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10876 -s 216
11⤵
PID:14136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7720 -s 216
10⤵
PID:12244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5396 -s 216
9⤵
PID:9372

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3632 -s 220
8⤵
PID:6280

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2052 -s 240
7⤵
PID:4616

C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55641.exe
6⤵
PID:1620

C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29398.exe
7⤵
PID:3700

C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48925.exe
8⤵
PID:4304

C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30185.exe
9⤵
PID:7888

C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12532.exe
10⤵
PID:10888

C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-350.exe
11⤵
PID:13244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10888 -s 216
11⤵
PID:7740

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7888 -s 216
10⤵
PID:11724

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4304 -s 236
9⤵
PID:8808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3700 -s 236
8⤵
PID:6984

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1620 -s 236
7⤵
PID:4844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2756 -s 240
6⤵
- Program crash
PID:3404

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2876 -s 240
5⤵
- Program crash
PID:2728

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 240
4⤵
- Loads dropped DLL
- Program crash
PID:3016

C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2896

C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26754.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1464

C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63321.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2148

C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26638.exe
7⤵
PID:868

C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1770.exe
8⤵
PID:1220

C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30567.exe
9⤵
PID:4408

C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31458.exe
10⤵
PID:5308

C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31675.exe
11⤵
PID:9156

C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17282.exe
12⤵
PID:11612

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9156 -s 216
12⤵
PID:12764

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5308 -s 216
11⤵
PID:9328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4408 -s 216
10⤵
PID:7564

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1220 -s 236
9⤵
PID:5900

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 868 -s 216
8⤵
- Program crash
PID:3792

C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47250.exe
7⤵
PID:2884

C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-45969.exe
8⤵
PID:3352

C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11556.exe
9⤵
PID:6080

C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-16818.exe
10⤵
PID:9012

C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-50079.exe
11⤵
PID:11500

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9012 -s 216
11⤵
PID:12736

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6080 -s 216
10⤵
PID:10200

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3352 -s 216
9⤵
PID:7480

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2884 -s 236
8⤵
PID:5844

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2148 -s 220
7⤵
- Program crash
PID:3244

C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-58853.exe
6⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17147.exe
7⤵
PID:2632

C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-46768.exe
8⤵
PID:3296

C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47441.exe
9⤵
PID:5736

C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53584.exe
10⤵
PID:7920

C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
11⤵
PID:10488

C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55113.exe
12⤵
PID:13968

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7920 -s 216
11⤵
PID:11644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5736 -s 216
10⤵
PID:9548

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3296 -s 236
9⤵
PID:6444

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2632 -s 236
8⤵
PID:4376

C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43046.exe
7⤵
PID:3596

C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63476.exe
8⤵
PID:6128

C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3309.exe
9⤵
PID:8340

C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7027.exe
10⤵
PID:11332

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8340 -s 216
10⤵
PID:12632

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6128 -s 220
9⤵
PID:9792

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3596 -s 236
8⤵
PID:6804

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2336 -s 220
7⤵
PID:4224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1464 -s 240
6⤵
- Program crash
PID:2940

C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43455.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2936

C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52979.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17723.exe
7⤵
PID:1608

C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-60616.exe
8⤵
PID:5068

C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-28189.exe
9⤵
PID:6840

C:\Users\Admin\AppData\Local\Temp\Unicorn-29438.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29438.exe
10⤵
PID:8284

C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1993.exe
11⤵
PID:10376

C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-3562.exe
12⤵
PID:14260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8284 -s 216
11⤵
PID:12180

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6840 -s 220
10⤵
PID:9760

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5068 -s 236
9⤵
PID:7992

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1608 -s 216
8⤵
PID:5812

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1972 -s 236
7⤵
- Program crash
PID:3440

C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63394.exe
6⤵
PID:2904

C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-64373.exe
7⤵
PID:4116

C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-61546.exe
8⤵
PID:6728

C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30915.exe
9⤵
PID:8516

C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33322.exe
9⤵
PID:9812

C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36559.exe
10⤵
PID:12916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9812 -s 236
10⤵
PID:6644

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6728 -s 220
9⤵
PID:11016

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4116 -s 216
8⤵
PID:7212

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2904 -s 236
7⤵
PID:6148

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2936 -s 220
6⤵
PID:3356

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2896 -s 240
5⤵
- Program crash
PID:1144

C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-56089.exe
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:968

C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-63513.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2388

C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53363.exe
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2976

C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43877.exe
7⤵
PID:536

C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-31340.exe
8⤵
PID:3688

C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-13527.exe
9⤵
PID:4200

C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-20239.exe
10⤵
PID:6680

C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30723.exe
11⤵
PID:9252

C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-32485.exe
12⤵
PID:12532

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 9252 -s 236
12⤵
PID:13288

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6680 -s 216
11⤵
PID:10560

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4200 -s 216
10⤵
PID:7204

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3688 -s 216
9⤵
PID:6224

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 536 -s 236
8⤵
PID:4548

C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-44147.exe
7⤵
PID:3732

C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-1898.exe
8⤵
PID:4384

C:\Users\Admin\AppData\Local\Temp\Unicorn-17699.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-17699.exe
9⤵
PID:6960

C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-52306.exe
10⤵
PID:10032

C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-39356.exe
11⤵
PID:12964

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10032 -s 216
11⤵
PID:13284

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6960 -s 216
10⤵
PID:11192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4384 -s 216
9⤵
PID:7392

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3732 -s 216
8⤵
PID:6340

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2976 -s 240
7⤵
PID:4308

C:\Users\Admin\AppData\Local\Temp\Unicorn-7675.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-7675.exe
6⤵
PID:1408

C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-14811.exe
7⤵
PID:3768

C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62772.exe
8⤵
PID:4140

C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-33715.exe
9⤵
PID:5212

C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-29085.exe
10⤵
PID:8128

C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-9948.exe
11⤵
PID:2132

C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26138.exe
12⤵
PID:13384

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2132 -s 216
12⤵
PID:14328

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 8128 -s 220
11⤵
PID:11344

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5212 -s 216
10⤵
PID:9108

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4140 -s 236
9⤵
PID:6192

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3768 -s 216
8⤵
PID:4428

C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-42522.exe
7⤵
PID:4160

C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-62817.exe
8⤵
PID:5920

C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48410.exe
9⤵
PID:7452

C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48973.exe
10⤵
PID:10472

C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-36658.exe
11⤵
PID:13264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10472 -s 216
11⤵
PID:7260

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7452 -s 216
10⤵
PID:11688

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5920 -s 216
9⤵
PID:9244

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4160 -s 216
8⤵
PID:6816

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1408 -s 240
7⤵
PID:4676

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2388 -s 240
6⤵
- Program crash
PID:3516

C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
5⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11889.exe
6⤵
PID:1640

C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-30956.exe
7⤵
PID:3796

C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-12593.exe
8⤵
PID:4768

C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-53051.exe
9⤵
PID:6180

C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-47429.exe
10⤵
PID:7192

C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-48046.exe
11⤵
PID:10576

C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-11860.exe
12⤵
PID:956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10576 -s 216
12⤵
PID:7536

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 7192 -s 216
11⤵
PID:11424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6180 -s 236
10⤵
PID:9120

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4768 -s 216
9⤵
PID:6164

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3796 -s 216
8⤵
PID:5360

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1640 -s 236
7⤵
PID:4624

C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-43762.exe
6⤵
PID:3856

C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-26953.exe
7⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-15062.exe
8⤵
PID:6772

C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-55856.exe
9⤵
PID:10344

C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
C:\Users\Admin\AppData\Local\Temp\Unicorn-51323.exe
10⤵
PID:12304

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 10344 -s 216
10⤵
PID:5456

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 6772 -s 216
9⤵
PID:11116

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4876 -s 236
8⤵
PID:8832

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 3856 -s 216
7⤵
PID:6608

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 1596 -s 240
6⤵
PID:5000

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 968 -s 240
5⤵
- Program crash
PID:1708

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2636 -s 240
4⤵
- Program crash
PID:2684

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2588 -s 240
3⤵
- Loads dropped DLL
- Program crash
PID:1276

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 2340 -s 240
2⤵
- Program crash
PID:2676

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Unicorn-28492.exe
Filesize
184KB

MD5
4c38c6ed3ca4ec064626a5390a166f8b

SHA1
2078ccb464c13c2514386ca375da7c6d2e7dd94b

SHA256
1dc5d0e05b175bc59197f08683146773e67b2d262efabbc0aee4ceee8e0d4a1d

SHA512
1361071e6bc861b1f2e864d542b5fc11fde64063a1e58d55c764ff7c2d500aea9d6140ad46996a848afbd1f5ac16da1b2ce230cd898d246942eb6867227c51b8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-38760.exe
Filesize
184KB

MD5
3e807dda68d544561a11614d3a6772c7

SHA1
840cdf4a984608a6fb3ee3fd8220ff3e2b10b1a5

SHA256
43e6770bda56ca0af86794436956ee3d871b1b83a7752a664c06f73aa67c6e44

SHA512
38819f99e68c698854a96851e3aa94ffabab5c9d5c5099f27112d5b4a9fca85e8eb5600e3249a05edd6518555ee233912a639deb32b6c6e609cdddba9760cf2b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-40404.exe
Filesize
184KB

MD5
dfd8a5a4343ba0f2a46d43c538072516

SHA1
ae9ac2c7d28db102b6e5bbc578716e1cd8f74d27

SHA256
ef6af8b824d0ffed28a9777a218fa8cab7643944123d90b0dc77c05b80c9fc1e

SHA512
ee1b855b38b2dc2b2440754beb7630ce93270a9f039e24cb82e867d2b3bec4074b2743e76edae5ba078dbfa11419afe09a52d46045ee2ec2a19725e1575595b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-45020.exe
Filesize
184KB

MD5
fa42a6f94746a7c51ec0f006f78f7d24

SHA1
4f798ae18a96f6497780ef53f7adc8c75c8e7394

SHA256
7fda04f5a65fd11f968bc1592f3f06d5320e59ff7dd8b8f1fa8883f762f103ba

SHA512
98a349b37f8afe54237d671d8886d4b940b3c77bc8b14530e843ad1c9a778e8940fff8326faf50bf2ac33eaa61830b789b4b9c5a184c49043c032eaa36daef41

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-57749.exe
Filesize
184KB

MD5
6f60b572abeeb08457cd6e363340895a

SHA1
d32a69be7691f8c0073cdae4afb75046dc852523

SHA256
082d0231cc843ab9c03bfe401cabeadb0536278c3945ecd28f490f07aabc70c1

SHA512
f563dc5f5889195b29d854108e818cb5397b250128a13f122e75973ee64d099b0c7690cba7c83288734ef17e80efdf7363387fe6108478de38a6ed754254056d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Unicorn-6419.exe
Filesize
184KB

MD5
69de798e8c977b3306460fb688bdad42

SHA1
a828798bf84d7ec9575d006e2728586927186b75

SHA256
4b9ab982ec205ba51990b88dce8dd35a97eca8d34cf4d69f328cb2dbb9d52a2b

SHA512
007a2a12d984e82eeff97e863396d104769f743ba289c497425e722f6075bd8ed3fe0e2f22037f2437e3ad1f93088dcb7d5cebafa89face2da20060086e45961

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-10079.exe
Filesize
184KB

MD5
3f52ee81ae9f32cd1ff65ef312e0ef0c

SHA1
2788568958e031f0e7ddfe9577a2f156a918bd67

SHA256
88981a0454d8bbf0e956b4edd283bb822217b0eb75342d6330e23d91b69a0a8b

SHA512
7c6edd7c835e8ff4b9dc22463b5ee731aac094c4d014fba52e4ed6a89214f329307d13b74c4ac17f89bf5e7599724043b9d91e81e75f95868ce1acbf14042d98

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-11259.exe
Filesize
184KB

MD5
d35ea251e2f01b8f8003658cff51d902

SHA1
fbb8155e966b715e7920188f41c0dd8920fe7b52

SHA256
e6a7f98af1db4ca75a9a0e0edef33c2b5833dbd26437e04c0579d72fb7c11082

SHA512
df202e6745fecd448a270e4ffff6690f6956d6cba7b78272acb0d2c3416c2078e49673258ce1fdd1700c58705ca16cb1d310b0e3c7a9696472b142a4091a3821

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-25326.exe
Filesize
184KB

MD5
2e5fa54dc5dcd859cd382fe319185a23

SHA1
41b62c62e2a45d55dc009e45531aa0748fdc5c06

SHA256
100a1b0c3d1b5235fa7dc15f51c5752e865003454a504318f38b5420bcead55b

SHA512
88d4e763984cf0b2947a9cc3956d1c14fa51309ca726e9bec695342f579d7bd71830c999a67974b37ba63fe7ec64b27be7e4c090796045ab6a3ca470cd505396

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28435.exe
Filesize
184KB

MD5
9f99f826287325af85b04ba2be55255e

SHA1
dbd9e6c221d4ff90545800b9447e4cbba3203b59

SHA256
896a55e33d70a9171d2c300e476469f1278359a63295d34dc4d4fcb3676607b2

SHA512
0156e885c2259d7c746eadfd0ade1fd3c215750e75288e47c5b7480013eb432900631c17c58365598559ad286f8a6932599c45bb3ac77c9949d3514be8449b73

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-28876.exe
Filesize
184KB

MD5
b8c40217526307fab1ab12eb3a9fab76

SHA1
15d7a25cd1c7a5546e276f889aa7c09fc3eec4a8

SHA256
34598bf1c43a6efe70973120b0502c9dd2d7e2000d21223a7a9acbb794e75718

SHA512
dcc9f11fb386ec963f136ddb4d7d34b983f6d2ade4fd5f728676d6345af8de3ee4d49bb74becac01b43994d95c660523540fa615c9b94ee23ea5c526d5020db5

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-42482.exe
Filesize
184KB

MD5
9e13d3c71c7b6d50291cd59d434ccb0b

SHA1
eaa7eb4e42ba06af37949e6f4489fc439c9edd64

SHA256
872c8ab39ebdba9f0e8bfca3baaa0415b8ae4c0a0ab23f2fa0dbf07cc3aba9cb

SHA512
c4676bd6a003aede92f3a2436024da9e6cae76e48b9c7281989f66404a129e4e447e41da08b0feb37764091fd7a4e54d3f312a86173b26d60a3206a041860da2

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-44771.exe
Filesize
184KB

MD5
866d6c83db09fcad9ab6d00a84954f81

SHA1
952e1220202a1047b453dc271d9d8b36f888c639

SHA256
469a0e7b1c87c5a8b7a736d0cfaea303e11deabac7302cccb369386fe57b5dca

SHA512
374adde06d2691b544aa9e6f2dfded8f084b64b0f14033ba665a5058e4a9557306627534a3486889d0c089b2db10a68feeb7817453a856c723b49acb104a2789

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-54661.exe
Filesize
184KB

MD5
82d19018dab11002155a6e21bc5ea1df

SHA1
3237023dfc43cc356da05d5f332cd76a758ad651

SHA256
842430f10fe628efac175194541fb136a7fd1434b097c6f7cb4ba80d6c8ca7b5

SHA512
5caa79778b8ccf2d0c4c33a62bf835350db6577d291f42a2c05fc085d602f028029a3f1a41823385cddaddc3876199ab4d180ea53b3e68b39da414e2e69ed184

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-57827.exe
Filesize
184KB

MD5
239d71b94872ff5fcac0e8dd0f88978d

SHA1
d4cf4e824de789d7cc074568de2fb945ba3782e4

SHA256
eea50b90b5d1fbdeed42990e4ebe05d9b7318469cbdad70079c94d1ed8cabe00

SHA512
10580b077c51e5041570180978dd554b2542a76108dc0483e87f52ae4cdf07042bdf5b11ef0ad3569fe035307851e213a0b4704d61f0ae2f7972cc1cdef4e1dd

Download Submit
\Users\Admin\AppData\Local\Temp\Unicorn-8569.exe
Filesize
184KB

MD5
ba895a865fcad4e4987869aafba88a08

SHA1
e4e8ea7f50d914b8628ab2ab54f20ab3539981d2

SHA256
1328e007cac63cc2b784e11a7ee47d0a65f4c7dc2af90157964ff22cbda14737

SHA512
daac4631653b6893d4fff5a7c6bac63577052722de4c8f5777b7a8c43d68ba759243fc199a61e4fdd47c99820cd9acf63c0091996b40e59a6412e7cbd7769e83

Download Submit
memory/2784-686-0x0000000002900000-0x0000000002A5C000-memory.dmp

Filesize
1.4MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads